10:14
2026-05-29
safedep.io
ai-safety
A Supply Chain Rat Exfiltrating to HuggingFace
A malicious npm package called `js-logger-pack` evolved through 29 versions into a full remote access trojan (RAT) named `MicrosoftSystem64` that exfiltrates stolen data to attacker-controlled Huggingβ¦