Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

AndyC 25 March 2026


This morning, the widely used Python package litellm, a popular abstraction layer for interacting with large language models (LLMs), was compromised and two malicious versions released (1.82.7 and 1.82.8).

[…Keep reading]

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

This morning, the widely used Python package litellm, a popular abstraction layer for interacting with large language models (LLMs), was compromised and two malicious versions released (1.82.7 and 1.82.8).

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Sonatype Security Research Team. Read the original post at: https://www.sonatype.com/blog/compromised-litellm-pypi-package-delivers-multi-stage-credential-stealer

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , ,

More Stories

AiStrike Launches Continuous Detection Engineering to Fix Alert Noise at the Source

Sumo Logic Expands Dojo AI With SOC Analyst Agent That Recommends Actions, Not Just Alerts

AndyC 25 March 2026
Training effective models without the annotation budget

Training effective models without the annotation budget

AndyC 25 March 2026
Claude Code and Cowork can now use your computer

The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

AndyC 25 March 2026
AiStrike Launches Continuous Detection Engineering to Fix Alert Noise at the Source

BSidesSLC 2025 – Restless Guests – Azure Exploit Exposed

AndyC 25 March 2026
AiStrike Launches Continuous Detection Engineering to Fix Alert Noise at the Source

Google Unleashes Gemini AI to Scour Dark Web for Corporate Threats

AndyC 25 March 2026
Apple goes global with key MDM tools and services for business

Hyperproof Launches AI Guided Experiences for Compliance Operations at RSAC 2026

AndyC 25 March 2026

You may have missed

AiStrike Launches Continuous Detection Engineering to Fix Alert Noise at the Source

Sumo Logic Expands Dojo AI With SOC Analyst Agent That Recommends Actions, Not Just Alerts

AndyC 25 March 2026
Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer

AndyC 25 March 2026
Training effective models without the annotation budget

Training effective models without the annotation budget

AndyC 25 March 2026
Claude Code and Cowork can now use your computer

The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

AndyC 25 March 2026
QualDerm Partners December 2025 data breach impacts over 3 Million people

QualDerm Partners December 2025 data breach impacts over 3 Million people

AndyC 25 March 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.