📋 Compliance & Policy

Mercor Breach Exposes TeamPCP's LiteLLM Rampage in Real Time

Mercor just admitted it: TeamPCP's LiteLLM poison pill hit hard. Wiz peels back the post-breach playbook, showing how attackers feast on cloud creds.

Sarah Chen 📅 Apr 03, 2026 ⏱️ 4 min read 👁️ 0 views
Visualization of TeamPCP supply chain attack flow from LiteLLM to cloud breaches

⚡ Key Takeaways

  • Mercor confirms first official TeamPCP victim via LiteLLM creds, exposing 4TB data.
  • Wiz reveals TeamPCP's 24-hour cloud enum playbook: IAM, EC2, S3 focus with bold naming.
  • Rotate creds now—supply chain credential theft is active, not theoretical.

🧠 What's your take on this?

Cast your vote and see what Threat Digest readers think

Sarah Chen
Written by

Sarah Chen

AI research editor covering LLMs, benchmarks, and the race between frontier labs. Previously at MIT CSAIL.

#LiteLLM compromise #Mercor breach #TeamPCP campaign #cloud enumeration #supply chain attack

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SANS Internet Storm Center

Related Stories

📬

Stay in the loop

The week's most important stories from Threat Digest, delivered once a week.

No spam. Unsubscribe any time.