In May 2026, a typosquatted Hugging Face repository—Open-OSS/privacy-filter—distributed a loader that ultimately installed a Rust-based credential stealer on Windows machines; the repo was downloaded over 200,000 times before removal. For teams that pull community models into development or production, this incident reframes the threat: attackers can hide executable installers in model repos, not just poison […]