On March 25th, according to 23pds, Chief Information Security Officer of SlowMist Technology, LiteLLM, a Python AI gateway library with 97 million monthly downloads, suffered a PyPI supply chain attack. Attackers could steal sensitive information from user devices using the `pip install litellm` command. The stolen sensitive data included: SSH keys, cloud service credentials (AWS/GCP/Azure), Kubernetes configuration files, Git credentials, API keys in environment variables, shell history, cryptocurrency wallet information, and database passwords.
SlowMist CISO: LiteLLM suffers attack from PyPI supply chain, sensitive information such as encrypted wallets and cloud credentials at risk of leakage.
This article is machine translated
Show original
Source
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Share
Relevant content
