Supply Chain Attack by TeamPCP Targets Developer Workstations via LiteLLM

In March 2026, the threat actor TeamPCP executed a supply chain attack targeting developer workstations, exploiting their role as central hubs for credential management, testing, and storage across services, build tools, and local AI agents. The attack specifically leveraged LiteLLM, a tool used in developer environments, to turn machines into unintended credential vaults for attackers. No CVE IDs or additional technical details about the exploit mechanism were provided in the available content. The incident underscores the high-value nature of developer machines due to their access to cached, reused, and generated credentials. The attack highlights risks associated with supply chain compromises in enterprise infrastructure.