HuggingFace Used in DPRK npm Supply Chain Attack
A DPRK-linked supply chain attack plants a RAT via npm packages and routes all stolen credentials to private HuggingFace datasets. Two AI developer victims confirmed May 28 2026.
A DPRK-linked supply chain attack plants a RAT via npm packages and routes all stolen credentials to private HuggingFace datasets. Two AI developer victims confirmed May 28 2026.