TL;DR

Software supply chain attacks have tripled in the past year. Open-source projects, SaaS platforms, and managed service providers are now force multipliers for attackers — one compromise can hit hundreds of downstream businesses. lilMONSTER's vendor risk assessments, threat intelligence monitoring, and compliance scoping give you visibility into your third-party risk before it becomes your breach.​‌‌‌​​‌‌‍​‌‌‌​‌​‌‍​‌‌‌​​​​‍​‌‌‌​​​​‍​‌‌​‌‌​​‍​‌‌‌‌​​‌‍​​‌​‌‌​‌‍​‌‌​​​‌‌‍​‌‌​‌​​​‍​‌‌​​​​‌‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​‌​‌‍​‌‌​​​‌‌‍​‌‌‌​‌​‌‍​‌‌‌​​‌​‍​‌‌​‌​​‌‍​‌‌‌​‌​​‍​‌‌‌‌​​‌‍​​‌​‌‌​‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌​‌‌​​‍​‌‌​‌‌​‌‍​‌‌​‌‌‌‌‍​‌‌​‌‌‌​‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​‌‌​​‌​‌‍​‌‌‌​​‌​‍​​‌​‌‌​‌‍​‌‌‌​‌‌​‍​‌‌​​‌​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​​‍​‌‌​‌‌‌‌‍​‌‌‌​​‌​‍​​‌​‌‌​‌‍​‌‌‌​​‌​‍​‌‌​‌​​‌‍​‌‌‌​​‌‌‍​‌‌​‌​‌‌‍​​‌​‌‌​‌‍​​‌‌​​‌​‍​​‌‌​​​​‍​​‌‌​​‌​‍​​‌‌​‌‌​

Every piece of software your business depends on was built by someone else. Your CRM, your payment processor, that npm package your dev team pulled last Tuesday. In 2026, attackers are not knocking on your front door. They are walking through your suppliers' back doors.

Red Hat issued an emergency advisory in March 2026 after multiple widely-used open-source tools were compromised simultaneously — LiteLLM, Trivy, Checkmarx GitHub Actions, the Axios JavaScript library, and over two dozen npm packages. Group-IB identified six active attack groups targeting SaaS platforms, open-source ecosystems, and MSPs as primary infection vectors. The ReversingLabs annual report found malware on open-source platforms jumped 73% year over year.​‌‌‌​​‌‌‍​‌‌‌​‌​‌‍​‌‌‌​​​​‍​‌‌‌​​​​‍​‌‌​‌‌​​‍​‌‌‌‌​​‌‍​​‌​‌‌​‌‍​‌‌​​​‌‌‍​‌‌​‌​​​‍​‌‌​​​​‌‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​‌​‌‍​‌‌​​​‌‌‍​‌‌‌​‌​‌‍​‌‌‌​​‌​‍​‌‌​‌​​‌‍​‌‌‌​‌​​‍​‌‌‌‌​​‌‍​​‌​‌‌​‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌​‌‌​​‍​‌‌​‌‌​‌‍​‌‌​‌‌‌‌‍​‌‌​‌‌‌​‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​‌‌​​‌​‌‍​‌‌‌​​‌​‍​​‌​‌‌​‌‍​‌‌‌​‌‌​‍​‌‌​​‌​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​​‍​‌‌​‌‌‌‌‍​‌‌‌​​‌​‍​​‌​‌‌​‌‍​‌‌‌​​‌​‍​‌‌​‌​​‌‍​‌‌‌​​‌‌‍​‌‌​‌​‌‌‍​​‌​‌‌​‌‍​​‌‌​​‌​‍​​‌‌​​​​‍​​‌‌​​‌​‍​​‌‌​‌‌​

Your vendors are not just vendors. They are attack surface.

Threat 1: Compromised Open-Source Dependencies (Red Hat RHSB-2026-001)

In March 2026, attackers compromised multiple open-source projects used by thousands of organisations. LiteLLM, a popular AI gateway library. Trivy, the container vulnerability scanner used in CI/CD pipelines. Axios, the JavaScript HTTP client with 200 million weekly downloads. Checkmarx's GitHub Actions integrations. Plus 29 npm packages backdoored in a coordinated publisher compromise campaign.

