Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Hugging Face shared-loader supply chain campaign

Campaign
First reported
Last updated
Happening score
H score 36
2 unique sources, 2 articles

Summary

Hide ▲

A Hugging Face repository cluster appears to be part of a broader supply chain campaign that used shared loaders to push a stealer through open-source model downloads. The operation impersonated OpenAI's Privacy Filter, reused similar Python loaders across six more repositories, and relied on deceptive packaging to reach users. That pattern matters because it turns trusted model hubs into malware delivery infrastructure for Windows users.

Related Happenings

OpenAI hit by cyberattack

Incident
First: 14.05.2026 22:07 Last: 14.05.2026 22:07 Sources 1

About this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...

Open Happening

Open-OSS/privacy-filter Hugging Face infostealer activity

Malware Activity
First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

How related: The repository had typosquatted OpenAI's legitimate Privacy Filter release, copied its model card nearly verbatim, and shipped a loader.py file that fetches and executes infostealer malware on Windows machines,

About this happening: A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...

Open Happening

Sefirah infostealer delivered through a malicious Hugging Face repository

Malware Activity
First: 09.05.2026 17:26 Last: 09.05.2026 17:26 Sources 1

About this happening: A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...

Open Happening

Npm typosquatting campaign distributing WinOS 4.0 implant

Campaign
First: 09.05.2026 17:26 Last: 09.05.2026 17:26 Sources 1

About this happening: A **npm typosquatting campaign** distributing the **WinOS 4.0 implant** overlapped with malicious repository activity, indicating a broader coordinated distribution effort beyond...

Open Happening

UNC1069 open-source maintainer social-engineering campaign

Campaign
First: 04.04.2026 23:30 Last: 04.04.2026 23:30 Sources 1

About this happening: UNC1069's **coordinated social-engineering campaign** against **Node.js and npm maintainers** has widened, with multiple developers reporting the same lure pattern and the potenti...

Latest development: 06.04.2026 23:55

Security researcher Taylor Monahan and Socket reported that members of the open source software community, including Socket engineers and CEO Feross Aboukhadijeh, were targeted by the same slow-burn LinkedIn, Slack, and Microsoft Teams social engineering playbook used against Axios maintainer Jason Saayman, indicating the campaign was wider than a single Axios compromise.

Open Happening

Timeline

  1. 11.05.2026 10:05 2 articles · 16d ago

    Malicious Hugging Face repository impersonates OpenAI Privacy Filter

    Initial Disclosure

    A malicious Hugging Face repository named Open-OSS/privacy-filter impersonated OpenAI's Privacy Filter open-weight model, copied its description and model card nearly verbatim, and used start.bat and loader.py to deliver a Rust-based information stealer to Windows users. HiddenLayer's analysis also ties the activity to shared infrastructure, notes that the malicious model was disabled after reaching #1 trending with about 244,000 downloads and 667 likes within 18 hours, and identifies six additional repositories using similar Python loaders in the same broader supply-chain pattern.

    Show sources
    Open in new tab