{"data":{"id":"297cd699-8d5c-431e-9922-fd5538bd118b","title":"PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials","summary":"Malicious versions of LiteLLM, a popular Python library for working with large language models, were published on PyPI and stole credentials from developer environments before being removed after about two hours. The malware used a three-stage attack to harvest sensitive data like API keys, cloud credentials, and SSH keys (private authentication files), then encrypted and sent them to attacker-controlled servers. This incident is part of a larger supply chain attack (a coordinated effort to compromise widely-used software) called TeamPCP that also affected other developer security tools.","solution":"PyPI stated: \"Anyone who has installed and run the project should assume any credentials available to the LiteLLM environment may have been exposed, and revoke/rotate them accordingly.\" The affected versions are 1.82.7 and 1.82.8. Wiz customers can check for exposure via the Wiz Threat Center.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4149905/pypi-warns-developers-after-litellm-malware-found-stealing-cloud-and-ci-cd-credentials.html","publishedAt":"2026-03-25T11:09:14.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LiteLLM","Trivy","KICS","Checkmarx","Aqua Security"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-25T11:09:14.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}