The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.