HARDENED Cybersecurity Intelligence Daily Briefing · Tuesday, April 14, 2026 · hardened.news |
> The signal. Not the noise. — For teams that defend. |
Lead Story | Critical — CVSS 9.3 | Dev · Cloud+DevOps |
|
AI Dev Toolchain Hit: Marimo’s Unauthenticated WebSocket Gives Anyone a Root Shell
CVE-2026-39987 in the Marimo Python notebook was under active exploitation within 10 hours of the advisory dropping — no credentials required, no proof-of-concept needed. The attacker read the spec and built the exploit themselves.
Marimo is an open-source reactive Python notebook built for AI and data science workflows. The authorization gap in CVE-2026-39987 (CVSS 9.3) is almost embarrassingly clean. Every other endpoint in the application authenticates the caller. The terminal WebSocket at /terminal/ws does not — from an attacker’s position, it is one HTTP upgrade request away from an interactive shell running as whatever account owns the server process. No credentials. No exploit chain. No waiting.
The Sysdig Threat Research Team caught the first exploitation attempt through a honeypot 9 hours and 41 minutes after the advisory was published — no public proof-of-concept code in circulation at the time. Whoever hit the endpoint first had constructed the attack from the advisory text alone. What followed was 90 minutes of manual, hands-on-keyboard activity: directory traversal, credential file harvesting, SSH key collection. The fix is in Marimo 0.23.0; all versions prior to 0.23.0 are affected.
For AI and data science teams, the threat model here is specific: Marimo instances exposed to a network — even an internal one — without a firewall or authentication layer in front of the terminal endpoint are fully compromised by any user who can reach them. The bigger pattern is worth noting: AI development tooling has expanded the attack surface for developer environments considerably in the last 18 months, and tools built for local-first data science workflows are increasingly being deployed in shared or networked contexts they were not designed for. The blast radius of a compromised notebook server includes every secret, credential, and model artefact stored on that host.
→ Key Takeaway Upgrade to Marimo 0.23.0 immediately. If you cannot patch now, firewall the /terminal/ws endpoint and restrict external access. Rotate any secrets or credentials accessible from the compromised host. HARDENED does not endorse or recommend specific vendors. Tools are listed for awareness only. |
Quick Hits
| 01 |
Adobe Acrobat Was Silently Reading Your Files Since December — Emergency Patch Released
CVE-2026-34621 (CVSS 8.6, CVSS 3.1 — some sources cite 9.6 under CVSS 4.0) is a prototype pollution vulnerability in Adobe Acrobat Reader. Most malicious PDFs announce themselves: something crashes, an AV fires, an anomalous process appears. This one doesn’t. The document opens normally. Using legitimate Acrobat APIs, it quietly reads local files and system details and forwards the results to attacker-controlled infrastructure — nothing visible to the user. The threat actor reviews what was collected and decides whether to invest further. EXPMON’s Haifei Li, who discovered the exploit, characterised it as a fingerprinting-style attack — selective and patient. He found it had been running against targets since December 2025, four months before a patch existed. Adobe patched under APSB26-43; fix is in Acrobat DC and Reader DC 26.001.21411 and later (26.x track), and 24.001.30362 for Windows / 24.001.30360 for macOS (24.x track). Every enterprise and end user running an unpatched version has been a potential target for four months. The Hacker News →
| High | Enterprise · End User |
|
| 02 |
CPUID’s Website Compromised — CPU-Z and HWMonitor Downloads Swapped for STX RAT
Unknown threat actors compromised the official CPUID website and swapped the download links for CPU-Z and HWMonitor — diagnostic staples in most IT shops — for trojanized builds carrying STX RAT. The substitution was live for roughly six hours across April 9–10. Anyone who pulled an installer from cpuid.com in that window received a package that used DLL sideloading to drop the malware alongside the real application; nothing in the installation flow looked wrong. STX RAT — first named and documented by eSentire in February 2026 — pairs hidden remote desktop access with broad credential harvesting across browsers, crypto wallets, and FTP clients. Its command-and-control uses a custom encrypted protocol built to avoid triggering signature-based network detections. Any IT shop or individual who downloaded CPUID tools in that window should treat that host as potentially compromised and rotate credentials. HARDENED does not endorse or recommend specific vendors. Tools are listed for awareness only. BleepingComputer →
| Critical | IT Ops · Cloud+DevOps |
|
CVE Watch
|
Zero-Day Watch
| BLUEHAMMER | NO CVE — UNPATCHED |
BlueHammer Drops on Patch Tuesday: A Windows LPE With No CVE, No Fix, and a Public PoC
On April 3, a researcher operating as “Chaotic Eclipse” published a Windows local privilege escalation exploit on GitHub after expressing frustration with Microsoft’s Security Response Centre over its handling of the disclosure. The exploit — named BlueHammer — works by exploiting a TOCTOU race in the Defender update cycle: when Defender creates a VSS snapshot mid-operation, it briefly exposes the Security Account Manager hive, the local store of password hashes. A path confusion weakness lets an attacker reach it before the window closes. Chaotic Eclipse acknowledged the exploit has bugs affecting consistency, and testing showed it does not reproduce on Windows Server — scope is Windows 10 and 11 clients. No CVE has been assigned. No patch exists. No in-the-wild exploitation has been confirmed.
