Attack on LiteLLM: Why pip install betrayed you and requirements.txt saved you

postmaster@mlazzarotto.it (Marco Lazzarotto) — Wed, 25 Mar 2026 00:00:00 +0100

Introduction: The Illusion of Security in an Innocent Command

Who doesn’t know the pip command? It’s one of the most used commands for anyone developing in Python or regularly using open-source software distributed on the PyPi repository. pip is that command that (at least in my experience) never disappoints and is practically essential (though it’s recently been giving way to other tools like Poetry and uv) for anyone needing to install libraries for Python development. But sometimes, this sense of security can lead us into a nasty trap.

Boosting Seafile Security: Hiding Login Fields When Using SSO

postmaster@mlazzarotto.it (Marco Lazzarotto) — Sat, 26 Apr 2025 00:00:00 +0000

When it comes to securing your Seafile instance, the small details make a world of difference. Today, I’m sharing a simple yet powerful security enhancement that takes just minutes to implement but provides significant protection for your data fortress.

If you’ve set up Single Sign-On (SSO) with services like Authentik or Authelia for your Seafile instance, congratulations! You’ve taken a major step toward improving your security posture. However, there’s a sneaky vulnerability that often goes unaddressed.

Security on Marco Lazzarotto

Attack on LiteLLM: Why pip install betrayed you and requirements.txt saved you

Introduction: The Illusion of Security in an Innocent Command

Boosting Seafile Security: Hiding Login Fields When Using SSO

Boosting Seafile Security: Hiding Login Fields When Using SSO

The Problem: Dual Login Methods Create Risk