[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face-mo4lcjwb":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":13,"action_required":19,"article_ids":20,"ioc_summary":22,"source_urls":23,"status":25,"expires_at":26,"created_at":27,"updated_at":28,"articles":29},"fed53706-4c0e-4351-92a5-97387e8f6974","Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face","hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face-mo4lcjwb","Attackers are actively exploiting CVE-2026-39987, a critical RCE vulnerability in Marimo Python notebooks, to deploy NKAbuse malware hosted on Hugging Face. The malware acts as a RAT with credential theft and lateral movement capabilities. Exploitation started within 10 hours of disclosure across multiple threat actors.","critical","advisory",[12],"CVE-2026-39987",[14,15,16,17,18],"Marimo","Hugging Face Spaces","NKAbuse","Hugging Face","Sysdig","Immediately hunt for Marimo notebook execution in your environment, block known Hugging Face Space IOCs hosting NKAbuse, and scan for signs of credential theft and lateral movement on compromised systems.",[21],"a6755a48-6ebc-4f9a-8ca1-5df12699da7a",null,[24],"https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fhackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face\u002F","archived","2026-04-20T17:08:26.721+00:00","2026-04-18T17:08:28.556808+00:00","2026-04-20T18:09:46.632253+00:00",[30],{"id":21,"title":6,"url":24}]