Just three days after the April 8, 2026, disclosure of a critical pre-authorization remote code execution (RCE) vulnerability in the Marimo Python notebook platform, threat actors began actively exploiting the flaw. Tracked as CVE-2026-39987, this vulnerability allows unauthenticated attackers to obtain a full interactive shell and execute arbitrary system commands without requiring credentials. According to […] The post Hugging Face Abused To Spread Blockchain-Based Backdoor In CVE-2026-39987 Attacks appeared first on Cyber Security News.