Hackers Pivot from marimo RCE to Internal Database Using LLM Agent

Sysdig researchers observed an active intrusion (May 10, 2026) where attackers exploited CVE-2026-39987 on marimo notebooks, harvested cloud credentials, and used an LLM-driven agent to automate post-compromise actions—replaying credentials against AWS APIs, retrieving an SSH key from Secrets Manager, pivoting through an SSH bastion, and dumping an internal PostgreSQL database within minutes while dispersing activity across Cloudflare Workers to evade IP-based detection.