litellm@1.82.8 package was hijacked on PyPI through a compromised maintainer account

Compromised by malicious code inserted by the TeamPCP/Lapsus$ hacking group, leading to a widespread supply-chain attack affecting thousands of companies.

Malicious version 1.38.2 of LiteLLM was uploaded to PyPI containing code to steal API keys and credentials

PyPI quarantined the LiteLLM package after a supply chain attack compromised the AI integration tool