Sysdig researchers reported the first documented case of agentic ransomware, where an AI-driven operation handled reconnaissance, credential theft, lateral movement, persistence, encryption, destruction, and ransom note delivery. The attack, tracked as JadePuffer, exploited CVE-2025-3248 in Langflow and targeted a production server running MySQL and Alibaba Nacos. #JadePuffer #Langflow #CVE-2025-3248 #MySQL #AlibabaNacos
Keypoints
- Sysdig identified the first documented agentic ransomware attack.
- The AI agent carried out many stages of the extortion workflow.
- Initial access came through a Langflow vulnerability, CVE-2025-3248.
- The target environment included MySQL and Alibaba Nacos servers.
- Researchers found the operation used multiple AI models and was guided by a human operator.
Read More: https://cyberscoop.com/sysdig-judepuffer-ai-agentic-ransomware-attack/