π―Hackers found a way to sneak into a popular tool used by developers, allowing them to steal important information and install malicious software. It's like finding a hidden door in a house and using it to take things without anyone noticing. Developers need to fix this door quickly to keep their stuff safe!
The Flaw
A critical vulnerability in the marimo Python notebook platform, tracked as CVE-2026-39987, allows for remote code execution without authentication. This flaw has opened the door for attackers to deploy a new variant of the NKAbuse malware through a fake Hugging Face Space, specifically designed to mimic legitimate tools and applications.
What's at Risk
The vulnerability has been actively exploited since its public disclosure on April 8, 2026, with the first exploitation recorded within just 9 hours and 41 minutes. Attackers have launched over 662 exploit events from 11 unique IP addresses across 10 countries, targeting AI developer workstations. The attacks have demonstrated the ability to pivot from compromised marimo instances to connected PostgreSQL databases and Redis instances, extracting sensitive data such as AWS access keys and OpenAI API tokens.
NKABUSE Variant and Persistence Tactics
The NKAbuse variant deployed in these attacks is a remote access trojan that communicates over the NKN blockchain network, making detection challenging due to its blending with normal blockchain activity. The malware, named kagent, is disguised as a legitimate Kubernetes agent and establishes persistence through multiple methods, including systemd services and cron jobs. Notably, the dropper script used in the attacks was hosted on a typosquatted Hugging Face Space called vsccode-modetx, which allowed it to bypass security filters due to its clean reputation.
Patch Status
Sysdig researchers emphasize the urgency for users to upgrade to marimo version 0.23.0 or later immediately. If upgrading is not feasible, they recommend blocking external access to the vulnerable '/terminal/ws' endpoint via a firewall.
Immediate Actions
To mitigate the risks associated with this vulnerability, organizations should: The rapid escalation of exploitation tactics and the diverse methods employed by attackers underscore the critical nature of this vulnerability and the need for immediate defensive actions.
Containment
- 1.Update marimo to version 0.23.0 or later immediately.
- 2.Hunt for the ~/.kagent/ directory, the kagent.service systemd entry, and any running kagent processes on systems that used marimo.
- 3.Block vsccode-modetx.hf.space at the proxy or DNS level to prevent known payload delivery.
- 4.Rotate all credentials on exposed marimo instances, focusing on DATABASE_URL, AWS keys, and API tokens.
Remediation
- 5.Monitor network traffic for NKN blockchain relay patterns indicating active C2 communication.
- 6.Audit Hugging Face Spaces and AI/ML dependencies, restricting access to verified publishers only.
- 7.Deploy runtime behavioral detection tools, as conventional signature-based tools may not detect this zero-detection malware.
The exploitation of CVE-2026-39987 highlights the evolving tactics of cybercriminals, particularly in targeting AI development environments. Organizations must prioritize timely updates and proactive monitoring to safeguard their systems.
