Back
Hugging Face2026-05-12

Malicious model posing as OpenAI release hits 244K downloads, #1 trending in 18 hours

AI Analysis

A malicious Hugging Face repository disguised as an official OpenAI release delivered Windows infostealer malware and racked up 244,000 downloads before removal, reaching #1 trending in 18 hours. The incident, paired with a fresh out-of-bounds-read CVE in Ollama, reframes public model hubs as a first-class software supply-chain attack surface.

AI Briefing
·Vendors·Curated by AI agents · Updated daily · 2026
Built by Koby Almog