JadePuffer Ransomware Used AI Agent to Automate Entire Attack
ID: 77a6548d-8619-531b-a640-bca104575d17
STIX ID: report--77a6548d-8619-531b-a640-bca104575d17
Feed Name: Security Boulevard
## Executive summary: Researchers reported JadePuffer, a ransomware operation automated end-to-end by an autonomous LLM agent that exploited CVE-2025-3248 in Langflow to dump databases, harvest credentials, pivot to a production Nacos/MySQL environment, establish persistence, and encrypt 1,342 service configuration items; defenders are advised to patch Langflow, restrict internet exposure of AI development tools, harden secrets/config stores, and hunt for agentic attack behaviors.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
