Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize ...
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented ...
Access the public link with the browser developers tools open and execute the flow. Find the /api/v1/build_public_tmp route and copy as cURL Edit the data.nodes[X].data.node.template.code.value JSON ...
Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...
Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and trigger remote code execution across tenants. A design flaw in the Vertex AI ...