"The malware slipped in through a 'dependency,' meaning other open source software that LiteLLM relied upon. It then stole the log-in credentials of everything it touched."
"Ironically, a bug in the malware caused his machine to blow up. Because that bit of nasty code was so sloppily designed, he concluded it must have been vibe coded."
"The LiteLLM developers have been working non-stop this week to rectify the situation and the good news is that it was caught relatively fast, likely within hours."
"LiteLLM, as of March 25 when we looked, still proudly displays on its website that it has passed two major security compliance certifications, SOC2 and ISO 27001."
LiteLLM, an open source project popular among developers, was found to contain malware that compromised user credentials. The malware infiltrated through a dependency, allowing it to harvest credentials from various accounts. Callum McMahon, a research scientist, discovered the malware after it caused his machine to shut down. The LiteLLM team has been working diligently to address the issue, which was identified quickly. Despite this incident, LiteLLM continues to advertise its compliance with major security certifications, raising questions about the validity of those certifications.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]