Image created with gemini-3.1-flash-image-preview with claude-sonnet-4-5. Image prompt: Using the provided reference image, preserve the exact weathered wooden crate with horizontal reddish-brown slats, iron hardware, and three-panel layout with hand-painted black text, but replace all text with ‘SECURITY’ in the same loose stencil style, and add a heavy iron padlock hanging open from the front latch; place the crate on a wet stone doorstep in early morning mist with soft dawn light raking across its face, background softly blurred, photorealistic 1950s material world aesthetic.
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
https://x.com/hnykda/status/2036414330267193815
Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database
https://x.com/karpathy/status/2036487306585268612
Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised | Hacker News https://news.ycombinator.com/item?id=47501426
Thankfully the LiteLLM package has now been marked as “”quarantined”” on PyPI so attempting to install the compromised update via pip et al shouldn’t work
https://x.com/simonw/status/2036451896970584167
Interesting. FCC has banned the import of all new consumer routers manufactured outside of the US.
https://x.com/bilawalsidhu/status/2036446008557641775
US Department of Labor launches ‘Make America AI-Ready’ initiative | U.S. Department of Labor https://www.dol.gov/newsroom/releases/osec/osec20260324
SOC II is in the news right now for being security theater.. You know what SOC II is *actually* good for? Subprocessor lists. I scraped 417 companies subprocessors to investigate what AI native companies are using for their infrastructure. Introducing DeployGraph dot com 🥞
https://x.com/nikunj/status/2036572222081606065?s=12
Leave a Reply