An unknown threat actor exploited CVE-2026-39987 in a public Marimo instance and used an LLM agent to adaptively continue post-compromise actions, including credential harvesting, AWS Secrets Manager access, and SSH access to a bastion host. The intrusion ended with rapid exfiltration of an internal PostgreSQL database, highlighting the growing use of AI-assisted operators for flexible, live attack chains. #CVE-2026-39987 #Marimo #AWSSecretsManager #PostgreSQL #SSH
Keypoints
- CVE-2026-39987 allowed unauthenticated remote code execution in Marimo versions prior to 0.23.0.
- The attacker extracted cloud credentials and used AWS Secrets Manager to retrieve an SSH private key.
- Eight short SSH sessions were launched against a downstream bastion server to reach internal systems.
- An internal PostgreSQL database was exfiltrated in under two minutes.
- Sysdig identified signs that an LLM agent was driving the post-exploitation activity.
Read More: https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html