Nicholas Carlini
Coverage of Nicholas Carlini in the Nexus archive.
- Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise
An npm account compromise infected 314 npm packages with malware, including popular packages such as size-sensor and echarts-for-react. The compromised account belongs to a developer based in Hangzhou, China, and the malware has been reported on GitHub. Developers who have installed compromised package versions are advised to rotate credentials and check for unauthorized repositories.
- Cache-poisoning caper turns TanStack npm packages toxic
An attacker published 84 malicious versions of TanStack npm packages, leading to credential theft and disk wipe, as part of a wave of attacks across npm and PyPI. The attack was detected within 30 minutes by StepSecurity, triggering incident response and npm deprecation. GitHub has published a security advisory with recommended actions.
- Nicholas Carlini – Black-hat LLMs [video]
Nicholas Carlini discusses black-hat techniques targeting large language models (LLMs) in a YouTube video. The presentation explores vulnerabilities and potential exploits in LLMs, highlighting security risks.