I don’t see anything here about LightLLM or its compromise. So, hopefully, none of the Universal Blue projects used it. And, I hope no one here got bit by this. Anyway, from:
On March 24, 2026, security researcher isfinne discovered that LiteLLM version 1.82.8—the most popular open-source LLM proxy in the Python ecosystem, with approximately 97 million monthly downloads—contained credential-stealing malware published to PyPI. Within hours, version 1.82.7 was confirmed to carry a similar payload through a different injection method. The attack was traced to TeamPCP, a threat actor conducting a coordinated multi-week supply chain campaign that had previously compromised Aqua Security’s Trivy scanner and Checkmarx’s GitHub Actions. The entire LiteLLM package has been quarantined on PyPI.
The article also contains information on who would be affected by this and how to mitigate things.