Litellm 1.82.7 and 1.82.8 on PyPI are compromised, do not update!
LiteLLM versions 1.82.7 and 1.82.8 were found to contain malicious code targeting PyPI users, likely via a compromised maintainer account. The payload harvests sensitive credentials, exfiltrates data, and attempts persistence and lateral movement in Kubernetes. Maintainers have yanked the versions, but users are advised to rotate all credentials and audit their environments for persistence.
Summaries are AI-generated to help you scan faster. Open the original source for full context.