By Sead Fadilpašić
Publication Date: 2026-05-11 22:40:00
- Attackers typosquatted an OpenAI repo on HuggingFace, distributing an infostealer disguised as a “privacy filter” model
- The malware disabled SSL checks, escalated privileges, and deployed the sefirah payload to steal credentials, crypto wallets, and system data
- The fake repo hit 244K downloads and briefly topped HuggingFace rankings before removal, with other linked malicious repos also taken down
Nvidia GeForce NOW, a cloud-based gaming service which streams high-performance PC games to other devices, suffered a cyberattack recently, and lost sensitive customer data. However, the data seems to be limited to one country only – Armenia.
A threat actor posted a new thread on an underground hacking forum, offering “millions of user records” for sale.
The records, which allegedly include people’s names, email addresses, usernames, dates of birth, membership status, and 2FA/TOTP status, were being sold for a sum of $100,000, paid either in Bitcoin, or Monero.
ShinyHunters, or imposters?
Following the disclosure, Nvidia shared a statement with BleepingComputer, saying the breach was a result of a compromise in the infrastructure of a regional partner called GFN.am. This company manages all GeForce NOW operations in Azerbaijan, Georgia, Kazakhstan, Moldova, Ukraine, and Uzbekistan.
“Our investigation found no impact on NVIDIA-operated services,” Nvidia told the publication. “We are working…