Tagged with

PyPI’s Silent Killer: How a .pth File Stole Your Secrets Without a Single Import

The Litellm supply chain attack reveals a devastating blind spot in Python’s dependency model, malicious code that executes before you even import the package.