LiteLLM Python package compromised by supply-chain attack
Summary
A GitHub issue reveals a supply-chain attack in the Litellm PyPI package (litellm==1.82.8) that ships a malicious litellm_init.pth file executing a credential-stealing payload on startup. The attack exfiltrates secrets and cloud credentials, prompting immediate remediation like yanking the package and rotating impacted credentials; highlights risks to development workflows and CI/CD pipelines.