Trusted DesignThree days after disclosure of a critical pre-authorization remote code execution vulnerability in the marimo Python notebook platform, multiple threat actors deployed malware hosted on HuggingFace Spaces. A previously undocumented NKAbuse variant was delivered through a typosquatted HuggingFace Space, utilizing NKN blockchain for command and control. Between April 11-14, 2026, eleven unique source IPs across ten countries generated 662 exploit events. Attack patterns included reverse shell campaigns, credential extraction targeting AWS keys and API tokens, DNS exfiltration, and lateral movement to PostgreSQL and Redis databases via leaked credentials. The malware binary was disguised as a legitimate Kubernetes tool named kagent and implemented persistence through systemd services, crontab entries, and macOS LaunchAgents. This operation demonstrates threat actors specifically targeting AI/ML infrastructure and leveraging trusted platforms for malware distribution.
Created: 2026-04-16
類似するPulseは見つかりませんでした。
事実ベースの脅威アクターは見つかりませんでした。
推論ベースの脅威アクターは見つかりませんでした。
このPulseに見つかったCVEはありません。