Security News > 2024 > February > New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
2024-02-27 10:18
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any models that are submitted
News URL
https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) (source)
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- When AI attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (source)