Incident Analysis
Hugging Face Model Hub Supply Chain Risks in 2025
Pickle deserialization, malicious Spaces, and namespace squatting: what 2024-2025 taught us about the Hugging Face model supply chain.
Feb 20, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Pickle deserialization, malicious Spaces, and namespace squatting: what 2024-2025 taught us about the Hugging Face model supply chain.
A phishing campaign against a prolific npm maintainer poisoned chalk, debug, and several other packages with a Web3 hijacker. Here is the full breakdown.
A stolen Ripple-adjacent npm token pushed key-stealing versions of xrpl.js. Timeline, payload structure, and what XRPL integrators should do next.
A phished maintainer token pushed a private-key-stealing backdoor into @solana/web3.js 1.95.6/1.95.7. Full mechanics and post-incident recommendations.
A phishing-obtained GitHub token published a wallet drainer as @ledgerhq/connect-kit in Dec 2023. What the incident tells us about Web3 supply chain trust.
Compromised npm tokens pushed crypto-miner versions of @rspack/core and @rspack/cli in December 2024. Timeline, payload, and what downstream teams missed.
After a domain handover, polyfill.io began serving malware to more than 100,000 sites. Here is the attack chain and what the incident teaches us.
A leaked maintainer token published three trojanized versions of @lottiefiles/lottie-player to npm, targeting wallet drains. Here is the mechanics.
A March 2025 GitHub Action compromise rewrote every tagged version to leak secrets. Here is the timeline, attack chain, and what repos need to change.
Weekly insights on software supply chain security, delivered to your inbox.