Langflow Flaw Used by JadePuffer in AI Ransomware Attack
Langflow Flaw Used by JadePuffer in AI Ransomware Attack
Threat actor JadePuffer executed a ransomware attack by exploiting a critical vulnerability (CVE-2025-3248) within an internet-exposed Langflow instance. Utilizing an autonomous LLM agent, the attacker conducted real-time reconnaissance, harvested credentials, and moved laterally to a production server hosting Alibaba Nacos. The AI agent dynamically adapted its payloads to bypass security, dropped database schemas, and encrypted 1,342 configuration items for extortion, demonstrating how agentic AI fully automates complex, multi-stage cyberattacks.
Source: Security Week
16-year-old Linux Kernel Vulnerability Allows VM Escape
A 16-year-old Linux kernel vulnerability called Januscape (CVE-2026-53359) allows attackers to escape virtual machines and execute arbitrary code as root on the host. The vulnerability stems from a use-after-free weakness in the shadow MMU emulation of KVM/x86, the kernel-based virtual machine built for x86 and x86_64 (AMD64) processor architectures. It is the first guest-to-host exploit affecting both Intel and AMD architectures, posing a severe risk to multi-tenant cloud environments.
Source: Bleeping Computer
Penta Security Awarded with Frost & Sullivan’s 2026 South Korea Company of the Year Recognition
Frost & Sullivan has named Penta Security as the 2026 South Korea Company of the Year in the Web Application Firewall (WAF) industry. The recognition honors the company’s innovation, strategic execution, and customer-first approach. Penta Security’s flagship WAF solution, WAPPLES, utilizes a proprietary engine for advanced, AI-driven logical and semantic traffic analysis. This tech enables flexible cloud-native and SaaS deployments, securing steady double-digit revenue growth across government, finance, and healthcare sectors.
Source: PR Newswire
FortiBleed Linked to Lynx Ransomware
Latest research directly links FortiBleed credential-theft campaign to the INC and Lynx ransomware operations. Investigators discovered an infrastructure server with active access to ransomware negotiation panels, revealing a much larger scope than previously known. The threat actors targeted over 430,000 FortiGate firewalls worldwide, deploying packet sniffers on roughly 19,000 devices. They also exploited an undisclosed Nextcloud zero-day vulnerability and planted persistent “adminin” backdoor accounts.
Source: Bleeping Computer
Click here to subscribe our Newsletter

