LiteLLM on PyPI is compromised
Date:
Tue, 24 Mar 2026 13:48:18 +0000
Description:
This issue
report describes a credential-stealing attack buried within LiteLLM
1.82.8 in the PyPI repository. It collects and exfiltrates a wide variety
of information, including SSH keys, credentials for a number of cloud
services, crypto wallets, and so on. Anybody who has installed this
package has likely been compromised and needs to respond accordingly.
======================================================================
Link to news story:
https://lwn.net/Articles/1064479/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)