Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

A critical pre-auth RCE (CVE-2026-39987) in Marimo has been actively exploited: an attacker compromised an internet-facing Marimo notebook, harvested cloud credentials, retrieved an SSH key from AWS Secrets Manager, and used it to perform rapid SSH sessions that exfiltrated the schema and full contents of an internal PostgreSQL database. Sysdig observed that a large language model agent orchestrated the post-compromise actions — improvising database dumps, chaining commands for machine consumption, and adaptively following outputs — and recommends updating Marimo, auditing public instances, and rotating credentials and keys.