latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...
The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...
InfoWorld

LiteLLM: An open-source gateway for unified LLM access

LiteLLM allows developers to integrate a diverse range of LLM models as if they were calling OpenAI’s API, with support for fallbacks, budgets, rate limits, and real-time monitoring of API calls. The ...
Hosted on MSN

LiteLLM just fell to a full-chain Pwn2Own exploit combining SSRF and code injection — researchers took full system control

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise traffic to large language model providers, and walked away with arbitrary ...

Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next

SearchLeak and a three-CVE LiteLLM chain broke the same AI trust boundary in two weeks. A 5-check audit maps each gap to a ...
Geeky Gadgets

Simplify Your AI Projects with LiteLLM’s Unified API Solution

Navigating the ever-expanding world of large language models (LLMs) can feel like juggling too many pieces of a puzzle. Each provider has its own quirks—unique APIs, syntax variations, and specific ...
heise online

Supply chain attack on LiteLLM: Affected parties should change credentials

An attack on the open-source library for connecting to LLMs has apparently occurred, allowing two compromised packages to steal credentials. The LiteLLM development team has announced a security ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...