Cyber Security News

Hacking Editorial Brief — June 3, 2026

Threat Actor Exploits Marimo Notebook RCE for Cloud Credential Theft

An unidentified threat actor exploited CVE-2026-39987, a remote code execution vulnerability in Marimo notebooks, to extract cloud credentials and exfiltrate an entire PostgreSQL database in under two minutes. The attack demonstrates the speed and precision with which adversaries are targeting data science and development environments to access cloud infrastructure. Marimo notebooks, used for interactive Python development, present an attractive attack surface when exposed with insufficient access controls. The incident underscores the risk posed by RCE vulnerabilities in collaborative development tools that often maintain direct access to production credentials and sensitive data stores.

Russian-Speaking Actor Conducts Mass Campaign Using Stolen Gemini API Keys

A Russian-speaking threat actor leveraged 7,373 stolen Google Gemini API keys to execute a wide-ranging malicious campaign involving propaganda generation, credential theft, and cryptocurrency fraud. The operation successfully cracked 2,929 WordPress administrator accounts and conducted automated attacks at scale using Google's AI infrastructure. The use of stolen API keys allowed the actor to bypass rate limits and operational costs while obscuring attribution. This campaign illustrates an emerging threat pattern where attackers weaponize compromised cloud AI service credentials to conduct high-volume automated operations including brute-force attacks, content generation for influence operations, and credential stuffing across web platforms.

Sources: The Hacker News · Cyberpress