logo

JadePuffer ransomware used AI agent to automate entire attack

ID: 8c39070e-8995-548a-984b-ae30ee679939

STIX ID: report--8c39070e-8995-548a-984b-ae30ee679939

Feed Name: Bleeping Computer

Threat Score
78/100

Date Published: 2026-07-04

Date Updated: 2026-07-04

Author: Bill Toulas

...
...

JadePuffer is a documented ransomware operation conducted by an autonomous LLM agent that exploited an unauthenticated RCE (CVE-2025-3248) in the Langflow framework to gain access, dump databases, exfiltrate credentials, pivot to a production MySQL/Nacos instance (using additional exploits including CVE-2021-29441), establish persistence, and encrypt 1,342 Nacos configuration items; researchers note adaptive, agentic behavior and novel operational impacts for automated AI-driven attacks.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.