The Hacker News ·EN News source
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
CVE Tools coverage
Security firm Sysdig reports what it believes is the first ransomware campaign end-to-end automated by an AI agent, operated by “JADEPUFFER.” The intrusion began with CVE-2025-3248 in Langflow (patched in Langflow 1.3.0), a missing-authentication issue that allows unauthenticated remote Python code execution—enabling rapid credential theft, lateral movement, and database encryption and deletion. The attack then leveraged additional weaknesses including CVE-2021-29441 to take over Nacos, underscoring how unpatched internet-exposed services can be chained into fully automated extortion.