Security News > 2024 > February > New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
2024-02-27 10:18
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any models that are submitted
News URL
https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html
Related news
- 20% of Generative AI ‘Jailbreak’ Attacks Succeed, With 90% Exposing Sensitive Data (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- From Misuse to Abuse: AI Risks and Attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)