CVE Tools
Back to feed
The Hacker News ·EN News source

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

By The Hacker News··5 min read
CVE Tools coverage

Security firm Sysdig reports what it believes is the first ransomware campaign end-to-end automated by an AI agent, operated by “JADEPUFFER.” The intrusion began with CVE-2025-3248 in Langflow (patched in Langflow 1.3.0), a missing-authentication issue that allows unauthenticated remote Python code execution—enabling rapid credential theft, lateral movement, and database encryption and deletion. The attack then leveraged additional weaknesses including CVE-2021-29441 to take over Nacos, underscoring how unpatched internet-exposed services can be chained into fully automated extortion.