Security Affairs newsletter Round 569 by Pierluigi Paganini – INTERNATIONAL EDITION

Key Points:

• TeamPCP has expanded its supply chain attack, compromising the popular litellm Python package on PyPI, impacting millions of users.
• The attack could lead to the distribution of malicious code, potentially affecting enterprise environments and leading to data breaches or system compromises.
• Organizations should immediately audit their dependencies, implement strict package management policies, and monitor for unusual activity related to the litellm package.

Technical Details: The ongoing supply chain attack involves the exploitation of vulnerabilities in widely used software packages, including Trivy and Checkmarx GitHub Actions. This highlights the risk associated with third-party libraries and their potential to introduce malicious code into trusted environments.

MITRE ATT&CK Techniques:

• T1190 - Exploit Public-Facing Application (Initial Access)
• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)

IOCs Mentioned: None mentioned