Malicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration Backend

Exploits

Rogue npm package js-logger-pack abuses Hugging Face to deliver malware and store stolen data via hidden postinstall scripts. 

BladeOne
BladeOne

Latest articles

Previous article
US Cyber Agency Warns About China Threats in Compromised Devices
Next article
Trump’s pick to run US cyber agency CISA asks to drop out

Related articles