Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-05T07:02:44.025928+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/123ab30d-4cfa-4f47-9478-21f11cd05aeb/export 123ab30d-4cfa-4f47-9478-21f11cd05aeb 2026-06-05T07:02:44.033886+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "123ab30d-4cfa-4f47-9478-21f11cd05aeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "Telegram/J8DlVyKG2Ha8_8-DPAHAkyXqdyfexf_y2s10iFJfB3MNT4g", "content": "", "creation_timestamp": "2026-05-30T15:00:07.000000Z"} 2026-05-30T15:00:07+00:00 https://vulnerability.circl.lu/sighting/f2663482-b8cd-422e-b527-2a3b6a5cded3/export f2663482-b8cd-422e-b527-2a3b6a5cded3 2026-06-05T07:02:44.033807+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "f2663482-b8cd-422e-b527-2a3b6a5cded3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3mn3i7t3fdk25", "content": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...", "creation_timestamp": "2026-05-30T16:35:12.795382Z"} 2026-05-30T16:35:12.795382+00:00 https://vulnerability.circl.lu/sighting/aef6f5f2-5b11-4661-904f-cd5a733edb9a/export aef6f5f2-5b11-4661-904f-cd5a733edb9a 2026-06-05T07:02:44.033725+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "aef6f5f2-5b11-4661-904f-cd5a733edb9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mn47aa4gx22g", "content": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit\n\nAn unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-acc\u2026\n#hackernews #llm #news", "creation_timestamp": "2026-05-30T23:27:02.393101Z"} 2026-05-30T23:27:02.393101+00:00 https://vulnerability.circl.lu/sighting/d520587b-90d4-4380-828e-854f6cd7a805/export d520587b-90d4-4380-828e-854f6cd7a805 2026-06-05T07:02:44.033640+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "d520587b-90d4-4380-828e-854f6cd7a805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mn4dd6qbxs2k", "content": "A new authentication bypass vulnerability (CVE-2026-39987, CVE-2026-39987) is being actively exploited in the wild. The target: LLM, Marimo. This is n\n\nThis is not the first time a critical authentication bypass has been found in LL\n\nhttps://securitycyber.uk\n\n\n\nhttps://securitycyber.uk | Training: h", "creation_timestamp": "2026-05-31T00:40:16.251295Z"} 2026-05-31T00:40:16.251295+00:00 https://vulnerability.circl.lu/sighting/065e3764-bdd4-4a21-b80a-73703ede0db8/export 065e3764-bdd4-4a21-b80a-73703ede0db8 2026-06-05T07:02:44.033558+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "065e3764-bdd4-4a21-b80a-73703ede0db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mn4jisrb4f2i", "content": "Top 3 CVE for last 7 days:\nCVE-2026-48095: 19 interactions\nCVE-2026-0257: 17 interactions\nCVE-2026-26980: 16 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-0257: 14 interactions\nCVE-2026-21852: 3 interactions\nCVE-2026-39987: 3 interactions\n", "creation_timestamp": "2026-05-31T02:30:48.180899Z"} 2026-05-31T02:30:48.180899+00:00 https://vulnerability.circl.lu/sighting/6c0643b6-7349-49c2-9ab7-f01c89bd9002/export 6c0643b6-7349-49c2-9ab7-f01c89bd9002 2026-06-05T07:02:44.033466+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "6c0643b6-7349-49c2-9ab7-f01c89bd9002", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/technoholic.bsky.social/post/3mn4msnddw72h", "content": "Unknown threat actor used a large language model (LLM) to conduct post-compromise actions after exploiting a public Marimo network (CVE-2026-39987). Stay alert for AI-driven attacks.", "creation_timestamp": "2026-05-31T03:29:59.263644Z"} 2026-05-31T03:29:59.263644+00:00 https://vulnerability.circl.lu/sighting/df01ccd4-48d1-4863-9d63-957b8a1dc9f1/export df01ccd4-48d1-4863-9d63-957b8a1dc9f1 2026-06-05T07:02:44.033373+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "df01ccd4-48d1-4863-9d63-957b8a1dc9f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/116668135516466708", "content": "\u26a0\ufe0f Attackers used an LLM agent for post-exploitation after breaching a public Marimo notebook via CVE-2026-39987, a pre-auth RCE flaw affecting versions \u22640.20.4.