A malicious wheel file in litellm v1.82.8 on PyPI contains a .pth file that executes automatically on Python startup, compromising any system using the affected package. The incident highlights the critical vulnerability of open-source supply chains and reinforces the need for security frameworks like SBOMs, SLSA, and SigStore.
Products
Python Supply-Chain Compromise
A malicious wheel file in litellm v1.82.8 on PyPI contains a .pth file that executes automatically on Python startup, compromising any system using the affected package. The incident highlights the critical vulnerabil...
Wednesday, April 8, 2026 12:00 PM UTC2 MIN READSOURCE: Schneier on SecurityBY sys://pipeline
Tags
products