A malicious release of litellm version 1.82.8 was published to PyPI on March 24, 2026.
The package contains a hidden .pth file that executes on every Python interpreter startup, spawning a subprocess that triggers the same .pth again, creating an exponential fork bomb.
The malware harvests credentials (SSH keys, cloud provider tokens, Kubernetes configs, environment variables, etc.), encrypts them with a hard‑coded RSA key, and exfiltrates them to a malicious domain.
The package contains a hidden .pth file that executes on every Python interpreter startup, spawning a subprocess that triggers the same .pth again, creating an exponential fork bomb.
The malware harvests credentials (SSH keys, cloud provider tokens, Kubernetes configs, environment variables, etc.), encrypts them with a hard‑coded RSA key, and exfiltrates them to a malicious domain.
The Black Lotus Labs team at Lumen has discovered KadNap, a sophisticated malware targeting Asus routers and conscripting them into a botnet used for proxying malicious traffic. KadNap utilizes a custom Kademlia DHT protocol to conceal its infrastructure and evade detection, making disruption difficult. The botnet, with over 14,000 infected devices, is marketed through a proxy service called "Doppelganger", linked to the previously known Faceless service. A significant portion of the victims (60%) are located in the United States. Lumen has proactively blocked traffic to KadNap’s control infrastructure and is sharing indicators of compromise.
The first-ever malicious Model-Context-Prompt (MCP) server, a trojanized npm package named `postmark-mcp`, has been discovered exfiltrating sensitive data from users’ emails. The package copied every email processed to a server controlled by the attacker.
A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, with over 100,000 still compromised as of late 2023. The findings come from cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware campaigns for financial gain.
