Together With ![1Password]() |
TLDR Information Security 2026-03-26 |
Secure access across humans, AI agents, and machine identities (Sponsor)
Legacy IAM tools like PAM and SSO can't manage access from the ever-growing sprawl of identities, SaaS apps, and AI agents.That's why 1Password created Unified Access. This is the solution designed to help reduce endpoint blind spots, credential sprawl, and accountability gaps. Unified Access is a comprehensive solution for shadow AI discovery, secure vaulting, and context-aware authorization. Learn how it gives you visibility and control over all access, whether from humans, agents, or machine identities. Explore the solution. |
|
|
| Attacks & Vulnerabilities |
Popular LiteLLM PyPI Package Backdoored to Steal Credentials and Auth Tokens (2 minute read)
The TeamPCP hacking group, which was responsible for the recent supply chain compromise of Trivy, claimed responsibility for a supply chain compromise of the LiteLLM PyPI package. The malicious updates download a ‘.pth' file, which Python runs on every interpreter startup to download the CloudStealer payload. The stealer attempts to steal credentials such as cloud access keys, Kubernetes service account tokens, SSH keys, cryptocurrency wallet data, and database credentials, then attempts lateral movement to Kubernetes clusters and installs a persistence script via systemd. |
TP-Link Warns Users to Patch Critical Router Auth Bypass Flaw (2 minute read)
TP-Link has patched several vulnerabilities in its Archer NX router series, including an authentication bypass that could allow attackers to upload arbitrary firmware. The flaw stems from a missing authentication check in the HTTP server for certain CGI endpoints. Other patched flaws include removing a hardcoded cryptographic key and patching two command-execution vulnerabilities that required admin privileges. |
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials (4 minute read)
TeamPCP, the group behind the Trivy supply chain attack (CVE-2026-33634, CVSS 9.4), compromised two Checkmarx GitHub Actions, checkmarx/ast-github-action and checkmarx/kics-github-action, by reusing credentials stolen from the Trivy breach four days earlier. The "TeamPCP Cloud stealer" harvests SSH keys, AWS/GCP/Azure creds, Kubernetes configs, Docker secrets, and crypto wallet data, exfiltrating them as an encrypted archive to checkmarx[.]zone. Trojanized Open VSX extensions for VS Code were also pushed. |
|
Fake install logs in npm packages load RAT (5 minute read)
Researchers found a cluster of malicious npm packages, dubbed the "Ghost campaign," that has been active since early February. Published by a single npm user, the packages display fake installation logs with random delays and a progress bar to disguise malicious activity. During this fake process, users are prompted to enter their sudo password under the guise of fixing installation errors. That password is then used to execute a final-stage RAT that steals crypto wallets and sensitive data. Other research links a related package to the same techniques, suggesting this may have been an early test run of a broader campaign. |
Pentest of a 100% vibe-encoded app: complete security analysis of an AI-generated app (4 minute read)
A web app built entirely with Claude Opus 4.6 was pentested in grey-box mode with standard user credentials. Critical findings came fast: an LFI via an unfiltered full_path parameter exposed /etc/passwd and opened the door to RCE. An IDOR on /employee/{guid} lets any user pull other employees' emails, roles, and password hashes by harvesting GUIDs from a public leaderboard API. The front-end ran Vite 5.4.10, carrying three known CVEs. AI-generated code ended up skipping input validation, weak access controls, and dependency checks. |
The LiteLLM Supply Chain Attack: A Complete Technical Breakdown Of The AI Ecosystem's Darkest Hour (9 minute read)
TeamPCP exploited a `pull_request_target` GitHub Actions misconfiguration in Aqua Security's Trivy scanner on February 27 to steal a privileged PAT, rewrote 75 of 76 mutable version tags in the trivy-action repo to deliver credential-stealing code, and ultimately harvested LiteLLM's PyPI publish token from its unpinned CI/CD pipeline to push malicious versions 1.82.7 and 1.82.8 (97M monthly downloads). The v1.82.8 payload used a `.pth` file in site-packages to trigger a double base64-encoded infostealer on every Python interpreter startup, targeting SSH keys, AWS/GCP/Azure credentials, CI/CD secrets, and crypto wallets, with stolen data AES-256 and RSA-4096 encrypted before exfiltration to `models.litellm.cloud`. Defenders should pin all GitHub Actions to immutable commit hashes, enforce strict lockfiles (Poetry or uv), scope CI/CD tokens to least privilege, and treat any environment that ran Python between 09:00 and 13:30 UTC on March 24 as fully compromised, requiring full credential rotation. |
|
Caterpillar (GitHub Repo)
Caterpillar is a security scanner for AI skills that scans for anti-patterns in those skills before a user downloads them. |
Escape (Product Launch)
Escape is launching an offensive security platform that uses automated agents to discover, test, and fix application vulnerabilities within engineering workflows, including attack surface mapping and security testing. |
|
81-Month Sentence for Russian Hacker Behind Major Ransomware Campaigns (2 minute read)
A US federal court sentenced Aleksei Volkov to 81 months in prison for acting as an initial access broker for the Yanluowang ransomware group. He broke into corporate networks, sold that access to ransomware operators, and took a cut of the proceeds. Attacks caused $9M in actual losses and $24M in intended losses. Arrested in Rome in 2024 and extradited, he pleaded guilty in November 2025 to fraud, identity theft, and conspiracy, and must pay $9.1M in restitution. |
Delve did the security compliance on LiteLLM, an AI project hit by malware (3 minute read)
A credential-harvesting malware slipped into LiteLLM (3.4M daily downloads) via a compromised dependency, propagating across downstream packages and accounts before being caught within hours by a FutureSearch researcher whose machine crashed due to a bug in the malware itself. LiteLLM holds SOC 2 and ISO 27001 certifications issued by Delve, a YC-backed compliance startup that has been separately accused of generating fake audit data and rubber-stamping reports. Mandiant has been brought in for forensic review, with technical findings to be shared with the developer community upon completion. |
Electric Motorcycles Don't Have To Be Security Nightmares, But This One Was (2 minute read)
Researchers Persephone Karnstein and Mitchell Marasch presented at BSides Seattle 2026 how they achieved full firmware control over a Zero Motorcycle by exploiting its OTA update mechanism and a VIN validation bypass that accepted any VIN-structured code rather than a registered one. The attack surface extended to the battery management system, enabling a conceptual payload capable of triggering a battery fire, disabling the brakes via OTA, and blocking factory resets that would otherwise reverse the compromise. |
|
Love TLDR? Tell your friends and get rewards! | Share your referral link below with friends to get free TLDR swag! | | |
| Track your referrals here. |
Want to advertise in TLDR?  If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// |
|
|
|
|
, Vibe Code, Real Vulns 
, Google PQC: 2035 → 2029 
