Malicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration Backend
A malicious npm package has weaponized Hugging Face's AI platform to distribute malware and steal sensitive data from unsuspecting developers.
Stay updated with the latest cybersecurity news, threat intelligence, and industry updates from secure.com.
A malicious npm package has weaponized Hugging Face's AI platform to distribute malware and steal sensitive data from unsuspecting developers.
Vercel has uncovered additional compromised customer accounts following the Vercel security breach that granted attackers access to internal systems.
Dateline: April 22, 2026 One bad download. One overpermissioned app. Thousands of developers on edge. Vercel, the platform behind Next.js and one of the most widely...
A live Axios npm supply chain attack is putting over 100 million weekly downloads at risk after malicious versions were pushed directly to the registry.
Claude Mythos, Anthropic's restricted AI capable of discovering zero-day exploits, was accessed by unauthorized users through a contractor's credentials on April 7, the same day it...
The Mirax Android RAT has infected over 220,000 Meta platform accounts through malicious ads targeting Spanish-speaking users.
Anthropic's latest AI disclosure has cybersecurity experts debating the emerging AI cybersecurity threat landscape.
Dateline: April 14, 2026 Introduction The U.S. Cybersecurity and Infrastructure Security Agency added six security vulnerabilities to its Known Exploited Vulnerabilities catalog Monday, warning that attackers...
OpenAI revoked its macOS app certificate after a compromised Axios library infiltrated its GitHub Actions workflow on March 31.
A critical pre-authentication RCE flaw in Marimo is being actively exploited to steal credentials and any unpatched instance reachable from the internet is already a live...
A critical Juniper Networks default password vulnerability allows remote attackers to completely take over network devices without any authentication.
Amazon Web Services launched Amazon S3 Files, allowing organizations to access S3 buckets through traditional file system interfaces.