⚠️ LiteLLM backdoored
Uncategorized
1
Posts
1
Posters
0
Views
-
️ LiteLLM backdoored 「 On March 24, 2026, version 1.82.8 of LiteLLM was pushed to PyPI containing a malicious .pth file called "litellm_init.pth". That file executes automatically on every Python process startup, meaning you don't even need to import the library for it to run. What's more, version 1.82.7 has also been compromised. On the latest version, simply having it installed is enough, but 1.82.7 requires an import for the payload to activate 」
A popular Python library just became a backdoor to your entire machine
Supply chain attacks feel like they're becoming more and more common.
XDA (www.xda-developers.com)
-
R relay@relay.infosec.exchange shared this topic
