On 3/23/26 07:31, Jeremy Utiera wrote:
Of note, this attack is still on-going and the extent of Trivy's compromise seems to be growing.
And it appears they were able to leverage the Trivy compromise to compromise other packages as well. https://github.com/BerriAI/litellm/issues/24512 and https://github.com/BerriAI/litellm/issues/24518 report that litellm PyPI packages v1.82.7 + v1.82.8 were compromised: The litellm==1.82.8 wheel package on PyPI contains a malicious .pth file (litellm_init.pth, 34,628 bytes) that automatically executes a credential- stealing script every time the Python interpreter starts — no import litellm required. Anyone who installed litellm==1.82.8 via pip has had all environment variables, SSH keys, cloud credentials, and other secrets collected and sent to an attacker-controlled server. -- -Alan Coopersmith- [email protected] Oracle Solaris Engineering - https://blogs.oracle.com/solaris
