Cybersecurity researchers discovered a vulnerability in the Hugging Face Safetensors conversion service that could be exploited by attackers to compromise machine learning models submitted by users, leading to supply chain attacks.
Source: cyware.com