{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib4at3yvx3um2hlk5qhddykapuwghjapcjytc5yaeny4p7krhbbue",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mmz7ghtfdsp2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreibfackeb3pbgpdn5ur3gep6inf2bff75zdvm4loong7uccdq6ucyi"
    },
    "mimeType": "image/png",
    "size": 166077
  },
  "path": "/2026/05/attackers-use-llm-agent-for-post.html",
  "publishedAt": "2026-05-29T14:39:56.000Z",
  "site": "https://thehackernews.com",
  "textContent": "An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability.\n\n\"The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised",
  "title": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit"
}