Hugging Face has been unintentionally leveraged by threat actors to distribute a sophisticated blockchain-based backdoor, following the rapid exploitation of a critical vulnerability in the Marimo Python notebook platform.
The vulnerability, tracked as CVE-2026-39987, enables unauthenticated remote code execution, allowing attackers to gain full control of affected systems without needing login credentials. Within days of its disclosure on April 8, 2026, attackers began actively exploiting the flaw, demonstrating how quickly modern threats can evolve.
According to researchers at Sysdig’s Threat Research Team, the attacks escalated rapidly between April 11 and April 14, with hundreds of exploitation attempts observed across multiple countries. What began as simple validation of the vulnerability quickly turned into complex, multi-stage attacks involving prolonged system access and data extraction.
Once inside compromised systems, attackers focused heavily on credential harvesting. They extracted sensitive information such as cloud access keys, API tokens, and database credentials, which could be used immediately or sold for further attacks. When direct command execution paths were blocked, attackers adapted quickly, using stolen credentials to move laterally across networks and access additional systems.
One of the most concerning aspects of the campaign is the use of trusted infrastructure to deliver malware. Attackers hosted a malicious payload on a typosquatted Hugging Face Space, allowing them to bypass traditional security filters that typically block suspicious or unknown domains. This approach highlights a growing tactic where attackers exploit reputable platforms to evade detection.
The malware itself is a new variant of NKAbuse, a Go-based backdoor that uses blockchain technology specifically the NKN network for command-and-control communication. This decentralized approach makes it significantly harder to disrupt, as there is no central server to shut down.
Disguised as a legitimate tool named “kagent,” the malware blends into developer environments, particularly those using Kubernetes and AI workflows. Once deployed, it establishes persistence across both Linux and macOS systems using multiple techniques, including system services and scheduled tasks, ensuring long-term access for attackers.
Researchers also observed advanced techniques such as database enumeration, Redis scanning, and DNS-based data exfiltration. These methods demonstrate a high level of sophistication, enabling attackers to continue operations even when traditional network channels are restricted.
This incident underscores a critical shift in the threat landscape, where attackers increasingly target AI and machine learning ecosystems. As these platforms become more integrated into enterprise environments, they also become attractive entry points for cyberattacks.
Security experts are urging organizations to patch vulnerable systems immediately and closely monitor for unusual activity, especially in environments connected to cloud services and AI tools. The rapid weaponization of CVE-2026-39987 serves as a stark reminder that vulnerabilities in emerging technologies can be exploited at unprecedented speed.
Recommended Cyber Technology News :
- Acora Baseline Assessment Transforms Cyber Risk Management
- Persistent Databricks AI Boosts Merchant Risk Management
- HackerOne Stops Bug Bounty Program Over AI Risks
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
