Chinese Spies Using LinkedIn, Job Sites to Recruit Western Workers

Fake jobs, real intelligence gathering. Intelligence agencies across the Five Eyes alliance, including the FBI, MI5, and counterparts in Australia, Canada, and New Zealand, have issued a coordinated warning about what they describe as an “aggressive” online recruitment campaign linked to Chinese intelligence services. According to the advisory, operatives are using professional networking platforms such…

Read More

Malicious Hugging Face Models Could Trigger Remote Code Execution

Organizations using vulnerable versions of the Hugging Face Transformers library could unknowingly execute attacker-controlled code simply by loading a malicious AI model. Researchers at Pluto disclosed a remote code execution (RCE) vulnerability that bypasses the library’s built-in trust_remote_code=False security control, potentially exposing cloud credentials, SSH keys, API tokens, and other sensitive assets. “One poisoned field…

Read More

Crypto-Funded Chinese Peptide Labs Are Booming

Meta has been quietly stashing dormant face recognition code on more than 50 million phones, WIRED reported this week, tucked inside the companion app that pairs with its Ray-Ban and Oakley smart glasses. If activated, the feature—known internally as NameTag—would let wearers identify people in front of them by matching captured faces against a biometric…

Read More