TeamPCP compromises the popular LiteLLM AI proxy package with a three-stage credential harvester, Kubernetes lateral movement toolkit, and persistent systemd backdoor. The FCC bans all consumer routers made outside the US. HackerOne discloses employee data breach via third-party Navia hack. Dutch Ministry of Finance confirms breach affecting employees. PTC warns of critical Windchill RCE under imminent exploitation threat.
LiteLLM versions 1.82.7 and 1.82.8 on PyPI were compromised by TeamPCP with a multi-stage payload that harvests credentials, moves laterally through Kubernetes clusters, and establishes persistent backdoors.
The TeamPCP threat group — already responsible for the Trivy and KICS compromises — has now hit LiteLLM, one of the most widely used Python packages for routing LLM API calls across providers. The compromise was likely enabled through LiteLLM's use of Trivy in its CI/CD pipeline, creating a cascading supply-chain attack.
The malicious payload executes a three-stage attack:
.env files from the host systemsysmon.service) that polls checkmarx[.]zone/raw for additional binaries, providing long-term remote accessLiteLLM sits at the heart of AI infrastructure — it's the gateway between applications and LLM providers like OpenAI, Anthropic, and Azure. Compromising LiteLLM means attackers potentially gain access to API keys for every LLM provider an organization uses, plus the sensitive data flowing through those API calls. Organizations running LiteLLM in Kubernetes environments face the additional risk of full cluster compromise.
Both malicious versions have been removed from PyPI, but any system that installed them between publication and removal may be compromised.
pip show litellm and check deployment logssysmon.service systemd unit on all hosts where LiteLLM rancheckmarx[.]zone in network logsThe Federal Communications Commission has updated its Covered List to ban all consumer routers manufactured in foreign countries from sale in the US, citing persistent state-sponsored supply-chain threats.
In one of the most aggressive hardware security actions ever taken by a US regulator, the FCC has effectively banned the sale of new consumer routers made outside the United States. The updated Covered List now includes all consumer routing equipment manufactured in foreign countries, regardless of the brand selling it.
The decision follows years of escalating concerns about state-sponsored backdoors in networking equipment:
While this is a US-specific action, it signals a broader trend toward hardware sovereignty in cybersecurity. The EU's Cyber Resilience Act (CRA) takes a different approach — rather than banning foreign hardware, it mandates security requirements for all connected devices sold in the EU. Both approaches reflect the same underlying reality: the network perimeter starts at the router, and trusting opaque foreign supply chains is no longer acceptable.
For EU organizations subject to NIS2, this is a reminder to audit your network hardware supply chain. Even if the EU doesn't ban foreign routers outright, NIS2 Article 21 supply-chain security requirements mean you need to demonstrate due diligence on the hardware securing your network boundaries.
HackerOne is notifying hundreds of employees that their personal data was stolen after attackers compromised Navia, one of its US benefits administrators.
HackerOne, the world's largest bug bounty platform, has disclosed that employee personal information was compromised through a breach of Navia, a third-party benefits administrator. The irony is not lost on the security community — an organization at the center of vulnerability disclosure is itself a victim of the third-party supply-chain risk it helps others mitigate.
The compromised data reportedly includes:
This breach perfectly illustrates why NIS2 Article 21(2)(d) mandates supply-chain security management. HackerOne's own security posture is strong — they are, after all, the platform where researchers report vulnerabilities in other organizations. But their employees' data was compromised through a benefits provider they likely had limited visibility into. No organization is stronger than its weakest vendor.
The Dutch Ministry of Finance has disclosed a security breach that compromised employee information, the latest in a growing list of European government agencies targeted by threat actors.
The Netherlands Ministry of Finance has confirmed a breach affecting its employees, though details about the attack vector and scope remain limited. This comes at a particularly sensitive time as the Netherlands has been one of the more aggressive EU member states in implementing NIS2 and pushing for stronger government cybersecurity standards.