No patch means this one gets managed with detection, not remediation. Here is where to start: Microsoft Defender definitions now include a static signature (Exploit:Win32/DfndrPEBluHmr.BB) targeting the original PoC — confirm your definitions are current. Beyond that, signature coverage will not hold as the PoC is modified, so Cyderes recommends layering in behavioral detections: VSS enumeration from non-system processes, Cloud Files sync root registration from untrusted processes, low-privileged processes acquiring SYSTEM-level tokens, and Event IDs 4723⁄4724 (rapid local admin password changes). If you run a SIEM, those event IDs are a practical starting point today. BleepingComputer →
| Vendor: Microsoft Windows 10 & 11 · CVE: Unassigned · Patch: None available · PoC: Public (GitHub, April 3, 2026) · Exploitation: Not confirmed in wild |
|
Compliance Tip of the Day
|
NIST CSF 2.0 — PR.AA — Protect: Identity Management, Authentication and Access Control
Authentication Must Cover Every Endpoint — Not Just the Ones You Remember
The PR.AA subcategory of NIST CSF 2.0 covers identity management and access control — in practice, making sure that every path into a system that should require credentials actually enforces them. Marimo’s CVE-2026-39987 is a textbook failure here: every WebSocket endpoint in the application called validate_auth() — except the one that handed out a PTY shell. The controls existed. The coverage did not. This pattern shows up regularly in developer tooling and internal services where terminal or debug endpoints are added incrementally and never formally threat-modelled. Concrete action (PR.AA-01): Audit the authentication coverage of your internally deployed developer tools — notebooks, dashboards, CI runners, debug endpoints. For each service, confirm that authentication is enforced at every entry point, not just the primary one. Assume any unauthenticated endpoint accessible from the network is reachable by an adversary who already has a foothold elsewhere on that network.
|
|
HARDENED | This newsletter does not constitute professional security advice. Security configurations and threat landscapes vary by organization. Consult a qualified security professional for implementation guidance specific to your environment. How we work: HARDENED uses AI agents for research, drafting, and automation. Every issue is reviewed by humans before publication. If you spot an error, reply directly — we correct the record promptly. Sources: The Hacker News (CVE-2026-39987, Marimo RCE), thehackernews.com · Sysdig Threat Research Team (9h41m honeypot exploitation timeline), sysdig.com · Endor Labs (Marimo pre-auth RCE technical analysis), endorlabs.com · NIST NVD (CVE-2026-39987 — CVSS 9.3 CVSS v4.0; affected: all versions prior to 0.23.0), nvd.nist.gov · Adobe Security Bulletin APSB26-43 (CVE-2026-34621), helpx.adobe.com/security/products/acrobat/apsb26-43.html · The Hacker News (CVE-2026-34621, Adobe Acrobat), thehackernews.com · EXPMON / Haifei Li (zero-day discovery, exploitation since December 2025), expmon.com · NIST NVD (CVE-2026-34621 — CVSS 8.6 CVSS 3.1; note: some secondary sources cite 9.6, likely CVSS 4.0 scoring), nvd.nist.gov · BleepingComputer (CPUID/STX RAT supply chain attack), bleepingcomputer.com/news/security/supply-chain-attack-at-cpuid-pushes-malware-with-cpu-z-hwmonitor/ · eSentire Threat Response Unit (STX RAT original discovery and naming, February 2026), esentire.com · Cyderes Howler Cell (CPUID/HWMonitor supply chain campaign analysis), cyderes.com · BleepingComputer (BlueHammer Windows LPE, April 2026), bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/ · Help Net Security (BlueHammer exploit leaked), helpnetsecurity.com/2026/04/08/bluehammer-windows-zero-day-exploit-leaked/ · Cyderes (BlueHammer technical analysis), cyderes.com/howler-cell/windows-zero-day-bluehammer · SC World (BlueHammer brief), scworld.com · NIST CSF 2.0 (PR.AA-01), nist.gov/cyberframework |
|
|
