A 12th-grade student in Thanh Hoa Province has been accused of developing malicious software and selling it to cybercrime syndicates, enabling them to allegedly hijack over 94,000 computers globally.

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of credential-harvesting malware to thousands of AI developers.