Palo Alto Unit 42 research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse.
Hugging Face is a platform that enables AI developers to build, share and deploy models and datasets. On that platform, namespaces are the identifiers of models, which are Git repositories that are stored on the Hugging Face hub. Hugging Face models contain configurations, weights, code and information to enable developers to use the models.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
May 11, 2026
Active Directory Certificate Services (AD CS) is a foundational component of Windows enterprise infrastructure, responsible for managing public key infrastructure (PKI) and issuing certificates that enable authentication and encryption across networks. Despite its critical role in the enterprise identity infrastructure, AD CS is often undermined by insecure default configurations and design complexities, resulting in exploitable ...
- Yarbo responds to robot flaws that could mow down their owners
May 11, 2026
A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him over. The root cause was a cluster of “legacy” design choices: ...
- Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
May 11, 2026
Threat actors using AI is an unsurprising and even long-predicted developmentopen on a new tab. In a case in point, TrendAI™ Research has identified two emerging threat campaigns that used agentic AI to drive intrusion operations against government entities and financial organizations across several countries in Latin America. Though evidence suggests that the two groups are likely ...
- Water company’s leaky security earns near-£1M fine
May 11, 2026
The UK’s data protection watchdog has fined South Staffordshire Water’s parent company nearly £1 million over security failings exposed by the Cl0p ransomware attack in 2022. Issuing the fine of £963,900 ($1.3 million), the Information Commissioner’s Office (ICO) said the attack exposed “significant failures in the company’s approach to data security.” The attack, claimed by Cl0p, was detected ...
- Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
May 11, 2026
Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature ...
- Experts warn nearly half of the world’s passwords can easily be cracked in just a few minutes
May 8, 2026
Using real-world samples recovered from the dark web, Kaspersky researchers have tested how long it would take to crack most passwords, and found that almost half of the world’s passwords can be cracked in less than a minute. Additionally, the research shows that within an hour, that number rises to three out of five passwords. Armed with this knowledge, ...