TI Mindmap HUB
Threat Intelligence Report

CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace

๐Ÿ“… April 15, 2026 ๐Ÿ“ฐ sysdig.com ๐Ÿ” 1 CVE(s) referenced

Threat actors rapidly weaponized CVE-2026-39987 in the marimo Python notebook platform to deploy a novel NKAbuse blockchain botnet via a typosquatted HuggingFace Space, highlighting how trusted AI/ML platforms are now being exploited for malware delivery, lateral movement, and credential theft.

vendor
CVE-2026-39987

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle