"The malware campaign began in late February, when the attackers took advantage of a misconfiguration in Trivy's GitHub Actions environment to steal a privileged access token that allowed the manipulation of CI/CD."
"By modifying existing version tags associated with [the GitHub Action script] trivy-action, they injected malicious code into workflows that organizations were already running."
"Dholakia said that LiteLLM's PYPI_PUBLISH token, stored in the project's GitHub repo as an .env variable, got sent to Trivy, where attackers got ahold of it."
LiteLLM versions v1.82.7 and v1.82.8 were removed from PyPI after being compromised with credential-stealing code. The attack originated from a misconfiguration in Trivy's CI/CD pipeline, allowing attackers to steal a privileged access token. This led to the publication of malicious Trivy releases, which modified existing version tags to inject harmful code into workflows. The CEO of Berri AI stated that the project's publishing tokens were compromised, prompting the deletion of all PyPI publishing tokens to prevent further issues.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]