Malicious npm Package Hijacks Hugging Face for Malware Delivery
Malicious npm package js-logger-pack is now abusing Hugging Face not just as a malware CDN, but also as a live exfiltration backend for stolen data, turning a popular AI platform into part of a full-featured cross‑platform implant chain. Earlier campaign phases already used Hugging Face as a simple
ORIGINAL SOURCE →via GBHackers Security
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] UK warns of Chinese hackers using proxy networks to evade detection
- [CYBER] VirusTotal, 0 detections but sandbox result shows OS Credential Dumping = false positive or malware?
- [CYBER] [Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
- [CYBER] Defending Against China-Nexus Covert Networks of Compromised Devices
- [CYBER] El-Rufai pleads not guilty to amended wiretapping charges
- [CYBER] GitLab Fixes Flaws That Could Allow Attackers to Hijack User Sessions