Back to all posts
1 min readfrom InfoQ

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

Discovered by FutureSearch researcher Callum McMahon, a supply chain attack against LiteLLM on PyPI resulted in over 40 thousand downloads of a compromised version that installed a malicious payload capable of harvesting and exfiltrating sensitive information. LiteLLM is downloaded roughly 3 million times per day.

By Sergio De Simone

Want to read more?

Check out the full article on the original site

View original article

Tagged with

#rows.com
#supply chain attack
#PyPI
#LiteLLM
#sensitive information
#malicious payload
#exfiltration
#compromised version
#downloads
#software supply chain
#FutureSearch
#harvesting
#information security
#vulnerability
#payload
#cybersecurity
#researcher
#Callum McMahon
#Sergio De Simone
#over 40 thousand