AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack - theregister.com

A widespread supply-chain attack, orchestrated by TeamPCP, injected credential-stealing malware into popular open-source projects like Trivy, KICS, LiteLLM, and Telnyx. This compromise resulted in the exfiltration of credentials and data from over a thousand downstream SaaS environments, with Mercor publicly confirming the theft of 4 TB of its data and source code.