Secure your company's AI posture with Varonis Atlas today! Get a free demo at https://go.lowlevel.tv/varonis

DISCLAIMER: I HAVE NO EVIDENCE THAT GOOGLE OR NETFLIX WERE ACTUALLY AFFECTED BY THIS ATTACK I JUST KNOW FROM PUBLICALLY AVAILABLE INFORMATION THAT THEY BOTH USE LITELLM PLEASE DO NOT SUE ME IM JUST A MAN WITH A YOUTUBE CHANNEL

https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/

🏫 MY COURSES
Sign-up for my FREE 3-Day C Course: https://lowlevel.academy

🧙‍♂️ HACK YOUR CAREER
Wanna learn to hack? Join my new CTF platform: https://stacksmash.io

⌨️ KEYBOARD
Like what you hear? Grab a Q5 at https://go.lowlevel.tv/keyboard

🔥COME HANG OUT   
Check out my other stuff: https://lowlevel.tv

Low Level Learning

A breakdown of the LiteLLM supply chain attack where malicious actors compromised the Trivy security scanner's GitHub Action by exploiting a misconfigured pull_request_target workflow. An AI-powered bot stole a privileged personal access token, rewrote mutable version tags to point to malicious commits, and when LiteLLM's CI pipeline ran Trivy, its maintainer credentials were exposed. Attackers used those credentials to push malware into LiteLLM versions 1.27 and 1.28, which exfiltrated SSH keys, API keys, environment variables, git credentials, CI/CD configs, and more from users of the package — including companies like Stripe, Netflix, and Google.

another day, another supply chain attack.