Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model LLM agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an...

EUVD-2019-17222

Malware in sbrugna...

EUVD-2020-28101

Malware in sbrugna...

EUVD-2012-5502

Malware in sbrugna...

EUVD-2016-2412

Malware in sbrugna...

EUVD-2018-9615

Malware in sbrugna...

EUVD-2025-23526

Malicious code in bioql PyPI...

EUVD-2025-22715

Malicious code in bioql PyPI...

EUVD-2023-27049

Malicious code in bioql PyPI...

EUVD-2022-5656

Malicious code in bioql PyPI...

CVE-2025-44954

RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account...

CVE-2025-44954

RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account...

CVE-2025-29630

Gardyn Home Kit Firmware allows a remote attacker with the corresponding ssh private key to achieve remote root access...

CVE-2025-29630

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue; there is no indication that an applicable SSH private key has ever been compromised. Notes: none...

CVE-2025-29630

Summary: CVE-2025-29630 affects Gardyn 4 and enables a remote attacker who possesses the corresponding SSH private key to gain remote root access to affected devices. The vulnerability is characterized by an SSH key backdoor/backdoor-like access enabling total compromise of the device, with high ...

CVE-2025-29630

...

PT-2025-30889 · Gardyn 4 · Gardyn 4

Name of the Vulnerable Software and Affected Versions: Gardyn version 4 Description: An issue in Gardyn 4 allows a remote attacker possessing the corresponding SSH private key to gain remote root access to affected devices. Recommendations: Ensure the SSH private key is securely stored and access...

CVE-2023-22948

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph...

CVE-2018-16158

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins to uid 0 via the PubkeyAuthentication...

CVE-2012-1493

F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not...