12:00
2026-05-28
safedep.io
ai-infrastructure
Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace
A malicious npm package called `js-logger-pack` evolved through 29 versions on the registry from April 2026 into a full remote access trojan that deploys an 81 MB binary named `MicrosoftSystem64` on Wโฆ