If your software stack pulled any of these into your environment, you inherited the compromise — not through your own mistake, but through trust.

How lilMONSTER Addresses This

lilMONSTER runs software composition analysis (SCA)<

/strong> on your application dependencies using tools like Trivy and OWASP Dependency-Check. We do not just scan your code. We scan every library your code pulls in, recursively, mapping the full dependency tree.

Our vendor risk assessments go further. For critical suppliers, we audit their Software Bill of Materials (SBOM). If they cannot produce one, that is a finding. If their SBOM shows end-of-life components, that is a finding. You get a ranked list of vendor risks with remediation timelines, not a PDF report you will never read.

Real tool. Real output. Real accountability.

Threat 2: SaaS and MSP as Force Multipliers (Group-IB Threat Intel)

Group-IB's 2026 High-Tech Crime Trends Report tracks six supply chain attack groups whose methods turn SaaS platforms and managed service providers into attack amplifiers. One MSP compromise can deliver ransomware to 200 downstream clients in a single deployment. One breached SaaS integration can exfiltrate data from every tenant.

The math is brutal: attackers do not need to breach 200 companies. They need to breach one MSP.

How lilMONSTER Addresses This

lilMONSTER's threat intelligence monitoring tracks indicators of compromise across your vendor ecosystem continuously — not once a year during a compliance checkbox exercise. We monitor:

  • Credential dumps mentioning your vendors on dark web forums
  • CVE announcements affecting their tech stack
  • Certificate transparency logs showing suspicious domains
  • Ransomware group leak sites listing your suppliers

When a vendor appears on a ransomware leak site at 2am, you know by 7am. Not three months later at audit time.

Our managed AI security service extends this monitoring into your own environment. AI pipelines introduce new supply chain risks — poisoned training data, compromised model weights, prompt injection in third-party model APIs. lilMONSTER configures and monitors guardrails around your AI integrations so your chatbot does not become your breach.

Threat 3: Compliance Frameworks Lag Behind Attackers

ISO 27001 Annex A.15 covers supplier relationships. SOC 2 requires vendor due diligence for the security and availability trust criteria. The Essential Eight mandates application control and patch management that extend to third-party applications.

Most businesses have these policies on paper. Few have them operating in practice. The gap between "we have a vendor risk management policy" and "we know which of our 400 SaaS vendors had a breach this month" is where attacks land.

How lilMONSTER Addresses This

lilMONSTER's compliance scoping does not hand you a spreadsheet and wish you luck. We map your actual vendor inventory to the controls that matter.

For ISO 27001, we help you define your supplier assessment criteria, build your approved supplier list, and establish the monitoring cadence auditors will actually verify. For SOC 2, we scope your vendor due diligence to the exact trust criteria your customers care about — not every control in the catalogue, the ones that match your business. For Essential Eight, we map your third-party applications to Maturity Level requirements and close the gaps before the ACSC assessment.

We also run the actual vulnerability scans and penetration tests that prove your controls work. Nessus scans across your environment including vendor-hosted assets where access is permitted. Manual penetration testing that chains vulnerabilities the way a real attacker would — through your perimeter, into a third-party integration, and out with data. You get findings with reproduction steps, not vague compliance language.

FAQ

Q: How do I know which vendors actually pose a risk to my business?

Most organisations treat every vendor the same — send the same questionnaire, apply the same review. lilMONSTER classifies your vendors by data access, integration depth, and business criticality. Your payroll provider with access to every employee's tax file number gets a different assessment than your office plant delivery service. We build the risk tiering, you make the decisions.

Q: We already run vulnerability scans. Is that enough for supply chain security?

No. Vulnerability scanning finds known CVEs in software you run. Supply chain attacks exploit trust relationships that vulnerability scanners cannot see — compromised build pipelines, malicious package updates, breached SaaS tenant environments. You need threat intelligence monitoring and vendor-specific risk assessments layered on top of scanning, not instead of it.

