Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
Sophia Oguri is on the front lines of AI transformation, updating workflows for the biggest investors in AI infrastructure.
The $149 Dune keyboard can be a meeting controller at least and a script-executing keypad at best.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Citrix NetScaler received patches for another memory leak vulnerability similar to CitrixBleed, as well as memory overflow, file read and denial-of-service issues ...
研究人员指出,这是目前公开披露的全球首个有完整记录、完全由 AI Agent 自动执行的勒索软件攻击案例,它利用公开漏洞入侵系统后,自主完成了从侦察、窃取凭证、横向移动到最终加密和摧毁数据库的完整攻击链路,全程无需人类操作。
安全研究机构 Sysdig 发布报告称,其威胁研究团队发现全球首例完全由 AI 智能体自主执行的勒索软件攻击事件。该攻击被命名为 JADEPUFFER,其显著特征在于全程无需人类干预,即可完成从系统入侵到数据摧毁的完整攻击链路。 攻击溯源显示,初始突破口为一台暴露在公网的 Langflow 服务。攻击者利用 CVE-2025-3248 漏洞,在无需身份验证的情况下远程执行 Python 代码获取主 ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果