A critical security flaw in Marimo, a popular open-source Python notebook tool, was exploited by hackers just nine hours after being publicly disclosed, according to cloud security firm Sysdig. The vulnerability allowed attackers to gain full shell access without authentication due to a missing security check in the terminal WebSocket endpoint. The attacker built a working exploit from the security advisory alone, then used it to steal credentials and search for SSH keys in under three minutes.