Source: BleepingComputer
Summary
LiteLLM, a popular AI open source project used by millions, was compromised by credential harvesting malware. The malware was discovered in the project’s dependencies and has been removed. The project’s maintainers have released an update to fix the issue. The incident highlights the risks of open source software dependencies. Users are advised to update to the latest version.
Our Reading
The launch follows a familiar script.
Another day, another open source project compromised by malware. LiteLLM, used by millions, gets a free side of credential harvesting. Because what’s an AI project without a little extra “intelligence”? The project’s maintainers are “sorry” and have released an update. Because that’s what you do when you’ve been pwned.
Author: Evan Null
