CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace

The Sysdig Threat Research Team (TRT) identified an exploit in the marimo Python notebook platform, CVE-2026-39987, which allows attackers to deploy a blockchain botnet through HuggingFace Spaces. This exploit was observed shortly after the vulnerability was disclosed, leading to various attacks, including the deployment of a new NKAbuse malware variant. The attacks involved credential harvesting, reverse shell operations, and lateral movements to databases like PostgreSQL and Redis. The attackers also utilized DNS exfiltration techniques and leveraged HuggingFace Spaces for malware distribution, exploiting the platform's clean reputation. The incidents highlight the increasing targeting of AI/ML infrastructure, emphasizing the importance of behavioral detection, credential rotation, and careful monitoring of AI/ML platform dependencies to defend against sophisticated threats.