Researchers at Sysdig say an AI agent called JADEPUFFER carried out a fully autonomous ransomware attack in just 31 seconds, exploiting a Langflow CVE-2025-3248 flaw, adapting to failed exploits in ...
JadePuffer exploited a vulnerable Langflow server, harvested credentials, moved laterally, and encrypted more than 1,300 ...
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
The FBI warned that TeamPCP software supply chain attacks targeted developer tools to steal cloud credentials, SSH keys, and ...
Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
Everything you need to know about how we analyzed the 13,000+ comments submitted in the federal government’s request for ...
They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented ...
AI agents waste massive cloud space, so block this bloat early with strict policy checks, illustrated using Terraform and ...
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...