News Score: Score the News, Sort the News, Rewrite the Headlines
8.7

PyPI supply chain attack: litellm 1.82.8 package contains malicious .pth file that auto-executes on Python startup, stealing SSH keys, cloud credentials, API tokens from developers, CI/CD pipelines and Docker containers; exfiltrates encrypted data to attacker-controlled litellm.cloud domain

github.com #

[Security]: CRITICAL: Malicious litellm_init.pth in litellm 1.82.8 — credential stealer via PyPI supply chain

Summary The litellm==1.82.8 wheel package on PyPI contains a malicious .pth file (litellm_init.pth, 34,628 bytes) that automatically executes a credential-stealing script every time the Python interpreter starts — no import litellm required. This is a supply chain compromise. The malicious file is listed in the package's own RECORD: litellm_init.pth,sha256=ceNa7wMJnNHy1kRnNCcwJaFjWX3pORLfMh7xGL8TUjg,34628 Reproduction pip download litellm==1.82.8 --no-deps -d /tmp/check python3 -c " import zipfi...

Read more at github.com

© News Score  score the news, sort the news, rewrite the headlines
Leaderboard Submit About