An attacker successfully implemented a supply chain attack on the popular LiteLLM app:
"Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords."
Fortunately, it appears the attacker screwed up, and the app fails to deliver it's payload.
If you've been playing around with AI's, you should probably check for the corrupted version, and rotate your keys.
