NOW LET US – AI RAG SaaS Studio TP.HCM
NOW LET US
Digital Product Studio
Back to news
DEV-TOOLS...1 min read

Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised

Share
NOW LET US Article – Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised

Versions 1.82.7 and 1.82.8 of the LiteLLM package on PyPI have been compromised with a malicious base64 blob that triggers forkbomb-like behavior.

About an hour ago new versions have been deployed to PyPI.

I was just setting up a new project, and things behaved weirdly. My laptop ran out of RAM, it looked like a forkbomb was running.

I've investigated, and found that a base64 encoded blob has been added to proxy_server.py.

It writes and decodes another file which it then runs.

I'm in the process of reporting this upstream, but wanted to give everyone here a headsup.

It is also reported in this issue: https://github.com/BerriAI/litellm/issues/24512

  1. Looks like this originated from the trivvy used in our ci/cd - https://github.com/search?q=repo%3ABerriAI%2Flitellm%20trivy... https://ramimac.me/trivy-teampcp/#phase-09

  2. If you're on the proxy docker, you were not impacted. We pin our versions in the requirements.txt

  3. The package is in quarantine on pypi - this blocks all downloads.

We are investigating the issue, and seeing how we can harden things. I'm sorry for this.

  • Krrish
© 2026 Now Let Us. All rights reserved.

Source: Hacker News

Advertisement
Ad slot ready: 5887729102

More in this category

NOW LET US Related – The Website Specification

dev-tools

The Website Specification

A platform-agnostic specification of the technical features every decent website should have, designed for both humans and AI agents.

NOW LET US Related – Avian Visitors

dev-tools

Avian Visitors

Avian Visitors is an open-source project that combines a Raspberry Pi, the BirdNET acoustic classifier, and Gemini AI to automatically identify bird calls and generate beautiful Japanese kachō-e style collages.

NOW LET US Related – Ahoy, DECmate II the little PDP-8 that could

dev-tools

Ahoy, DECmate II the little PDP-8 that could

A deep dive into the history of the PDP-8 architecture, its evolution into the DECmate II, and how this iconic 12-bit minicomputer shaped the early computing landscape.

EXPLORE TOPICS

Discover All Categories

Deep dive into the specific technology sectors that matter most to you.

AI Frontier
AI Frontier

Foundation models, multimodal systems, and enterprise use cases.

Agentic Systems
Agentic Systems

Task-oriented automation workflows for real operations.

SaaS Growth
SaaS Growth

CAC, LTV, retention, and growth optimization.

Dev Tools
Dev Tools

Codegen tools, next-gen IDEs, and modern dev workflows.

Cybersecurity
Cybersecurity

AI security, Zero Trust, and proactive defense.

Cloud & Infra
Cloud & Infra

Cloud Native, Edge Computing, and GPU Clusters.

Robotics
Robotics

Humanoid robots, autonomous vehicles, and smart hardware.

Startups & VC
Startups & VC

Funding trends, M&A, and the startup ecosystem.