GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Lukasz Olejnik (lukaszolejnik@mastodon.social)'s status on Sunday, 09-Feb-2025 03:50:23 JST Lukasz Olejnik Lukasz Olejnik

    Malicious open source models are being uploaded to popular repository hugging face. This will be a completely new cybersecurity risk. Now it's merely code execution. But expect tainted/poisoned weights impacting outputs. Python reverse shell script enables remote command execution. On Linux, it spawns a `/bin/sh` shell, on Windows, it launches PowerShell and enables bidirectional communication. https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face

    In conversation about 5 months ago from mastodon.social permalink

    Attachments


    1. https://files.mastodon.social/media_attachments/files/113/968/724/783/346/875/original/3265272a71b5cefc.png
    2. Domain not in remote thumbnail source whitelist: www.reversinglabs.com
      Malicious ML models discovered on Hugging Face platform
      from @ReversingLabs
      Developers working on machine learning take note: RL threat researchers have identified nullifAI, a novel attack technique used on Hugging Face.

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.