Sysdig clocks first documented case of agentic ransomware

Sysdig clocks first documented case of agentic ransomware
Sysdig researchers reported the first documented case of agentic ransomware, where an AI-driven operation handled reconnaissance, credential theft, lateral movement, persistence, encryption, destruction, and ransom note delivery. The attack, tracked as JadePuffer, exploited CVE-2025-3248 in Langflow and targeted a production server running MySQL and Alibaba Nacos. #JadePuffer #Langflow #CVE-2025-3248 #MySQL #AlibabaNacos

Keypoints

  • Sysdig identified the first documented agentic ransomware attack.
  • The AI agent carried out many stages of the extortion workflow.
  • Initial access came through a Langflow vulnerability, CVE-2025-3248.
  • The target environment included MySQL and Alibaba Nacos servers.
  • Researchers found the operation used multiple AI models and was guided by a human operator.

Read More: https://cyberscoop.com/sysdig-judepuffer-ai-agentic-ransomware-attack/