BEGIN:VCALENDAR
PRODID:-//Microsoft Corporation//Outlook 12.0 MIMEDIR//EN
VERSION:2.0
METHOD:PUBLISH
X-MS-OLK-FORCEINSPECTOROPEN:TRUE
BEGIN:VEVENT
CLASS:PUBLIC
CREATED:20260408T024606Z
DESCRIPTION:Three hours. That's how long a compromised version of LiteLLM was available before anyone noticed, and in that window over 120,000 installs pulled down malware that harvested SSH keys, cloud credentials, and Kubernetes secrets. The kicker? The attackers got in through Trivy, a vulnerability scanner that thousands of organizations trust as part of their defensive infrastructure. We've entered an era where threat actors aren't just attacking through the supply chain. They're specifically targeting the tools we use to defend ourselves, then riding those trust relationships deeper into our environments.\nI'll walk through what's actually happening in these attacks, why traditional supply chain security approaches aren't enough, and (more importantly) what practical defenses are working. We'll cover dependency verification, pipeline hardening, secrets management patterns that survive a compromised tool, and how organizations are applying least-privilege and segmentation principles to their development infrastructure. The threat is real, but the good news is we already know most of the defensive principles. We just haven't applied them to the right places yet.\n
DTSTART:20260410T150000
DTEND:20260410T160000
DTSTAMP:20260408T024606Z
LOCATION:Online
PRIORITY:5
SEQUENCE:0
SUMMARY;LANGUAGE=es-es:Tecnowebinars.com - :: LiteLLM: When Tools Become an Attack Surface—Supply Chain Attacks, CI/CD, and What to Actually Do About It
TRANSP:OPAQUE
UID:0487f1cbc0651ab3b2b3d437453fcc8f Tecnowebinars.com
X-MICROSOFT-CDO-BUSYSTATUS:BUSY
X-MICROSOFT-CDO-IMPORTANCE:1
X-MICROSOFT-DISALLOW-COUNTER:FALSE
X-MS-OLK-ALLOWEXTERNCHECK:TRUE
X-MS-OLK-AUTOFILLLOCATION:FALSE
X-MS-OLK-CONFTYPE:0
BEGIN:VALARM
TRIGGER:-PT1440M
ACTION:DISPLAY
DESCRIPTION:Reminder
END:VALARM
END:VEVENT
END:VCALENDAR