惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

IT之家
IT之家
Project Zero
Project Zero
博客园 - 聂微东
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
F
Fortinet All Blogs
Martin Fowler
Martin Fowler
Jina AI
Jina AI
C
Check Point Blog
博客园_首页
The GitHub Blog
The GitHub Blog
The Hacker News
The Hacker News
T
The Blog of Author Tim Ferriss
V
Vulnerabilities – Threatpost
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cisco Blogs
人人都是产品经理
人人都是产品经理
V
Visual Studio Blog
A
Arctic Wolf
博客园 - 三生石上(FineUI控件)
P
Privacy International News Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Forbes - Security
Forbes - Security
阮一峰的网络日志
阮一峰的网络日志
Engineering at Meta
Engineering at Meta
T
Troy Hunt's Blog
Microsoft Security Blog
Microsoft Security Blog
Spread Privacy
Spread Privacy
Schneier on Security
Schneier on Security
K
Kaspersky official blog
宝玉的分享
宝玉的分享
Google DeepMind News
Google DeepMind News
V2EX - 技术
V2EX - 技术
Google DeepMind News
Google DeepMind News
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Y
Y Combinator Blog
大猫的无限游戏
大猫的无限游戏
S
Security Affairs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - Franky
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
The Register - Security
The Register - Security
P
Proofpoint News Feed
小众软件
小众软件
S
Securelist
T
Tor Project blog

Truesec

Russian Intelligence Targets SOHO Routers - Truesec Cyber Warfare in the Iran War - Truesec Organized Cybercrime Merging with Other Crime - Truesec AI Used in Ransomware Attack The Fortibleed Campaign: Truesec's Experience Fortibleed: Truesec's Experience Supply Chain Attack Compromising Arch Linux AUR Packages with Infostealer and Rootkit - Truesec FortiNet SSO Vulnerability CVE-2025-59718 and CVE-2025-59719 Leading to Full System Compromise - Truesec Critical Vulnerabilities in Ivanti Sentry Allows Code Execution as Root (CVE-2026-10520 & CVE-2026-10523) Typosquatting: When Your Domain Is Used Against You AI in Cybersecurity: Separating Operational Reality from Speculation Compromised @redhat-Cloud-Services Npm Packages Distribute Credential-Stealing Worm GitHub Hacks Highlights Need for Repository Security Installation of a Syslog Log Collector Critical Cisco Secure Workload Vulnerability Allows Unauthenticated Site Admin Access (CVE-2026-20223) Securing IT, OT, and IoT When the Digital Meets the Physical Russia Rolls Out Surveillance Through State-Backed “Super App” MAX Device Code Phishing via Fake File-Sharing Invitation Active Exploitation of PAN‑OS Authentication Portal RCE - Truesec Windows Client Security Baselines: When Assumptions Meet Incident Response Reality - Truesec Entra ID Password Protection: From “P@ssw0rd” to Protected GitHub Under Attack: How Small Exposures Snowball into Large‑Scale Compromises European Risks Linked to the U.S. – Iran Conflict Mythos: What It Actually Means and What It Does Not Russian Espionage Campaign Targets Home Routers How Nordic Organizations Must Adjust Their Cybersecurity to a Changing Operating Environment Critical Vulnerability in “Ninja Forms – File Upload” WordPress Plugin (CVE-2026-07409) Iranian APT Target US Critical Infrastructure Remote Access – Is VPN the Almighty Solution? Malicious Axios Packages Published to npm in New Supply Chain Compromise RCE Vulnerability in F5 BIG-IP APM (CVE-2025-53521) No Further Increase in Iranian Cyber Operations Dutch Intelligence Warns of Russian Campaign Against Signal and Whatsapp Users Multiple Vulnerabilities, One Critical, in Ubiquiti UniFi Network Application
Malicious PyPI Package – LiteLLM Supply Chain Compromise
2026-03-25 · via Truesec

Threat Insight

A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on every startup, without requiring any explicit import of the litellm module [1].

cyber supply chain domino

The malicious behavior is enabled through Python’s handling of .pth files located in site-packages/, which are executed automatically when the interpreter initializes. This makes the compromise particularly dangerous, as execution occurs implicitly and may go unnoticed in standard dependency usage scenarios[2].

The embedded payload is double base64‑encoded, significantly reducing visibility to basic static analysis. The decoded payload attempts to exfiltrate credentials to a remote endpoint controlled by the attacker [1].

Anyone who’s running the confirmed compromised, or possibly compromised litellm versions via pip has had all environment variables, SSH keys, cloud credentials, and other secrets collected and sent to an attacker-controlled server.

This threat notice will be updated when there is more information available.

PyPi admins have quarantined the project, hopefully limiting spread.

Affected Products

litellm version 1.82.8
Possibly litellm version 1.82.7

Exploitation

The flaw is currently being exploited in the wild.

Threat Actor

The attack seems to be attributed to TeamPCP[3]

Recommended Actions

Truesec recommends following the recommendations in the advisory[1]:

  • Truesec recommends following the recommendations in the advisory[1]:
  • PyPI: Yank/remove litellm 1.82.8 and litellm 1.82.7 immediately
  • Users: Check for litellm_init.pth in your site-packages/ directory
  • Users: Rotate ALL credentials that were present as environment variables or in config files on any system where any of the affected versions was installed
  • BerriAI: Audit PyPI publishing credentials and CI/CD pipeline for compromise

Detection

For all Truesec MDR customers, Threat hunting will be applied to the following IOCs:
Observed exfiltration[3]:
models[.]litellm[.]cloud
checkmarx[.]zone/raw

[1] https://github.com/BerriAI/litellm/issues/24512
[2] https://docs.python.org/3/library/site.html
[3] https://ramimac.me/trivy-teampcp/#phase-09