A ComfyUI extension developer reported receiving a scam email designed to trick recipients into installing a malicious npm package or executing a shell script via `curl | sh`. The package, named ‘runaic/aic’, likely aims to steal GitHub and ComfyUI Registry credentials and inject harmful code into extensions, which could compromise ComfyUI users. The developer warns that the small, targeted attack helps bypass spam detection and urges the community to report the package and remain vigilant against such social engineering threats.
A new LoRA file, 'Krea2 Filter Bypass Fedor,' has been publicly released on Civitai that effectively disables the safety filter in Krea 2 diffusion transformer by overwriting only the two refusal-associated control knobs (9 and 10) while leaving all others at zero. Unlike earlier bypasses that modified multiple knobs and caused style warping or plasticized faces, this approach mathematically guarantees no style or anatomy drift because zeroed knobs cannot be moved by strength adjustments. The LoRA stacks cleanly with realism, character, and style LoRAs without interference, letting the base model's own quality shine through. A recommended strength of 3–5 defeats most refusals, and the author suggests switching to FilterBypass3 for any remaining knob-11-based refusals. The design was derived from a community vector analysis by u/piero_deckard, identifying the exact roles of each knob.
A Reddit user asked about the security risks of ComfyUI custom nodes, questioning how common malicious software is in such nodes. The user also sought guidance on how to evaluate whether a custom node is safe to use. The post did not include any specific incident reports or evaluation methods, only the question itself.
A Reddit user introduced a technique to apply Krea 2's safety filter LoRA only on select parts of the image generation process, aiming to reduce the visible quality degradation caused by the filters. Inspired by a prior extraction of the filter's internal values, this approach shows some improvement in output but slows down generation. The optimal implementation and overall effectiveness remain uncertain.