LiteLLM v1.82.8 Compromise Uses .pth File for Persistent Execution

Compromise Details
LiteLLM versions 1.82.7 and 1.82.8 were compromised on PyPI last week. The v1.82.8 payload is particularly concerning because it uses a .pth file in site-packages that executes arbitrary code on every Python process startup.
Python's site.py processes .pth files at interpreter startup, and any line starting with 'import' is executed. This means the malicious code runs even if you have LiteLLM installed as a transitive dependency and never import or use it directly.
Impact and Distribution
According to Wiz data, LiteLLM is present in 36% of cloud environments as a transitive dependency. It gets pulled in by:
- AI agent frameworks
- MCP servers
- LLM orchestration tools
Response and Hardening
The source includes a hardening guide covering this specific vulnerability and nine other measures related to the broader TeamPCP supply chain campaign. The Python/AI engineer quick start section outlines three immediate actions to take this week.
For detailed mitigation steps and the full hardening guide, refer to the advisory at: https://raxe.ai/labs/advisories/RAXE-2026-045
📖 Read the full source: r/LocalLLaMA
👀 See Also

820 Malicious Skills Found in OpenClaw's ClawHub Marketplace
Security researchers identified 820 skills in OpenClaw's ClawHub marketplace containing confirmed malware including keyloggers, data-exfiltration scripts, and hidden shell commands. These skills can execute code and interact with the local environment, creating supply-chain security risks.

Malwar: A Vulnerability Scanner for SKILL.md Files Built with Claude Code
A developer has released Malwar, a free tool that scans SKILL.md files for malicious instructions using a 4-layer pipeline including a rule engine, URL crawler, LLM analysis, and threat intel. The tool was built entirely with Claude Code after the developer found concerning patterns like Base64 blobs and instructions to pipe curl output to bash in existing skills.

Claude Code CVE-2026-39861: Sandbox Escape via Symlink Following
A high-severity vulnerability in Claude Code's sandbox allows arbitrary file write outside the workspace via symlink following, potentially leading to code execution.

Hidden Audio Signals Hijack Voice AI Systems with 79-96% Success Rate
Research shows imperceptible audio clips can force LALMs to execute unauthorized commands like web searches, file downloads, and email exfiltration with 79-96% success across 13 models including Mistral and Microsoft services.