LiteLLM versions 1.82.7 and 1.82.8 were compromised in a PyPI supply chain attack, delivering a malicious `.pth` file that auto-executes on every Python startup to harvest SSH keys, `.env` files, cloud credentials (AWS/GCP/Azure), Kubernetes configs, and crypto wallets. The attack was discovered via an MCP plugin running inside Cursor, where a fork-bomb bug in the malware crashed the host machine. The compromised versions have since been yanked from PyPI, but the LiteLLM maintainer appears to have been personally compromised, and a GitHub disclosure issue was closed and flooded with spam bots.
Safety
LiteLLM Compromised by Credential Stealer
PyPI supply chain attack compromises LiteLLM versions 1.82.7–1.82.8 with malicious `.pth` file harvesting SSH keys, cloud credentials, and crypto wallets on every Python startup.
Wednesday, March 25, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
safety
/// RELATED
Products6d ago
Zed 1.0
Zed code editor reaches 1.0 after five years with custom GPU-accelerated rendering (GPUI) and launches DeltaDB, a CRDT engine enabling real-time human-AI code collaboration.
Policy4d ago
For Linux kernel vulnerabilities, there is no heads-up to distributions
Critical Linux kernel LPE (CopyFail) disclosed without advance notice to distributions, breaking the standard coordinated vulnerability disclosure process for patch planning.