A Poisoned Security Scanner Just Backdoored the AI Stack

On March 24, a threat actor called TeamPCP published backdoored versions of LiteLLM (versions 1.82.7 and 1.82.8), a widely used Python package for AI model routing downloaded 3.4 million times per day. They got in by first compromising Trivy, Aqua Security's open source vulnerability scanner, on March 19. The poisoned Trivy GitHub Action exfiltrated PyPI credentials from LiteLLM's CI/CD pipeline.

The malicious versions contained a three-stage payload: credential harvester (SSH keys, cloud creds, Kubernetes secrets, crypto wallets, .env files), Kubernetes lateral movement deploying privileged pods to every node, and a persistent systemd backdoor polling checkmarx[.]zone for more binaries. The packages were live for about 3 hours before PyPI quarantined them. Version 1.82.8 was especially nasty, using a .pth file that fires on every Python startup, not just LiteLLM imports. It caused an accidental fork bomb that's how a researcher at FutureSearch discovered it.

Microsoft published remediation guidance. The attacker even tried to close the disclosure issue on GitHub using compromised maintainer credentials and flooded it with bot comments. TeamPCP has now hit five ecosystems: GitHub Actions, Docker Hub, npm, Open VSX, and PyPI. They posted on Telegram bragging about "stealing terabytes of trade secrets" and said they're partnering with other groups.

As Gal Nagli at Wiz put it: "The open source supply chain is collapsing in on itself. Trivy gets compromised, LiteLLM gets compromised, credentials from tens of thousands of environments end up in attacker hands, and those credentials lead to the next compromise. We are stuck in a loop."

We are in a new wild west with AI technology. The rush to ship AI products has created an enormous attack surface that most companies are not prepared to defend. LiteLLM is downloaded 3.4 million times per day. Trivy is used by thousands of organizations to secure their infrastructure. When tools this embedded in the stack get compromised, the blast radius is measured in tens of thousands of environments, not individual machines.

Security best practices need to improve dramatically across the entire software stack. Pin your dependencies. Verify your CI/CD tooling. Audit your supply chain. The era of blindly trusting open source packages because they have a recognizable name is over. The AI boom is moving faster than the security infrastructure designed to protect it, and attackers like TeamPCP are exploiting that gap with precision. The tools we trust to find vulnerabilities are now introducing them. Until the industry treats supply chain security with the same urgency it treats model performance, we are stuck in a loop.

Oil Drops 6% on Trump Peace Plan, but Iran's Demands Are a Non-Starter

Why it matters: The oil relief may be short-lived when these demands become public.

Brent crude dropped nearly 6% after reports that Trump sent Iran a 15-point peace plan. Markets rallied on the headline. But per Reuters via The Kobeissi Letter, Iran's preliminary demands include: reparations for wartime losses, formal control of the Strait of Hormuz, security guarantees against future military action, and no limitations on Iran's ballistic missile program. Formal control of Hormuz alone is a non-starter for the US and its Gulf allies. The oil relief may be short-lived. Guardian coverage here.

The Philippines Declares the World's First Energy Emergency Over the Iran War

Why it matters: The canary in the coal mine for energy-dependent nations across Asia.

The Philippines just became the first country to declare a national energy emergency over the conflict. President Marcos Jr signed Executive Order 110 citing "imminent danger" to the country's energy supply. They have 45 days of fuel left on average. The country imports 98% of its oil from the Gulf (Saudi Arabia $1.79B, UAE $1.22B, Iraq $474M), produces just 14,300 barrels/day but consumes 474,000. Fuel prices have nearly tripled since the war began Feb 28. Diesel at 130 pesos/liter, kerosene at 145, gasoline past 90. Government implementing 4-day work weeks for civil servants, reducing ferry services, shifting to coal. Labor unions planning strikes. Source here.

Dow Chemical Doubles Polyethylene Price Hike as Walmart Installs Real-Time Pricing Infrastructure

Why it matters: War-driven costs hitting consumers in real time via digital price tags.

