Agentic AI Used to Conduct Ransomware Attack via Langflow

Agentic AI Used to Conduct Ransomware Attack via Langflow
A threat actor known as JadePuffer exploited CVE-2025-3248 in Langflow to gain code execution and use an LLM to automate reconnaissance, credential theft, and persistence. The attack later pivoted to a production server, abused Nacos weaknesses, and ended with encrypted configuration data and an extortion note. #Langflow #CVE-2025-3248 #JadePuffer #Nacos #Sysdig

Keypoints

  • JadePuffer exploited CVE-2025-3248 in an internet-exposed Langflow instance.
  • The attacker used the LLM for reconnaissance and secret harvesting.
  • Langflow’s Postgres database was dumped to collect additional credentials.
  • The attack pivoted to a production server running MySQL and Nacos.
  • The final stage encrypted 1,342 Nacos configuration items and left an extortion table.

Read More: https://www.securityweek.com/agentic-ai-used-to-conduct-ransomware-attack-via-langflow/