Skip to content
Hugging Face logo

Hugging Face in the Media

41 mentions across press, blogs, and newsletters

Top coverageThe InformationSiftedTechRadarVentureBeat
4 tech media

July 2026

June 2026

Transformer

Hugging Face hosts nudification tools targeting a former Trump cabinet official and other senior US political figures

The tools are explicitly intended for generating deepfake nudes of a former Trump cabinet official, sitting members of Congress and a top American judge, a Transformer investigation found

Jun 25, 2026
The InformationTech Media

Open Source Growth Boosts Together AI, Hugging Face

Anthropic and OpenAI are booming, but so are providers of open-source AI models and other cheaper alternatives, thanks to businesses using open-source to control their costs, we reported in detail this

Jun 23, 2026
SiftedTech Media

Exclusive: Github and Hugging Face founders back AI agent startup Zaro’s $5.1m raise

London-based Zaro, which helps customers build custom AI agents, has raised a $5.1m round led by Cherry Ventures.

Jun 9, 2026
Cybersecurity News

Critical Vulnerability in Hugging Face Transformers Enables Remote Code Execution Attacks

A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration files. The flaw exposes a significant supply chain risk in one of the most widely used machine

Jun 6, 2026
eSecurity Planet

Hugging Face Vulnerability Allows Remote Code Execution

Hugging Face flaw allows RCE from malicious AI models. The post Hugging Face Vulnerability Allows Remote Code Execution appeared first on <a href="https://www.esecurityplanet.com

Jun 5, 2026
scworld.com

Critical vulnerability in Hugging Face Transformers library allowed arbitrary code execution

The vulnerability, tracked as CVE-2026-4372, was exploitable through a standard model-loading command, even when Hugging Face’s recommended security setting "trust_remote_code=False" was enabled.

Jun 4, 2026
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

A hig

Jun 4, 2026
SiliconAngle

Critical Hugging Face Transformers flaw ran attacker code on a routine model load

Pluto Security Inc. today disclosed a critical remote code execution vulnerability in Hugging Face Inc.’s Transformers library that allowed attacker-controlled artificial intelligence models to run arbitrary code on a victim’s machine. The flaw fired through a standard model-loading c

Jun 4, 2026
dev.to

Open-Source AI, Hugging Face, and the Building Blocks of Modern AI Development

Open-source AI has made it much easier for developers to experiment with powerful models without building everything from scratch. Today, we have access to platforms, libraries, and tools that allow us to run text models, audio models, image-generation models, and even large language mode

Jun 2, 2026

May 2026

Eye On Cyber

Hugging Face security analysis: ~70,000 live secrets and API keys, private repos, and leaky pics! 🤖🤗💦🔑😈

In his recent research, security researcher Dylan Ayrey presents the hidden security, privacy, and legal risks within the massive AI ecosystem surrounding Hugging Face, especially the various GitHub datasets that contain API keys, passwords, and other secrets.

May 29, 2026
Interesting Engineering

Hugging Face’s new $2.5k LeRobot Humanoid brings 3D-printed robotics within reach

Humanoid robots remain out of reach for most people due to their high cost, often...

May 29, 2026
Databreaches

Hugging Face Hiding Second-Stage Malware for npm Supply Chain Attack

Tushar Subhra Dutta reports: Hackers have found a new and alarming way to weaponize one of the most trusted platforms in the AI world. A threat actor linked to North Korea has embedded second-stage malware inside Hugging Face, the widely used AI and machine learning hub, effectively turning it into

May 22, 2026
Cybersecurity News

Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack

Hackers have found a new and alarming way to weaponize one of the most trusted platforms in the AI world. A threat actor linked to North Korea has embedded second-stage malware inside Hugging Face, the widely used AI and machine learning hub, effectively turning it into a malware delivery channel

May 22, 2026
GBHackers

Hackers Abuse Hugging Face to Deliver npm Malware

A newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging, data exfiltratio

May 22, 2026
Decrypt

Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended

A lookalike repository impersonating OpenAI's Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face pulled it.

May 12, 2026
darkreading

Hugging Face Packages Weaponized With a Single File Tweak

A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.

May 12, 2026
AI News

Hugging Face hosted malicious software masquerading as OpenAI release

A malicious Hugging Face repository that posed as an OpenAI release delivered infostealer malware to Windows machines and recorded about 244,000 downloads before removal, according to research from AI security firm HiddenLayer. The number of downloads may have been artificially inflated by the at

May 12, 2026
Infosecurity Magazine

Malicious Hugging Face Repository Typosquats OpenAI

HiddenLayer reveals infostealer malware in a Hugging Face repository

May 12, 2026
TechRadarTech Media

A fake OpenAI repository has taken top spot on Hugging Face — but all it does is push infostealer malware

Its popularity may have been faked, though, as the "likes" all came from auto-generated accounts.

