The Hacker News
@thehackernews
⚠️ A compromised AI library exposed developer machines.
1,705 packages pulled infected LiteLLM versions, harvesting SSH keys and cloud creds from local systems via dependencies.
It worked because secrets sit in plaintext across files and tools.
�� How one dependency exposed thousands of environments → https://thehackernews.com/2026/04/how-litellm-turned-developer-machines.html
1,705 packages pulled infected LiteLLM versions, harvesting SSH keys and cloud creds from local systems via dependencies.
It worked because secrets sit in plaintext across files and tools.
�� How one dependency exposed thousands of environments → https://thehackernews.com/2026/04/how-litellm-turned-developer-machines.html
🤯 8
🔥 6
👍 1
15 5.8K
Обсуждение 0
Обсуждение не доступно в веб-версии. Чтобы написать комментарий, перейдите в приложение Telegram.
Обсудить в Telegram