Risky Business #830: LiteLLM and Security Scanner Supply Chains Compromised, iOS Exploit Kit Hits Millions
This week's Risky Business podcast covers a wave of supply-chain attacks including a PyPI compromise of LiteLLM and malware injected into Checkmarx KICS GitHub Action tags, alongside an iOS exploit kit targeting hundreds of millions of iPhones.
The latest episode of the Risky Business podcast (#830), hosted by Patrick Gray with Adam Boileau and James Wilson, delivers a sweeping roundup of the most consequential cybersecurity events of the week. Headlining the show are multiple supply-chain compromises that hit both AI infrastructure and security tooling, alongside a widely circulated exploit kit that puts hundreds of millions of iPhones at risk.
At the top of the agenda is the PyPI supply-chain attack on LiteLLM, a popular open-source library that provides a unified interface for accessing more than 100 large language models. Former Tesla AI director Andrej Karpathy Andrej flagged the incident on X on 25 March, stating that the malicious package was designed to steal environment variables and API keys from any development or production environment that installed the compromised version. The attack underscores the growing appetite among threat actors for compromising AI supply chains, especially those that grant access to powerful language model endpoints.
A second supply-chain incident highlights the checkMarx KICS GitHub Action compromise. Attackers managed to inject malware into all git tags of the official KICS repository, meaning that any CI/CD pipeline referencing the action would pull down malicious code. Checkmarx has since issued guidance to purge cached versions. This incident follows the pattern of the Shai-Hulud worm attacks on NPM noted earlier in the month, demonstrating that security tools themselves are increasingly high-value targets for supply-chain attackers.
Also discussed is a new iOS exploit kit found circulating in the wild, capable of compromising hundreds of millions of iPhones. The kit, which appears to exploit previously unknown vulnerabilities, was publicly leaked, dramatically lowering the barrier for low-sophistication attackers. Separately, Russia-linked hackers have been observed using an advanced iPhone exploit to target Ukrainian users, indicating state-level interest in iOS zero-days. Apple has responded by rolling out its first 'background security' update for iPhones, iPads, and Macs to fix a Safari bug, though the company has not officially linked this patch to the leaked exploit kit.
The show also covers the aftermath of the Stryker device mass-wipe incident, where a pro-Iran hacktivist group wiped thousands of medical devices. CISA has since urged companies to secure Microsoft Intune systems by implementing additional controls such as conditional access policies and stricter device enrollment limits. The FBI has reportedly seized a website tied to the Iranian cyberattacks, and Stryker confirmed that the incident is now contained and restoration is underway.
Other notable stories include the FCC's decision to ban the import of consumer-grade routers amid national security concerns, citing risks from state-backed supply-chain interference. The White House has cooled speculation about issuing cyber 'letters of marque' to private actors. Additionally, the arrest of Supermicro's founder for allegedly smuggling $2.5 billion in Nvidia GPUs to China highlights ongoing concerns about export controls and hardware supply chains.
This episode is sponsored by enterprise browser maker Island, whose Chief Customer Officer Bradon Rogers joined the show to discuss how customers are using Island to control the use of personal AI services in regulated industries — tying directly into the theme of securing AI tooling that runs throughout this week's supply-chain news.