Interestingly, only a few days after writing this toot, I somehow wound up with an invitation to use the molab online notebooks from #Marimo (https://marimo.io/).
I am happy to announce that molab notebooks are indeed able to load and run #RDKit; this will help immensely for people like me who are stuck on using stuff from the browser due to various constraints.
Marimo: Das Python-Notebook, das endlich Sinn ergibt
Schon mehrfach hatte ich in diesem Blog Kritzelheft über Marimo, den neuen Stern am Python-Notebook-Himmel berichtet. Und immer waren diese Berichte mit guten Vorsätzen pepflastert, die nie zur Ausführung kamen. Heute also in weiterer Anlauf. Schauen wir mal, was daraus wird. https://kantel.github.io/posts/2026060201_marimo_introduction/ #Python #Marimo #Py5
⚠️ LLM-Agent bei realem Angriff: Nach Breach eines Marimo-Notebooks via CVE-2026-39987 (Pre-Auth RCE ≤0.20.4) stahlen Angreifer Cloud-Credentials, einen SSH-Key aus AWS Secrets Manager und exfiltrierten eine PostgreSQL-DB über 8 SSH-Sessions in unter 2 Minuten.
- omg how am I only thinking of astral's #uv and #ruff now?? It is so great, much better than anything else. I was very sad that astral was bought by openai 🤖
- I also really dislike Jupyter notebooks and hate how much they are being (ab)used. I'm trying #marimo which I do like but I find it hard to share analyses with others internally. I'll find my way, but I do miss RStudio's native quarto integration (i know quarto also does python but in reality it hasn't yet worked out for me)
n/n
CVE Alert: CVE-2026-39987 - marimo-team - marimo - https://www.redpacketsecurity.com/cve-alert-cve-2026-39987-marimo-team-marimo/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-39987 #marimo-team #marimo
Hackers exploit #Marimo flaw to deploy #NKAbuse #malware from #HuggingFace
Hackers exploit Marimo flaw to spread NKAbuse malware via Hugging Face
Hackers are exploiting a critical flaw in Marimo's reactive Python notebook to spread a new variant of NKAbuse malware, sneaking malicious payloads onto Hugging Face Spaces, a popular platform for sharing machine learning models. This alarming attack highlights the need for vigilance when it comes to defending against malware…
#Marimo #NkabuseMalware #HuggingFace #MalwareOperations #EmergingThreats
Critical #Marimo pre-auth RCE flaw now under active exploitation
Marimo Flaw Exploited for Credential Theft in Active Attacks
A critical vulnerability in Marimo is being actively exploited by attackers to steal sensitive credentials, and it requires no prior authentication to run code remotely. This flaw has severe consequences for organizations using Marimo, making it essential to take immediate action.
#Marimo #CredentialTheft #RemoteCodeExecution #Preauthentication #ActiveExploitation
𝓙. 𝓜.
Jörg Kantel
Neo
Erik-Jan
RedPacket Security
The New Oil
Analyst207
securityaffairs