May 11, 2026
Cybersecurity News

Trending Hugging Face Repository With 200k Downloads Executes Malware on Windows Machines

A popular artificial intelligence repository on Hugging Face was recently found hiding dangerous malware that targeted Windows users. The repository, named “Open-OSS/privacy-filter,” had racked up over 200,000 downloads before the platform’s team stepped in and removed it. The m

May 11, 2026
CSO Online

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

A mal

May 11, 2026
WinBuzzer

Fake OpenAI Hugging Face OpenAI Repo Pushed Infostealer Malware

A fake OpenAI-branded Hugging Face

May 11, 2026
GBHackers

Trending Hugging Face Repo With 200K Downloads Spreads Windows Malware

A malicious Hugging Face repository, Open-OSS/privacy-filter, that abused the platform’s trust and trending algorithm to deliver a sophisticated Rust-based infostealer to Windows users. The project briefly reached the #1 trending position with roughly 244,000 downloads and hundreds of likes befor

May 11, 2026
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart, r

May 11, 2026
BleepingComputer

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver information-stealing malware to Windows users. [...]

May 9, 2026
Cybersecurity News

Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware

An active malware distribution campaign abusing two prominent AI platforms Hugging Face and ClawHub to deliver trojans, cryptominers, and infostealers disguised as legitimate AI tools and agent extensions. The campaign marks a significant evolution in supply chain attacks, shifting from tradition

May 8, 2026
Axios Tech (alt)

Hugging Face launches robot app store

Open-source AI platform Hugging Face will formally launch an app store Wednesday for its Reachy Mini robot, CEO Clément Delangue tells Axios.Why it matters: The goal is to help nontechnical people create customized uses for the open-source robot, Delangue

May 6, 2026
VentureBeatTech Media

The app store for robots has arrived: Hugging Face launches open-source Reachy Mini App Store with 200+ apps

There's an app for nearly every imaginable user and use case these days, but one thing they all have in common is that they're centered around one device: the smartphone. That changes today as Hugging Face , the 10-year-old New York City startu

May 6, 2026
SecurityWeek

Hugging Face, ClawHub Abused for Malware Distribution

Threat actors are relying on social engineering to lure users into downloading files containing malicious instructions. The post Hugging Face, ClawHub Abused for Malware Distribution appeared f

May 1, 2026

April 2026

Cybersecurity News

Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE Attacks

A critical, currently unpatched remote code execution (RCE) vulnerability has been disclosed in LeRobot, Hugging Face’s popular open-source machine learning framework for real-world robotics. Tracked as CVE-2026-25874 with a critical CVSS score of 9.3, the flaw allows unauthenticated attack

Apr 29, 2026
GBHackers

Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks

A critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to execute arbitrary

Apr 28, 2026
The Hacker News

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), w

Apr 28, 2026
Cybersecurity News

Malicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration Backend

A rogue npm package named js-logger-pack has been caught quietly turning Hugging Face, a widely trusted AI model hosting platform, into both a malware delivery network and a stolen data storage backend. The campaign marks a clear shift in how attackers abuse legitimate cloud services to run suppl

Apr 23, 2026
GBHackers

Malicious npm Package Hijacks Hugging Face for Malware Delivery

Malicious npm package js-logger-pack is now abusing Hugging Face not just as a malware CDN, but also as a live exfiltration backend for stolen data, turning a popular AI platform into part of a full-featured cross‑platform implant chain. Earlier campaign phases already used Hugging Face as a simp

Apr 23, 2026
Cybersecurity News

Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face

A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-39987, allows remote code execution without authentication, making it a dangerous entry point for thr

Apr 17, 2026
GBHackers

Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face

Attackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high‑value infection points. The campaign combines pre-auth RCE, credential theft, lateral movem

Apr 17, 2026
BleepingComputer

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]

Apr 16, 2026

February 2026

Toolradar Research

See Hugging Face in context: The SaaS Press Index 2026

We analyzed 6,704 press mentions across 290 outlets to rank which SaaS tools win coverage. Find Hugging Face's position relative to the 488 most-covered tools.

Read the report

Explore Hugging Face

Press coverage is one signal. See the full picture.