Hugging Face news and developer summaries

The MicrosoftSystem64 campaign uses malicious npm packages to distribute a multi-platform RAT that abuses HuggingFace for binary delivery and data exfiltration. The malware steals browser credentials, crypto wallet data, Telegram sessions, and SSH keys, while performing keylogging and screenshot surveillance. This sophisticated supply-chain attack demonstrates high operational resilience through rapid account rotation and evasive infrastructure.

Google introduced Multi-Token Prediction (MTP) drafters for Gemma 4, enabling up to 3x faster inference via speculative decoding. By pairing heavy models with lightweight drafters, developers can achieve lower latency and higher throughput on hardware ranging from edge devices to workstations without sacrificing output quality or reasoning capabilities.

whichllm is a CLI tool that identifies the optimal local LLM for your specific hardware. It auto-detects system specifications (GPU/CPU/RAM) and ranks models from HuggingFace based on real-world benchmarks, speed, and size-fit rather than just capacity. It includes features for hardware planning, instant chat execution, and Python code generation.