ChatGPT malware abuse, Marimo CVE-2026-39987 LLM exploitation, Russian infrastructure arrests

TL;DR: ChatGPT share links are being abused to host fake outage pages that deliver malware; CVE-2026-39987 in Marimo has been exploited with attackers using LLM agents for post-compromise automation; Dutch authorities seized 800 servers and arrested hosting executives tied to Russian operations; a Russian-speaking actor dubbed GREYVIBE is conducting AI-powered attacks against Ukraine; and malicious NuGet packages impersonating Sicoob are stealing banking credentials. Immediate actions recommended include patching exposed Marimo instances, blocking suspicious share.openai.com links, auditing NuGet dependencies and credentials, and enhancing detection for AI-driven post-exploitation behavior.