The breach follows a pattern of EU government institutions being targeted in 2026:
Government entities are squarely within NIS2 scope. The Dutch government has been a vocal proponent of the directive — this breach underscores that even well-resourced government agencies face persistent threats. The incident will likely accelerate the Netherlands' already-aggressive NIS2 implementation timeline and may influence how other member states approach government sector compliance.
PTC Inc. has issued an urgent advisory for a critical RCE vulnerability in Windchill and FlexPLM product lifecycle management systems, warning that exploitation is imminent.
PTC Windchill and FlexPLM are enterprise product lifecycle management (PLM) platforms used by major manufacturers and defense contractors worldwide to manage product designs, engineering data, and supply-chain documentation. A critical remote code execution vulnerability now threatens these environments.
PTC's use of the word "imminent" in their advisory is notable — it suggests either active exploitation attempts have been detected or proof-of-concept code is circulating. For organizations in manufacturing, aerospace, defense, and automotive, this is an emergency patch situation.
Infinite Campus, used by thousands of US school districts to manage student data, is warning customers of a breach after threat group ShinyHunters claims to have stolen student and family records.
Infinite Campus is one of the most widely used student information systems (SIS) in the United States, managing records for millions of K-12 students including grades, attendance, health records, disciplinary records, and family contact information. The ShinyHunters group — known for high-profile breaches including Ticketmaster, AT&T, and Santander — is claiming responsibility.
Student data is particularly sensitive because:
Law Enforcement Win: A Russian national has been sentenced to 81 months (nearly 7 years) in US federal prison for acting as an initial access broker (IAB) for the Yanluowang ransomware group. The sentencing reinforces that the US Department of Justice is successfully pursuing the full ransomware ecosystem — not just the operators deploying ransomware, but the brokers who sell initial access, the affiliates who conduct intrusions, and the money launderers who process payments.
The Yanluowang group gained notoriety for attacking Cisco in 2022 and has targeted enterprises across finance, manufacturing, and technology. This sentencing is part of a broader trend of increasing legal consequences for ransomware participants, which is slowly shifting the risk calculus for cybercriminals.
An ongoing phishing campaign delivers highly obfuscated VBScript files disguised as CVs/resumes to French-speaking corporate environments, deploying a multi-purpose toolkit.
Securonix researchers have uncovered the FAUX#ELEVATE campaign, which targets French-speaking organizations with fake resume documents that deploy a triple-threat payload combining credential theft, data exfiltration, and Monero mining. The campaign is notable for its abuse of legitimate services:
While this campaign currently targets French-speaking environments, similar campaigns targeting German-speaking organizations are likely. HR departments processing applications in multiple languages should be especially vigilant. The attack pattern — weaponized documents sent as job applications — is a well-known vector that consistently succeeds because HR teams must open attachments from unknown senders.
| Threat | Severity | Type | Action Required |
|---|---|---|---|
| LiteLLM Supply-Chain Backdoor | CRITICAL | Supply Chain | Check versions, rotate credentials |
| FCC Foreign Router Ban | CRITICAL | Regulation | Audit network hardware supply chain |
| PTC Windchill/FlexPLM RCE | CRITICAL | Vulnerability | Emergency patch immediately |
| HackerOne/Navia Breach | HIGH | Data Breach | Contact Navia, audit vendor PII |
| Dutch Ministry Breach | HIGH | Data Breach | Monitor for follow-on attacks |
| Infinite Campus / ShinyHunters | HIGH | Data Breach | Contact vendor, freeze student credit |
| FAUX#ELEVATE Resume Phishing | HIGH | Phishing | Block VBScript, sandbox HR attachments |
| Yanluowang IAB Sentenced | INFO | Law Enforcement | Awareness — deterrence signal |
Today's LiteLLM backdoor shows that AI tooling is the new frontline. KENSAI scans your web applications, APIs, and infrastructure for vulnerabilities before attackers find them.
Start Your Free Security Scan →Published by the KENSAI Threat Intelligence Team · March 25, 2026
Stay informed. Stay protected. Read more briefings →