PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

A critical warning has been issued by PyPI to developers after the discovery of LiteLLM malware, which targets cloud and CI/CD credentials. The malicious code was embedded in two compromised versions of the popular Python middleware for large language models, briefly published on the platform. As a result, anyone who installed and ran the project is advised to assume their credentials have been exposed and take immediate action to revoke and rotate them¹. The incident is linked to an exploited Trivy dependency, part of the ongoing TeamPCP supply-chain attack. The vulnerability underscores the importance of vigilance in the development community, particularly when working with widely used middleware and dependencies. This incident highlights the need for developers to stay informed about potential security threats and take proactive measures to protect their credentials and environments, as compromised credentials can have severe consequences for the security of their applications and data.