frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised

6•dot_treo•1h ago
About an hour ago new versions have been deployed to PyPI.

I was just settingup a new project, and things behaved weirdly. My laptop ran out of RAM, it looked like a forkbomb was running.

I've investigated, and found that a base64 encoded blob has been added to proxy_server.py.

It writes and decodes another file which it then runs.

I'm in the process of reporting this upstream, but wanted to give everyone here a headsup.

It is also reported in this issue: https://github.com/BerriAI/litellm/issues/24512

Comments

bfeynman•1h ago
pretty horrifying. I only use it as lightweight wrapper and will most likely move away from it entirely. Not worth the risk
dot_treo•47m ago
Even just having an import statement for it is enough to trigger the malware in 1.82.8.

Journalist Security Checklist: Preparing Devices for Travel Through a US Border

https://www.eff.org/deeplinks/2025/06/journalist-security-checklist-preparing-devices-travel-thro...
1•ColinWright•56s ago•0 comments

Scrapping business class could halve aviation emissions – new study

https://theconversation.com/scrapping-business-class-could-halve-aviation-emissions-new-study-275474
1•PaulHoule•1m ago•0 comments

OpenClaw lands in WeChat, signaling a new era of AI agents in messaging

https://www.digitimes.com/news/a20260323VL204/tencent.html
1•alephnerd•2m ago•0 comments

Hopscotch grid – a different way to visualize progress in ordered systems

https://www.npmjs.com/package/hopscotch-grid
1•GrouchyPanda•3m ago•1 comments

Why Disable_DDL_transaction Migrations in Rails Should Only Have One Statement

https://www.tbds.fr/en/blog/rails-disable-ddl-transaction-single-statement
2•HollowMan•3m ago•0 comments

Show HN: JSON-io – Java library for JSON, JSON5, and TOON (40% fewer LLM tokens)

1•jdereg•4m ago•0 comments

Dear Europe: Germany has shown the way forward

https://blog.documentfoundation.org/blog/2026/03/23/dear-europe/
2•taubek•4m ago•0 comments

Sports Formal and Informal: Generational and Socioeconomic Status Differences

https://www.tandfonline.com/doi/full/10.1080/01490400.2026.2620528
1•PaulHoule•5m ago•0 comments

Show HN: Streamhouse – all-in-one event streaming for startups

https://streamhouse.app
1•gbram•5m ago•0 comments

Electromagnetism Runs the World

https://www.notboring.co/p/electromagnetism-secretly-runs-the
2•pranade•6m ago•1 comments

A free tool for bot and AI agent developers to validate their Web Bot Auth setup

https://fingerprint.com/blog/web-bot-auth-guide/
1•valve1•6m ago•0 comments

Library of Juggling (2015)

https://libraryofjuggling.com/Home.html
1•bookofjoe•7m ago•0 comments

AccessPatch just launched on Product Hunt – would love your support

https://www.indiehackers.com/post/accesspatch-just-launched-on-product-hunt-would-love-your-suppo...
1•izajahmad•9m ago•1 comments

EU broadcasters say smart TVs and voice assistants are the next gatekeepers

https://www.theregister.com/2026/03/24/smart_tvs_gatekeepers_eu/
2•Brajeshwar•12m ago•0 comments

Most Cities Are Worse at Filling Potholes Than New York City

https://www.governance.fyi/p/your-city-is-worse-at-filling-potholes
2•daveland•13m ago•0 comments

Oil traders bet millions minutes before Trump's Iran talks post

https://www.bbc.co.uk/news/articles/cg547ljepvzo
4•hermitcrab•14m ago•1 comments

Self-propagating malware wipes Iran-based machines

https://arstechnica.com/security/2026/03/self-propagating-malware-poisons-open-source-software-an...
2•danousna•15m ago•0 comments

Show HN: Lambda 0.2 – a func language better than TypeScrip, jq and jQuery

https://github.com/henry-luo/lambda
2•henryluo•16m ago•2 comments

Claude and the Keys to the Castle

https://www.dtlarson.com/keys-to-the-castle
1•derek-larson•17m ago•0 comments

Your bridge to wealth is being pulled up

https://danielhomola.com/m%20&%20e/ai/your-bridge-to-wealth-is-being-pulled-up/
20•second_reef•17m ago•0 comments

Microslop stuffs AI photo restyling powers into OneDrive

https://www.theregister.com/2026/03/24/onedrive_ai_restyle/
1•jjgreen•17m ago•0 comments

Sandboxing AI agents, 100x faster

https://blog.cloudflare.com/dynamic-workers/
3•kentonv•18m ago•0 comments

Show HN: I designed a 24-trit balanced ternary RISC processor on FPGA

https://zenodo.org/records/18881738
1•claudio_mos•19m ago•1 comments

Krita 5.3/6.0 Released

https://krita.org/en/release-notes/krita-5-3-release-notes/
2•EspadaV9•20m ago•0 comments

Burn0 – Track every API cost in your Node.js app with one import

https://github.com/burn0-dev/burn0
1•mhabeebur•20m ago•1 comments

I built a $5.99 alternative to CleanMyMac because I was tired of paying $40/yr

https://onclean.onllm.dev/
1•TusharShukla•20m ago•2 comments

Show HN: Think Fast. Type Faster

https://wordsnap.up.railway.app/
1•oyahud•22m ago•0 comments

Everyone can build now. Few know what to build

https://microfactory.dev/preamble
1•pless•22m ago•0 comments

AgentMint – Runtime enforcement for AI agent tool calls

https://github.com/aniketh-maddipati/agentmint-python
1•keertahacker•22m ago•1 comments

Show HN: ReceiptMatrix – Local-only receipt organizer for Mac freelancers

https://receiptmatrix.app/
2•michaelboling•23m ago•0 comments