\nThe intrusion stole cloud credentials, retrieved an SSH key from AWS Secrets Manager, and exfiltrated a PostgreSQL database via eight SSH sessions in under two minutes.\nFull report: https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html", "creation_timestamp": "2026-05-31T08:01:12.803701Z"} 2026-05-31T08:01:12.803701+00:00 https://vulnerability.circl.lu/sighting/7ad8657d-baa2-4b40-800c-a176add0188a/export 7ad8657d-baa2-4b40-800c-a176add0188a 2026-06-05T07:02:44.033280+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "7ad8657d-baa2-4b40-800c-a176add0188a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/mwyr.es/post/3mn6zrgdceq2x", "content": "Attackers Use LLM Agent For Post-Exploitation After Marimo CVE-2026-39987 Exploit - https://mwyr.es/pUqIWw5L #thn #infosec", "creation_timestamp": "2026-06-01T02:27:16.202643Z"} 2026-06-01T02:27:16.202643+00:00 https://vulnerability.circl.lu/sighting/668714f0-0108-465e-9553-ac356ed8969d/export 668714f0-0108-465e-9553-ac356ed8969d 2026-06-05T07:02:44.033164+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "668714f0-0108-465e-9553-ac356ed8969d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/reconbee.bsky.social/post/3mn7i63i47k2k", "content": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit reconbee.com/attackers-us...\n\n#LLM #Marimo #largelanguagemodels #llmagent #cybersecurity", "creation_timestamp": "2026-06-01T06:44:56.421678Z"} 2026-06-01T06:44:56.421678+00:00 https://vulnerability.circl.lu/sighting/0bffe034-6838-414e-a968-71977667c88b/export 0bffe034-6838-414e-a968-71977667c88b 2026-06-05T07:02:44.032053+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "0bffe034-6838-414e-a968-71977667c88b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39987", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnhzfo6tsr2e", "content": "\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u578b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u30aa\u30fc\u30b1\u30b9\u30c8\u30ec\u30fc\u30b7\u30e7\u30f3\u5c64\u306b\u5230\u9054\uff1aAI\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u4e3b\u5c0e\u306e\u30b3\u30f3\u30c6\u30ca\u30a8\u30b9\u30b1\u30fc\u30d7\n\n\u8105\u5a01\u30ea\u30b5\u30fc\u30c1 \u30c7\u30a3\u30ec\u30af\u30bf\u30fc2026\u5e745\u670829\u65e5\u3001Sysdig\u8105\u5a01\u30ea\u30b5\u30fc\u30c1\u30c1\u30fc\u30e0\uff08TRT\uff09\u306f\u3001\u8105\u5a01\u30a2\u30af\u30bf\u30fc\u304c\u8106\u5f31\u306amarimo\u30ce\u30fc\u30c8\u30d6\u30c3\u30af\uff08CVE-2026-39987\uff09\u3092\u60aa\u7528\u3057\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5c64\u3092\u8d85\u3048\u3066\u5c55\u958b\u3059\u308b\u5b8c\u5168\u81ea\u52d5\u5316\u3055\u308c\u305f\u30ad\u30eb\u30c1\u30a7\u30fc\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u306e\u3092\u89b3\u6e2c\u3057\u307e\u3057\u305f\u3002\u653b\u6483\u306e\u5404\u6bb5\u968e\u306b\u306f\u3001\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u578b\u8105\u5a01\u30a2\u30af\u30bf\u30fc\uff08A...", "creation_timestamp": "2026-06-04T16:14:39.064408Z"} 2026-06-04T16:14:39.064408+00:00