
Emergency Episode: The PyPI Software Supply Chain Attack You Need to Know About
From The Backup Wrap-Up by W. Curtis Preston (Mr. Backup)
March 26, 2026 · 56 min
About this episode
The episode discusses a serious PyPI software supply chain attack affecting the LiteLLM library and its implications for developers.
A PyPI software supply chain attack hit LiteLLM — a library pulled into developer environments 97 million times a month — and if you use it, you may already be compromised. This wasn't a fake package or a typo-squatting trick. Attackers stole real credentials, published malicious code as the real thing, and walked out with SSH keys, cloud credentials, Kubernetes tokens, API keys, and more — all encrypted and sent home before anyone knew what happened. I'm doing something I've never done before: an emergency episode, recorded and published immediately because this is that serious. I brought in Dr. Mike Saylor, co-author of our book Learning Ransomware Response and Recovery , and my co-host Prasanna Malaiyandi to break down exactly what happened, how to find out if you were hit, and what you need to do to protect yourself going forward. We open with a story from 1982 that perfectly captures what this attack really is — getting poisoned by something you trusted completely. That framing matters. This wasn't a failure of the library. It was a failure of the supply chain. And it can happen again. Chapters: 00:00:00 - Intro: Why this is an emergency episode 00:01:35 - Meet the guests…
People in this episode
Host: W. Curtis Preston
Guests: Dr. Mike Saylor, Prasanna Malaiyandi
Topics covered
- software supply chain attack
- LiteLLM
- malicious code
- security
- developer environments
- credentials theft
Keywords
- PyPI
- LiteLLM
- software supply chain
- malware
- security breach
- SSH keys
- cloud credentials
- Kubernetes tokens
Mentioned in this episode
Organizations: LiteLLM, Kubernetes, API
Books & works: Learning Ransomware Response and Recovery
More episodes of The Backup Wrap-Up
- California Election Counting Explained by an Actual Poll Worker · June 8, 2026 · 25 min
- Stop 90% of Ransomware Attacks with Basic Cyber Hygiene · May 25, 2026 · 40 min
- Claude Deletes a Company — But It's Not Really Claude's Fault · May 18, 2026 · 40 min
- How Honeypots and Canary Files Catch Attackers Before They Strike · May 11, 2026 · 34 min
- Network Segmentation to Prevent Ransomware: What the UCSF Attack Taught Us · May 4, 2026 · 47 min
- Stop Using VSS as a Backup Before Ransomware Deletes Your Shadow Copies · April 27, 2026 · 37 min
Explore listener stats, chart rankings, contacts and more on the The Backup Wrap-Up podcast page.