Latest news

Critical HuggingFace Transformers Flaw CVE-2026-4372 Enables Silent RCE — 232 Million Installs at Risk
AI

Critical HuggingFace Transformers Flaw CVE-2026-4372 Enables Silent RCE — 232 Million Installs at Risk

8 June 2026 dark6

A critical RCE vulnerability in HuggingFace Transformers (CVE-2026-4372) allows attackers to silently execute code by loading a malicious AI model,...
Read more 0
JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain
Malware

JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain

30 May 2026 dark6

Threat actor JINX-0164 is targeting cryptocurrency developers via fake LinkedIn profiles, luring them into downloading custom macOS malware (AUDIOFIX and...
Read more 0
AI Supply Chain Attack: 575+ Malicious Skills on Hugging Face and ClawHub Deliver Trojans, Cryptominers, and AMOS Stealer
AI

AI Supply Chain Attack: 575+ Malicious Skills on Hugging Face and ClawHub Deliver Trojans, Cryptominers, and AMOS Stealer

9 May 2026 dark6

Threat actors have uploaded 575+ malicious AI skills to ClawHub's OpenClaw ecosystem and abused Hugging Face repositories to deliver trojans,...
Read more 0