Mastodawn

My minute-by-minute response to the LiteLLM malware attack

https://futuresearch.ai/blog/litellm-attack-transcript/

My minute-by-minute response to the LiteLLM malware attack

The full Claude Code transcript from discovering and responding to the litellm 1.82.8 PyPI supply chain attack on March 24, 2026 — from mysterious process explosions to malware identification to public disclosure.

FutureSearch

Show thread

cedws 2d ago

GitHub, npm, PyPi, and other package registries should consider exposing a firehose to allow people to do realtime security analysis of events. There are definitely scanners that would have caught this attack immediately, they just need a way to be informed of updates.

Show thread

simonw 2d ago

PyPI does exactly that, and it's been very effective. Security partners can scan packages and use the invite-only API to report them: https://blog.pypi.org/posts/2024-03-06-malware-reporting-evo...

Malware Reporting Evolved - The Python Package Index Blog

PyPI now has a new, improved way to report malware.

Show thread

cedws

Thanks, TIL.