A rogue npm package named js-logger-pack has been caught quietly turning Hugging Face, a widely trusted AI model hosting platform, into both a malware delivery network and a stolen data storage backend. The campaign marks a clear shift in how attackers abuse legitimate cloud services to run supply chain attacks while staying hidden. The package appeared harmless […] The post Malicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration Backend appeared first on Cyber Security News.