The Leader in Cloud Security Research

A stylized graphic of a digitized harmful actor placing corrupted data in containers

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

Executive Summary A severe malware incident (no formal CVE yet, but tracked as a high‑risk supply chain compromise) was disclosed affecting the widely used Python package LiteLLM (PyPI). Attackers from the TeamPCP threat group trojanized LiteLLM by publishing malicious versions 1.82.7 and 1.82.8, allowing them to harvest credentials and deploy backdoors when the package is …

March 25, 2026
By Roi Nisimi

Latest

‘Orca Watch’ Series
CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm
- March 23, 2026
Discovered Vulnerabilities
Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang's LLM Serving Framework
- March 11, 2026
Thought Leadership
New Malware Approaches, Same Key Indicators
- March 10, 2026
‘Orca Watch’ Series
HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines
- March 04, 2026

All Latest

Discovered Vulnerabilities

A stylized graphic of a pickle smashing into a pipeline

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang's LLM Serving Framework

The Orca Security Research Pod continuously investigates the security posture of widely adopted AI/ML infrastructure. During a focused audit of LLM serving frameworks, I discovered multiple unsafe deserialization vulnerabilities in SGLang, a popular open-source framework for serving large language models and multimodal AI models. These findings were coordinated through CERT/CC (case VU#665416), with additional analysis …

March 11, 2026
By Igor Stepansky

Stylized 3D visualization of an active cybersecurity exploit featuring glowing red computer code fragments and a central target aperture.

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

February 23, 2026

A stylized graphic of a distorted pull request from GitHub on top of ominous clouds

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

February 04, 2026

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

November 10, 2025

A stylized graphic of the word CVE Alert next to a broken cog

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

October 26, 2025

All Discovered Vulnerabilities

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

Latest

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang's LLM Serving Framework

New Malware Approaches, Same Key Indicators

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Explore

Discovered Vulnerabilities

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang's LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

‘Orca Watch’ Series

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access

Critical CVE-2026-1731 Vulnerability in BeyondTrust Remote Support and PRA Exposes Systems to Remote Code Execution

Technical Deep Dives

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks

The Five Most Common AI Model Risks and How to Prevent Them

Thought Leadership

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

New Malware Approaches, Same Key Indicators

The Future of AppSec: AI, Context, and Action

Building Application Security from the Ground Up: An Organizational Approach

Where to Start Your Cloud Security Program: CSPM, CWPP, or Runtime Data? A Modern Guide to CNAPP Maturity

In the News

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2025 State of Cloud Security Report: Hunting threats in the age of relentless risk

Featured

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

Latest

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang's LLM Serving Framework

New Malware Approaches, Same Key Indicators

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Discovered Vulnerabilities

Pickle in the Pipeline: Critical RCE Vulnerabilities in SGLang's LLM Serving Framework

Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments

Hacking GitHub Codespaces via VS Code Defaults: A Supply-Chain Attack Vector

New runC Vulnerabilities Expose Docker and Kubernetes to Container Escape Attacks

CVE-2025-59287 Explained: Critical WSUS RCE Vulnerability Actively Exploited

‘Orca Watch’ Series

Credential‑Stealing Malware in LiteLLM Supply Chain Attack

CanisterWorm: When a CI/CD Breach Became a Self-Spreading npm Worm

HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines

Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access

Critical CVE-2026-1731 Vulnerability in BeyondTrust Remote Support and PRA Exposes Systems to Remote Code Execution

Technical Deep Dives

Post-Exploitation at Scale: The Rise of AILM

Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions

Kubernetes Testing Environment: An Open Source Resilience Platform for EKS, GKE and AKS

Meet AI Goat: The First Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks

The Five Most Common AI Model Risks and How to Prevent Them

Thought Leadership

Beyond the Sticker Price: Understanding the True Cost of Your Security Tools

New Malware Approaches, Same Key Indicators

The Future of AppSec: AI, Context, and Action

Building Application Security from the Ground Up: An Organizational Approach

Where to Start Your Cloud Security Program: CSPM, CWPP, or Runtime Data? A Modern Guide to CNAPP Maturity

The 10 Hottest Cybersecurity Tools And Products Of 2025 (So Far)

From ’Shadow AI’ To Agentic Anarchy, AI-SPM Is Key To Visibility: Experts

Cloud security faces mounting threats, Orca warns

2025 State of Cloud Security Report: Hunting threats in the age of relentless risk