Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

A critical vulnerability in Marimo reactive Python notebook is being actively exploited by threat actors to deploy a new variant of NKAbuse malware. The attack leverages Hugging Face Spaces as a hosting platform for the malicious payload, demonstrating how attackers increasingly abuse legitimate, trusted cloud services to distribute malware and evade detection. Organizations using Marimo notebooks should apply security patches immediately and monitor for unusual execution behavior. The use of Hugging Face as an attack infrastructure highlights the need for scrutiny of third-party ML model repositories and shared code environments. Security teams should verify their Python environments are not vulnerable to this exploit chain.

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]

A critical vulnerability in Marimo reactive Python notebook is being actively exploited by threat actors to deploy a new variant of NKAbuse malware. The attack leverages Hugging Face Spaces as a hosting platform for the malicious payload, demonstrating how attackers increasingly abuse legitimate, trusted cloud services to distribute malware and evade detection. Organizations using Marimo notebooks should apply security patches immediately and monitor for unusual execution behavior. The use of Hugging Face as an attack infrastructure highlights the need for scrutiny of third-party ML model repositories and shared code environments. Security teams should verify their Python environments are not vulnerable to this exploit chain. Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...] Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]