AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data
hackread.comFollowing a compromise of the open-source tool LiteLLM, AI firm Mercor reports a security incident. Learn how hacking groups TeamPCP and Lapsus$ allegedly accessed sensitive candidate profiles and internal data.
The AI recruitment firm Mercor has confirmed it is dealing with a security incident following a widespread cyberattack linked to a compromised open-source tool. The breach is part of a large-scale supply chain attack that impacted thousands of organisations globally.
For your information, supply chain attacks work by inserting malicious code into widely used software, allowing attackers to compromise multiple targets at once through trusted dependencies.
A 40-minute window of chaos
The incident dates back to late March 2026 and involves LiteLLM, an open-source tool used to enable communication between different AI models. According to reports, attackers published two malicious versions of the LiteLLM PyPI package, versions 1.82.7 and 1.82.8. While the compromised packages were available ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE