Book: AI Agents Pocket Guide Also by me: Prompt Engineering Pocket Guide My project: Hermes IDE | GitHub — an IDE for developers who ship with Claude Code and other AI coding tools Me: xgabriel.com | GitHub In April 2026, a typosquatted Hugging Face Space called vsccode-modetx started serving a Go-based backdoor that used the NKN blockchain for command-and-control , disguising the binary as a Kubernetes agent named kagent . The underlying flaw, tracked as CVE-2026-39987 , gave unauthenticated attackers a full interactive shell on the host that loaded the model. According to Cyberpress's reporting , first active exploitation was logged less than 10 hours after the advisory was published, and over a three-day window attackers from roughly a dozen IP addresses across multiple countries fired hundreds of exploit events. One operator used the foothold to extract AWS access keys, Postgres connection strings, and OpenAI API tokens from environment variables on data-science workstations.…