LiteLLM 1.82.7, 1.82.8 hit PyPI with malware

This is the kind of supply-chain hit that turns a convenience layer into a blast-radius amplifier: LiteLLM often sits between apps, API keys, and cluster access, so one poisoned wheel can expose far more than a single Python environment.

• –The report says the wheel was uploaded straight to PyPI and runs from `litellm_init.pth`, so normal install-time trust assumptions fail.
• –LiteLLM commonly handles `.env` files, cloud credentials, and Kubernetes access, which makes this a secrets-management incident as much as a package compromise.
• –Defenders should assume compromise if they installed or upgraded on March 24, 2026: purge `pip`/`uv` caches, re-image CI runners, and inspect `~/.config/sysmon/sysmon.py`, `~/.config/systemd/user/sysmon.service`, and suspicious `kube-system` pods.
• –For AI infra teams, hash pinning, internal mirrors, and release-channel quarantine should be mandatory for PyPI dependencies on the critical path.