An unknown threat actor has been observed using a large
language model (LLM) agent to conduct post-compromise actions after
obtaining initial access following the exploitation of a
publicly-accessible Marimo network using a recently disclosed
vulnerability. "The attacker compromised an internet-reachable
Marimo notebook via CVE-2026-39987, extracted two cloud credentials
from the compromised
Read more https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html
