Langflow Flaw Used by JadePuffer in AI Ransomware Attack

Langflow flaw jadepuffer thumbnail

Langflow Flaw Used by JadePuffer in AI Ransomware Attack

Threat actor JadePuffer executed a ransomware attack by exploiting a critical vulnerability (CVE-2025-3248) within an internet-exposed Langflow instance. Utilizing an autonomous LLM agent, the attacker conducted real-time reconnaissance, harvested credentials, and moved laterally to a production server hosting Alibaba Nacos. The AI agent dynamically adapted its payloads to bypass security, dropped database schemas, and encrypted 1,342 configuration items for extortion, demonstrating how agentic AI fully automates complex, multi-stage cyberattacks.

Source: Security Week

 

16-year-old Linux Kernel Vulnerability Allows VM Escape

A 16-year-old Linux kernel vulnerability called Januscape (CVE-2026-53359) allows attackers to escape virtual machines and execute arbitrary code as root on the host. The vulnerability stems from a use-after-free weakness in the shadow MMU emulation of KVM/x86, the kernel-based virtual machine built for x86 and x86_64 (AMD64) processor architectures. It is the first guest-to-host exploit affecting both Intel and AMD architectures, posing a severe risk to multi-tenant cloud environments.

Source: Bleeping Computer

 

Penta Security Awarded with Frost & Sullivan’s 2026 South Korea Company of the Year Recognition

Frost & Sullivan has named Penta Security as the 2026 South Korea Company of the Year in the Web Application Firewall (WAF) industry. The recognition honors the company’s innovation, strategic execution, and customer-first approach. Penta Security’s flagship WAF solution, WAPPLES, utilizes a proprietary engine for advanced, AI-driven logical and semantic traffic analysis. This tech enables flexible cloud-native and SaaS deployments, securing steady double-digit revenue growth across government, finance, and healthcare sectors.

Source: PR Newswire

 

FortiBleed Linked to Lynx Ransomware

Latest research directly links FortiBleed credential-theft campaign to the INC and Lynx ransomware operations. Investigators discovered an infrastructure server with active access to ransomware negotiation panels, revealing a much larger scope than previously known. The threat actors targeted over 430,000 FortiGate firewalls worldwide, deploying packet sniffers on roughly 19,000 devices. They also exploited an undisclosed Nextcloud zero-day vulnerability and planted persistent “adminin” backdoor accounts.

Source: Bleeping Computer


 

Click here to subscribe our Newsletter