A malicious supply chain attack was discovered in the PyPI package litellm version 1.82.8. The compromised wheel file contains a malicious .pth file (litellm_init.pth) that is automatically executed by the Python interpreter on every startup, without requiring any explicit import. Bruce Schneier comments that the industry must
Sort: