Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Security firm Trusteer uncovered a 100,000-strong botnet swiping banking credentials, credit card information and other data from Windows users.