According to @galnagli on X, a malicious update chain linked from a prior Trivy compromise led to LiteLLM versions 1.82.7 and 1.82.8 shipping an infostealer that exfiltrated credentials to a command and control domain models.litellm.cloud, putting tens of thousands of environments at risk; as reported by the BerriAI LiteLLM maintainers on GitHub issue #24512, affected users should rotate API keys and credentials immediately, audit outbound traffic to the noted C2, and pin trusted versions to break the compromise loop across AI infrastructure. According to @ramimacisabird, the incident demonstrates cascading open source supply chain risk where stolen secrets from AI application layers can trigger the next breach, emphasizing the need for reproducible builds, registry signing, SBOMs, and secret-scoping for LLM connectors in production.