Threats Tagged 'kagent'
View all threats tagged with 'kagent'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'kagent'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFaceCVE-2017-5638 0 Three days after disclosure of a critical pre-authorization remote code execution vulnerability in the marimo Python notebook platform, multiple threat actors deployed malware hosted on HuggingFace Spaces. A previously undocumented NKAbuse variant was delivered through a typosquatted HuggingFace Space, utilizing NKN blockchain for command and control. Between April 11-14, 2026, eleven unique source IPs across ten countries generated 662 exploit events. Attack patterns included reverse shell campaigns, credential extraction targeting AWS keys and API tokens, DNS exfiltration, and lateral movement to PostgreSQL and Redis databases via leaked credentials. The malware binary was disguised as a legitimate Kubernetes tool named kagent and implemented persistence through systemd services, crontab entries, and macOS LaunchAgents. This operation demonstrates threat actors specifically targeting AI/ML infrastructure and leveraging trusted platforms for malware distribution. Join the discussion | AlienVault OTX General | 04/16/2026, 08:36:45 UTC Added: 04/16/2026, 10:47:02 UTC |
Showing 1 to 1 of 1 result