Q: What is an SBOM and do I really need one from my vendors?

A Software Bill of Materials lists every component inside a software product — libraries, frameworks, modules, their versions, and their dependency relationships. In 2026, if a critical vendor cannot produce an SBOM, you are flying blind. When the next Log4j-level vulnerability drops, you will not know if you are exposed until the vendor sends an email — and by then, you are already behind the attackers. lilMONSTER builds SBOM requirements into our vendor assessment framework so you have this visibility before you need it.

Q: Does Essential Eight cover supply chain security?

Yes, indirectly through several controls. Application control (Maturity Level 2 and 3) must extend to third-party applications. Patch applications mandates timely updates for software from external vendors. User application hardening restricts risky functionality in vendor-supplied tools. lilMONSTER's Essential Eight scoping maps these requirements to your specific vendor inventory so you know exactly which suppliers trigger which controls.

Conclusion

Supply chain attacks are not a future threat. They are a current reality — 3x increase year over year, six active attack groups, and open-source ecosystems under sustained siege. Your security posture includes every vendor you rely on, whether you assessed them or not.

The fix is not panic. The fix is visibility. Know which vendors hold your data. Know what software your stack depends on. Know when a vendor appears in a breach notification or a ransomware leak site. Then act on that knowledge with practical remediation — patching, segmentation, contract renegotiation, or replacement.

lilMONSTER makes this operational, not aspirational. Vendor risk assessments with SBOM requirements. Threat intelligence monitoring that catches vendor breaches in hours, not months. Compliance scoping for ISO 27001, SOC 2, and Essential Eight that maps controls to your actual vendor inventory. Vulnerability scans and penetration tests that prove your controls work under real attack conditions.

Visit consult.lil.business to book a free scoping call. We will map your top 10 vendors to their real risk in 30 minutes. No obligation. No fluff. Just clarity about where you stand.

References

  1. Red Hat Security Bulletin RHSB-2026-001: Multiple supply chain compromises of open source projects
  2. ReversingLabs 2026 Software Supply Chain Security Report (4th Annual)
  3. Group-IB: Six Supply Chain Attack Groups to Watch Out for in 2026
  4. RiskLedger: The Top 10 Most Overlooked Supply Chain Cyber Risks in 2026
  5. eSecurity Planet: Supply Chain Attacks, AI Security, and Major Breaches Define This Week in Cybersecurity in May 2026

TL;DR

  • Bad actors snuck harmful code into a popular AI tool called LiteLLM that thousands of businesses use [1].
  • The attack stole passwords, secret keys, and digital wallets from anyone who installed the poisoned version [1].
  • They did it by first compromising a security tool that LiteLLM trusted — like poisoning the water at the treatment plant [2].
  • Here is what it means for your business and how to stay safe.

What Is LiteLLM?

Imagine you run a restaurant and instead of ordering from one food supplier, you want to compare prices from ten different ones. LiteLLM is like a universal ordering app that lets businesses talk to different AI services — ChatGPT, Claude, Gemini — all through one simple connection.

Thousands of companies use it to build AI features into their products [1].

What Went Wrong?

A group of hackers called TeamPCP figured out something clever. Instead of breaking into LiteLLM directly, they first broke into a security scanner called Trivy — a tool that LiteLLM used to check itself for bugs [2].

Think of it this way: imagine a locksmith who checks all the locks in your building gets compromised. Now the attacker does not need to pick any locks — they have the locksmith's master key.

Once inside, TeamPCP published two fake versions of LiteLLM (versions 1.82.7 and 1.82.8) to PyPI, the online store where developers download software [1]. Anyone who downloaded these versions unknowingly installed malware that:

  • Collected passwords and secret keys stored on their computers [1]
  • Spread to other computers on the same network [1]
  • Set up a hidden door that let the hackers come back anytime they wanted [1]

Why Should You Care?

You might not use LiteLLM directly, but your business probably relies on software that works the same way — built from dozens of smaller pieces, each one downloaded from the internet.

