LiteLLM just got hit by a supply chain attack. 95M monthly downloads, and two versions (1.82.7 and 1.82.8) had credential-stealing code slipped in.
The attack path is worth noting. The attackers compromised Trivy, a vulnerability scanner used in LiteLLM's CI/CD pipeline.
1/2
They grabbed the PyPI publishing token from an .env file and pushed malicious code.
The fix? Pin your GitHub Actions to specific commits, not version tags. And maybe stop putting secrets in .env files....
If you pulled either of those versions, rotate your credentials now.
2/2
Vito Botta