logo

Researchers Claim First Fully Agentic Ransomware: JadePuffer

ID: 3bb6b631-c485-56a8-8ee1-5c3110a07ccb

STIX ID: report--3bb6b631-c485-56a8-8ee1-5c3110a07ccb

Feed Name: Infosecurity Magazine (News)

Threat Score
78/100

Date Published: 2026-07-06

Date Updated: 2026-07-06

...
...

Sysdig reports the discovery of "JadePuffer," an LLM-driven ransomware campaign that exploited CVE-2025-3248 against a Langflow instance to harvest credentials, move laterally to an Alibaba Nacos MySQL server (also exploiting CVE-2021-29441), create persistence, and encrypt and delete 1,342 Nacos configuration items using an ephemeral AES key—making recovery impossible; the attack was autonomous, adaptive, and highlights automation of old vulnerabilities and new detection opportunities.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.