Security Alert: Compromised Python Package – litellm

/in , , , /by

Dear NSCC Users,

We wish to inform you that two malicious versions of the Python package litellm (v1.82.7 or v1.82.8) was found on PyPI.

These tampered versions contained hidden code that runs automatically every time Python starts without needing to import the package. The malicious code was heavily obfuscated and designed to steal sensitive data, including environment variables, SSH keys, and cloud credentials, and transmit them to an attacker-controlled server.

Full details from the LiteLLM developer: https://docs.litellm.ai/blog/security-update-march-2026

Am I Affected?

You are likely affected if you performed any of the following actions between 24 March 2026 18:39 SGT and 25 March 2026 00:00 SGT:

  • Manual Install: Installed or upgraded litellm via pip.
  • Unpinned Versions: Ran `pip install litellm` which was not pinned to a specific version, resulting in the download of v1.82.7 or v1.82.8
  • Docker Builds: Built a Docker image during this window using `pip install litellm`.
  • Transitive Dependency: Used AI frameworks (e.g., CrewAI, LangChain, or MCP servers) that automatically pulled in litellm as a sub-dependency.

Immediate Actions Required:

  • Verify Installed Versions
    • ​​Run the following command in your terminal or environment:
      pip show litellm
      or
      pip list | grep litellm

    • If you have v1.82.7 or v1.82.8 installed, proceed to the next step.
  • Remove or Downgrade
    • Uninstall the compromised version:
      pip uninstall litellm

    • To resume your work safely, downgrade to a safe version:
      pip install litellm==1.82.6

  • Rotate Your Credentials
    • If you were running an affected version, assume all secrets in that environment are compromised.
    • Rotate any environment variables, SSH keys, API keys, and cloud credentials accessible from that environment.

Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at[email protected].

Thank you.

Warm regards,
The NSCC Team

[Resolved] Network Disruption for NTU Users Accessing ASPIRE 2A & ASPIRE 2A+​

/in , , , /by

Dear NTU Users,

We are pleased to inform you that the issue with the network disruption has been resolved. You may proceed to login to the ASPIRE 2A and ASPIRE 2A+ systems as per normal.

If you have any questions or require assistance, please contact the NSCC Helpdesk via the Service Desk Portal or email us at [email protected].

Thank you for your understanding.

Warm regards,
The NSCC Team

 

Network Disruption for NTU Users Accessing ASPIRE 2A & ASPIRE 2A+​

/in , , , /by

Dear NTU Users,

We would like to inform you that there is currently a network disruption affecting access to the ASPIRE 2A and ASPIRE 2A+ systems. The NTU team is working closely with NSCC to resolve the issue as soon as possible.

Cause of Disruption:
Network connectivity issue between NSCC and NTU.


Impact of the Disruption:
All NTU users are unable to access the ASPIRE 2A and ASPIRE 2A+ system.


If you have any questions or require assistance, please contact the NTU Helpdesk via [email protected].

Thank you for your understanding.

Warm regards,
The NSCC Team

Urgent Scheduled Maintenance of Job and Visualization Portals for ASPIRE 2A & ASPIRE 2A+

/in , , , /by

Dear NSCC Users,

We wish to inform you of an upcoming urgent scheduled system maintenance for the Job and Visualization portals of ASPIRE 2A and ASPIRE 2A+ to patch security vulnerabilities and ensure their long-term reliability, security, and stability.

Maintenance Details:

  • Start: 17 March 2026 (Tuesday), 9:00 AM SGT
  • End: 17 March 2026 (Tuesday), 11:00 AM SGT
  • Duration: 2 hours

Purpose:

  • To upgrade the Altair Access components to patch the security vulnerabilities.

Impact During the Maintenance Period:

  • During the maintenance window, users will not be able to log in to the Job and Visualization portals of ASPIRE 2A and ASPIRE 2A+.
  • You may continue to access the HPC systems via your respective institution’s login nodes.

We apologise for any inconvenience this may cause and thank you for your understanding. Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected].

Thank you.

Warm regards,
The NSCC Team

[Completed] Urgent Scheduled Maintenance for NSCC VPN Service on 23 January, 2PM to 6PM

/in , , , /by

Dear NSCC Users,

We are pleased to announce that the urgent scheduled system maintenance for NSCC VPN Service has been completed. 


Follow-up Action After the Maintenance:
To avoid authentication issues after the upgrade, please ensure your Duo Mobile app is updated to version 4.85.0 or later by 6 February 2026 (Thursday).

Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected].

Thank you.

