Type
Incident
Actors
Pub. date
March 24, 2026
Initial access
Supply chain vector
Impact
Supply chain attack
Observed techniques
References
Status
Finalized
Last edited
Apr 5, 2026 2:04 PM
Malicious versions of the LiteLLM python package (1.82.7 and 1.82.8) were published on the morning of 24 March 2026. The compromised packages employed two different methods to deliver their payload. The packages were published at approximately 8:30 UTC and quarantined by PyPI at 11:25 UTC. An PyPI advisory has been posted here, identifying an API token exposed via the prior Trivy incident as the root cause.