According to security research firm Sonatype, attacks on these software building blocks increased by 156% in just one year [3]. And IBM found that when hackers steal login credentials this way, the average cleanup cost is $4.81 million [4].

The Australian Cyber Security Centre has flagged these kinds of attacks as one of the top threats businesses face today [5].

What Can You Do?

Ask your IT team or provider three questions:

  1. "Do we pin our software to specific versions so updates do not happen automatically?" — This stops poisoned updates from sneaking in.

  2. "Do we have tools that scan our software for known threats?" — Free and paid tools exist that check every package you download against a database of known attacks [6].

  3. "If a tool we depend on gets compromised, how quickly would we know?" — The answer tells you whether your business would catch something like this in hours or months.

If you do not have an IT team: Start by keeping an inventory of the software your business uses. Know what you depend on. That awareness alone puts you ahead of most small businesses.

The Simple Takeaway

Every AI tool and every piece of software your business uses is built from smaller parts. If any of those parts gets poisoned, the whole thing becomes dangerous. The best protection is knowing what you depend on and having someone who watches for these threats.

It is like food safety — you trust your suppliers, but smart restaurants still check what arrives at the loading dock.

FAQ

Instead of attacking your business directly, hackers attack the tools or software your business depends on. When you update or install that trusted software, you unknowingly install the attacker's code too. It is like someone tampering with ingredients at a factory — every product made with those ingredients gets affected.

If anyone in your organisation uses Python and has LiteLLM installed, check the version number. Versions 1.82.7 and 1.82.8 were the compromised ones. Run pip list | grep litellm to check. If you see those versions, contact an IT professional immediately.

Very common and growing fast. Sonatype tracked a 156% increase in software supply chain attacks in 2025 [3]. The LiteLLM incident is the fifth software ecosystem TeamPCP has targeted, showing these attackers are becoming more ambitious [2].

No. AI tools can genuinely help your business work smarter and save money. The key is using them with proper safeguards — verified versions, dependency scanning, and regular security reviews. Think of it like driving: cars are useful, but you still wear a seatbelt.

References

[1] Endor Labs, "TeamPCP Isn't Done — LiteLLM Supply Chain Attack Analysis," Endor Labs Research, Mar. 24, 2026. [Online]. Available: https://www.endorlabs.com/learn/teampcp-isnt-done

[2] R. Lakshmanan, "TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise," The Hacker News, Mar. 24, 2026. [Online]. Available: https://thehackernews.com/2026/03/teampcp-backdoors-litellm-versions.html

[3] Sonatype, "2025 State of the Software Supply Chain Report," Sonatype, 2025. [Online]. Available: https://www.sonatype.com/state-of-the-software-supply-chain

[4] IBM Security, "Cost of a Data Breach Report 2025," IBM, 2025. [Online]. Available: https://www.ibm.com/reports/data-breach

[5] Australian Cyber Security Centre, "Annual Cyber Threat Report 2024-2025," Australian Signals Directorate, 2025. [Online]. Available: https://www.cyber.gov.au/about-us/reports-and-statistics/annual-cyber-threat-report

[6] Socket Security, "TeamPCP Targeting Security Tools Across OSS Ecosystem," Socket Blog, Mar. 2026. [Online]. Available: https://socket.dev/blog/teampcp-targeting-security-tools-across-oss-ecosystem

[7] JFrog, "LiteLLM Compromised by TeamPCP — Supply Chain Attack Analysis," JFrog Security Research, Mar. 24, 2026. [Online]. Available: https://research.jfrog.com/post/litellm-compromised-teampcp/

[8] McKinsey & Company, "The State of AI in 2025," McKinsey Global Institute, 2025. [Online]. Available: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai

Wondering if your business software is safe? Talk to lilMONSTER — we help businesses understand their technology risks in plain language.

Ready to strengthen your security?

Talk to lilMONSTER. We assess your risks, build the tools, and stay with you after the engagement ends. No clipboard-and-leave consulting.

Get a Free Consultation