Warm regards,
The NSCC Team

Urgent Scheduled Maintenance for NSCC VPN Service on 23 January, 2PM to 6PM

/in , , , /by

Dear NSCC Users,

We wish to inform you of an upcoming urgent scheduled system maintenance for NSCC VPN Service to enhance its long-term reliability, uptime, and stability.

Maintenance Details:

  • Start: 23 January 2026 (Friday), 2:00 PM SGT
  • End: 23 January 2026 (Friday), 6:00 PM SGT
  • Duration: 4 hours

Purpose:
To upgrade the Duo Authentication components to meet the required minimum supported version.


Impact During the Maintenance Period:

  • During the maintenance window, users will not be able to log on to the NSCC VPN client.
  • Existing VPN sessions established before 2:00 PM SGT will remain active. Users on those sessions will continue to have access to the HPC systems via VPN during the maintenance period.
  • You may continue to access the HPC systems via your respective institution’s login nodes.


Follow-up Action After the Maintenance:
To avoid authentication issues after the upgrade, please ensure your Duo Mobile app is updated to version 4.85.0 or later by 6 February 2026 (Thursday).

Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected].

Thank you.

Warm regards,
The NSCC Team

[Completed] ASPIRE 2A and ASPIRE 2A+ Scheduled System Maintenance from 3 Dec 2025, 9am to 8 Dec 2025, 1pm

/in , , , /by

 
Dear Users,

We are pleased to announce that the ASPIRE 2A and ASPIRE 2A+ scheduled system maintenance has been completed. You may proceed to use the systems as per usual.
 
Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected].
 

Thank you.

Warm regards,

The NSCC Team

 

ASPIRE 2A and ASPIRE 2A+ Scheduled System Maintenance from 3 Dec 2025, 9am to 8 Dec 2025, 1pm

/in , , , /by

 
Dear Users,
 
Please note that the ASPIRE 2A and ASPIRE 2A+ systems will be undergoing a scheduled system maintenance from 3 Dec 2025, 9am to 8 Dec 2025, 1pm​. The scheduled system maintenance is to ensure long term reliability, uptime and stability of the systems. 
 
Do take note of the following dates. 

 

ASPIRE 2A Maintenance activities:
  1. GPFS Storage Upgrade.
  2. ClusterStor (Lustre) Upgrade
  3. PBS Pro Version Upgrade to 2025.2.
  4. Firmware Upgrade
  5. Faulty Hardware Replacement
  6. CDU Maintenance.
  7. System Health Check.
ASPIRE 2A+ Maintenance activities:
  1. Lustre Parallel Filesystem Storage Firmware and Software Update.
  2. Nvidia GPU Driver Update.
  3. PBS Pro Version Upgrade to 2025.2.
  4. System Health Check.

Thank you.

Warm regards,

The NSCC Team

 

ASPIRE 2A+: Expect Longer Wait Times for Large Jobs from 14 Oct 2025, 6:00 PM (SGT)​

/in , /by

Dear ASPIRE 2A+ Users,

Please note that starting from 14 October 2025 (Tuesday), 6:00 PM (SGT), a project reservation will temporarily reduce the general resource pool in the ASPIRE 2A+ system.

Impact:

  • Large jobs (More than 8 GPUs): Expect longer queue wait times.
  • Small jobs (1–8 GPUs): No impact.

Tips:

  • To reduce delays, please enable checkpointing or pre-emption where possible.
  • Users are encouraged to schedule job runs between 6:00 PM to 10:00 AM to leverage off-peak hours, which may result in shorter queue times.

Thanks for your patience and cooperation. Kindly look out for updates via the MOTD or email announcement if there are any changes to the arrangement.

Should you have any questions or need assistance, please contact our Helpdesk via the Service Desk Portal or email us at [email protected].

Thank you.

Warm regards,
The NSCC Team

Security Notice: Upgrade NVIDIA Nemo and Framework to the Updated Version

/in , , , /by

Dear Users,

 

Multiple high-severity code-injection vulnerabilities have been identified in NVIDIA NeMo Framework and NeMo Curator. If you are using the affected products listed below, please upgrade to the recommended versions by 8 October 2025.

Affected Products

Platform or OS

Affected Versions

Updated Version

NVIDIA NeMo Framework

Windows, Linux, macOS

All versions prior to 2.4.0

2.4.0

NVIDIA NeMo Curator

Windows, Linux, macOS

All versions prior to Curator 25.07

Curator 25.07

For more information on NVIDIA’s security updates, please refer to their official advisories:

 

Please contact our Helpdesk via the Service Desk Portal or email us at [email protected] if you have any questions.

 

Thank you.

Warm regards,

The NSCC Team