Dark Reading

Hugging Face Packages Weaponized With a Single File Tweak

A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate ...
CSOonline

Npm ecosystem vulnerable to new manifest confusion attack

Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers. The npm (Node Package Manager) ecosystem of JavaScript ...

Malicious npm packages: SAP software compromised

Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security ...
InfoWorld

JSON tools you don’t want to miss

Developers can choose from many great free and online tools for JSON formatting, validating, editing, and converting to other formats JSON, for JavaScript Object Notation, is a popular and lightweight ...