Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 336, Issue 4IT Vendor NewsTrend Micro

Your AI Stack Just Handed Over Your Root Keys: Inside The litellm PyPI Breach

Trend Micro, March 25,2026

Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps.

The popular litellm Python package was compromised on PyPI. Versions 1.82.7 and 1.82.8 contain malicious code that steals your cloud credentials, SSH keys, and Kubernetes secrets. If you updated your environment on or after March 24, 2026, assume your keys belong to someone else. Stop what you are doing, delete the package, and tell your team to rotate credentials immediately.

more →  ·  More from Trend Micro →