News

CSOonline5mon
Attackers hide malicious code in Hugging Face AI model Pickle files
While Hugging Face supports machine learning (ML) models in various formats, Pickle is among the most prevalent thanks to the popularity of PyTorch, a widely used ML library written in Python that ...
Infosecurity-magazine.com2mon
Malicious Machine Learning Model Attack Discovered on PyPI
A new campaign exploiting machine learning (ML) models via the Python Package Index (PyPI) has been observed by cybersecurity researchers. ReversingLabs said threat actors are using the Pickle file ...
Dark Reading1y
'Sleepy Pickle' Exploit Subtly Poisons ML Models - Dark Reading
The method focuses on the "pickling" process used to store Python objects in bytecode. ML models are often packaged and distributed in Pickle format, despite its longstanding, known risks.
GIGAZINE2y
``Stable-Diffusion-Pickle-Scanner-GUI'' that can check whether malware ...
Stable-Diffusion-Pickle-Scanner-GUI is still at version 0.1, so I'm worried about future development. According to the developer, the model download function and preview function will be added.