litellm, a famous python package got compromised and it executes on your system without even importing it — cloud creds, SSH keys, K8s secrets, crypto wallets, env vars and what not, all exfiltrated to the attacker's server.

Full technical analysis: https://safedep.io/malicious-litellm-1-82-8-analysis/