SecurityWeek ·EN-US News source
Agentic AI Used to Conduct Ransomware Attack via Langflow
CVE Tools coverage
A threat actor used agentic LLM-driven automation to carry out a ransomware operation after compromising internet-exposed Langflow via CVE-2025-3248, a critical missing authentication issue that enables arbitrary Python code execution on the host. The intruder tracked as JadePuffer then used AI-assisted reconnaissance and credential harvesting, before targeting a production MySQL and Alibaba Nacos setup, including abuse of CVE-2021-29441 and Nacos weaknesses tied to a default JWT signing key. This matters because it demonstrates how capable models can lower the barrier for large-scale, hands-off malicious actions against neglected and improperly hardened application and configuration infrastructure.