Dow Chemical just doubled their polyethylene price increase from $0.15/lb to $0.30/lb effective April 1, roughly a 60% hike on the most widely used plastic on Earth. LyondellBasell has gone even further at $0.35/lb. About 50% of global PE production is offline or feedstock-constrained from the Hormuz crisis. Polyethylene is in packaging, water bottles, grocery bags, construction materials, medical supplies.

Meanwhile, Walmart is rolling digital price tags (DSLs) to all 2,300+ US stores by end of 2026, per CNBC. Prices on 120,000+ products per store can now be changed in seconds via app. Shoppers are already calling it "surge pricing infrastructure."

Connect the dots: war-driven input costs ripping through the supply chain, and the largest retailer has the technology to pass those increases to consumers in real time. This is what inflation looks like in practice. And this is exactly why Bitcoin matters as a long-term store of value. When the purchasing power of dollars is being eroded by war, energy crises, and supply chain disruptions all at once, holding an asset with a fixed supply of 21 million becomes less of a speculative bet and more of a rational response. Source 1 and Source 2.

Debifi Launches Non-Custodial Bitcoin-Backed Lending API

Why it matters: The kind of infrastructure Bitcoin needs after the platform collapses.

Debifi just launched their API Beta for non-custodial, Bitcoin-backed lending infrastructure. The pitch: scalable lending without rehypothecation, no "black box" intermediaries, you keep your keys via automated multi-sig escrow orchestration. Use cases include embedded finance for banks and automated corporate treasury management. After the platform collapses of recent years (BlockFi, Celsius, Voyager), this is the kind of infrastructure Bitcoin needs: verifiable, enterprise-grade, and trust-minimized. Website here.

NYC Tax Data Reveals Staggering Benefit Disparity

Why it matters: The numbers behind urban fiscal dynamics laid bare.

Data from @charliesmirkley breaks down NYC's tax-to-public-housing benefit ratios. White households pay roughly $54B in combined taxes and receive $15.5M back in NYCHA public housing benefits. Using white as the index (1x), Asian households receive 7.5x, Black households 61x, and Hispanic households 67x per tax dollar paid. The data is based on NYCHA January 2025 figures and ACS 2019-2023 surveys.

Bitcoin ETFs Log $2.5B in March Inflows, Nearly Erasing 2026 Losses

Why it matters: March has nearly reversed the worst start since launch.

Per Bloomberg's Eric Balchunas, Bitcoin ETFs have recorded approximately $2.5B in capital inflows in March alone, amounting to about $1.6B in net flows. This comes after four consecutive months of net outflows from November 2025 through February 2026, totaling $6.4B. January and February 2026 alone saw $1.81B in net outflows, the worst start since launch. March has now nearly erased the year's losses, with net outflows for 2026 dropping to roughly $210M. Source here.

OpenAI Kills Sora After Just Six Months

Why it matters: Reality check on the AI hype cycle and sustainable businesses.

OpenAI is shutting down Sora, its AI video generation app launched to massive hype last year. Per CNBC, the decision is driven by cost-cutting as the company "reels in costs." The app went viral after launch but apparently couldn't justify its compute spend. This is a reality check on the AI hype cycle: not every cool demo becomes a viable product when you're burning through GPU hours at scale. The gap between "impressive demo" and "sustainable business" remains enormous. Guardian coverage.

SK Hynix Files for US Listing as Memory Chip Demand Explodes

Why it matters: The picks-and-shovels play of the AI boom wants closer to US capital.

SK Hynix, the world's largest producer of high-bandwidth memory chips that power AI training, has filed for a confidential US listing. The company is riding what it calls "unprecedented growth" in the memory market driven by AI demand. This is the picks-and-shovels play of the AI boom. Every GPU needs HBM chips, and SK Hynix controls the majority of supply. A US listing signals where the capital wants to be: closer to the AI infrastructure buildout.