Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
litellm encountered a PyPI supply chain attack, allowing the theft of all sensitive credentials such as SSH keys with a simple installation
By: rootdata|2026/03/25 08:42:00
0
Share
Andrej Karpathy posted on the X platform that litellm has encountered a PyPI supply chain attack, where executing pip install litellm can steal SSH keys, AWS/GCP/Azure credentials, Kubernetes configurations, git credentials, environment variables, encrypted wallets, SSL private keys, CI/CD keys, and database passwords.
litellm has a monthly download volume of 97 million, and the risk can spread to all projects that depend on litellm, such as dspy. The version with the malicious code was online for less than about 1 hour, and it was discovered due to a flaw in the attack code that caused Callum McMahon's machine to run out of memory and crash. Andrej Karpathy stated that supply chain attacks are the most threatening issue in modern software, as each installation of dependencies can introduce tampered packages deep within the dependency tree, leading him to increasingly prefer reducing dependencies and using LLM to directly implement simple functions.
You may also like
Slow Down, That's the Answer to the Age of the Agent
Rather than worrying about AI, it's better to regain control of pace and judgment
From Cash to Cryptocurrency: Moving Towards a Unified Regulatory Path for Illegal Payments
By establishing a framework based on the principle of "general law" and broadly defining the function of "payment tools," future innovations can be automatically included in the regulatory perspective, thereby breaking the passive cycle of "innovation-regulation-re-innovation-re-regulation" and guid...
Who will own the most Bitcoin in 2026
In this article, we will examine some individuals, companies, and wallets that have become crypto whales based on on-chain data and their own public statements, and investigate the amount of Bitcoin they hold.
A private feud lasting 10 years, if not for OpenAI's "hypocrisy," would not have led to the world's strongest AI company, Anthropic
What shapes the global AI landscape is not only the competition of technological routes but also a personal trauma that has never healed.
"Crypto Tsar" steps down: 130 days of political performance come to an end, how much of Trump's crypto promise remains?
The encryption czar has left, and Trump has muted.
From Utopian Narratives to Financial Infrastructure: The "Disenchantment" and Shift of Crypto VC
Financial infrastructure is the real reason that attracts venture capital investment in the cryptocurrency field.
A decade-long personal feud, if not for OpenAI's "hypocrisy," there would be no globally leading AI company Anthropic
Shaping the global AI landscape is not just a battle of technical paths, but also a wound of private trauma that has never healed
a16z: The True Meaning of Strong Chain Quality, Block Space Should Not Be Monopolized
Essentially, this attribute allows stakeholders to have a "virtual lane" within a high-throughput blockchain to ensure their transactions can be included.
a16z: The True Meaning of Strong Chain Quality, Block Space Should Not Be Monopolized
Essentially, this attribute allows stakeholders to have "virtual lanes" within a high-throughput blockchain, ensuring that their transactions can be included.
2% user contribution, 90% trading volume: The real picture of Polymarket
Is Polymarket a battleground for retail investors or an arena for institutions?
Trump Can't Take It Anymore, 5 Signals of the US-Iran Ceasefire
From Oil Prices and Elections to Secret Negotiations, Are the US and Iran Really Heading for a Ceasefire?
Judge Halts Pentagon's Retaliation Against Anthropic | Rewire News Evening Brief
The "Orwellian" Term Stymies Pentagon's Supply Chain Risk Label for Anthropic
Midfield Battle of Perp DEX: The Decliners, The Self-Savers, and The Latecomers
Hyperliquid has captured this wave of geopolitical market trends with commodity contracts. Decentralized exchanges are moving from internal competition within the crypto industry to a genuine alternative to traditional financial infrastructure, and this direction has only just begun.
Iran War Stalemate: What Signal Should the Market Follow?
Watch the Bond Market
Rejecting AI Monopoly Power, Vitalik and Beff Jezos Debate: Accelerator or Brake?
Can technological advancement be guided, or has it already gone beyond our control?
Insider Trading Alert! Will Trump Call a Truce by End of April?
Multiple Accounts Accurately Predict War, Earn $1.8 Million
After establishing itself as the top tokenized stock, does Ondo have any new highlights?
The total market capitalization of the global stock market is about $150 trillion, while the tokenized stocks market is currently only $10 billion in size, making it akin to a nascent super market that has just cracked the door open.
BIT Brand Upgrade First Appearance, Hosts "Trust in Digital Finance" Industry Event in Singapore
Discussing topics such as governance standards, compliance frameworks, and operational infrastructure within the context of the institutionalization process
Slow Down, That's the Answer to the Age of the Agent
Rather than worrying about AI, it's better to regain control of pace and judgment
From Cash to Cryptocurrency: Moving Towards a Unified Regulatory Path for Illegal Payments
By establishing a framework based on the principle of "general law" and broadly defining the function of "payment tools," future innovations can be automatically included in the regulatory perspective, thereby breaking the passive cycle of "innovation-regulation-re-innovation-re-regulation" and guid...
Who will own the most Bitcoin in 2026
In this article, we will examine some individuals, companies, and wallets that have become crypto whales based on on-chain data and their own public statements, and investigate the amount of Bitcoin they hold.
A private feud lasting 10 years, if not for OpenAI's "hypocrisy," would not have led to the world's strongest AI company, Anthropic
What shapes the global AI landscape is not only the competition of technological routes but also a personal trauma that has never healed.
"Crypto Tsar" steps down: 130 days of political performance come to an end, how much of Trump's crypto promise remains?
The encryption czar has left, and Trump has muted.
From Utopian Narratives to Financial Infrastructure: The "Disenchantment" and Shift of Crypto VC
Financial infrastructure is the real reason that attracts venture capital investment in the cryptocurrency field.
App