Skip to content
The Nexus
DossierENTITY

Nicholas Carlini

Coverage of Nicholas Carlini in the Nexus archive.

Earliest in view: Apr 25 · 20:04 UTCMost recent: May 19 · 12:58 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 19 · 12:58 UTCTHE REGISTER
    Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

    An npm account compromise infected 314 npm packages with malware, including popular packages such as size-sensor and echarts-for-react. The compromised account belongs to a developer based in Hangzhou, China, and the malware has been reported on GitHub. Developers who have installed compromised package versions are advised to rotate credentials and check for unauthorized repositories.

  • SECURITYMay 12 · 12:00 UTCTHE REGISTER
    Cache-poisoning caper turns TanStack npm packages toxic

    An attacker published 84 malicious versions of TanStack npm packages, leading to credential theft and disk wipe, as part of a wave of attacks across npm and PyPI. The attack was detected within 30 minutes by StepSecurity, triggering incident response and npm deprecation. GitHub has published a security advisory with recommended actions.

  • SECURITYApr 25 · 20:04 UTCHACKER NEWS
    Nicholas Carlini – Black-hat LLMs [video]

    Nicholas Carlini discusses black-hat techniques targeting large language models (LLMs) in a YouTube video. The presentation explores vulnerabilities and potential exploits in LLMs, highlighting security risks.