{"data":{"id":"b8c42e1a-4ac6-42f0-bd3a-f7048f0b3d2a","title":"Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face","summary":"Hackers are exploiting a critical vulnerability in Marimo (a Python notebook tool) called CVE-2026-39987 (remote code execution, where attackers can run commands on systems they don't own) to deploy NKAbuse malware from Hugging Face Spaces (a platform for sharing AI applications). The attacks began within 10 hours of technical details becoming public, with attackers using fake application names to trick users into downloading malware that steals credentials and allows remote control of infected systems.","solution":"Users should upgrade to Marimo version 0.23.0 or later immediately. If upgrading is not possible, block external access to the '/terminal/ws' endpoint using a firewall, or block it entirely.","labels":["security"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/","publishedAt":"2026-04-16T16:58:06.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Marimo","Hugging Face","Hugging Face Spaces","NKAbuse","NKN","Kubernetes"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-16T16:58:06.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}