{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreib4at3yvx3um2hlk5qhddykapuwghjapcjytc5yaeny4p7krhbbue",
"uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mmz7ghtfdsp2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreibfackeb3pbgpdn5ur3gep6inf2bff75zdvm4loong7uccdq6ucyi"
},
"mimeType": "image/png",
"size": 166077
},
"path": "/2026/05/attackers-use-llm-agent-for-post.html",
"publishedAt": "2026-05-29T14:39:56.000Z",
"site": "https://thehackernews.com",
"textContent": "An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability.\n\n\"The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised",
"title": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit"
}