Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Sysdig's JadePuffer case is billed as the first ransomware attack planned and executed end to end by an AI agent, with no human directing it.
Your AI agent did exactly what it was designed to do. The framework underneath it just handed an attacker a shell on the box that holds your OpenAI key, your database credentials, and your CRM tokens.
Hands On For all the buzz surrounding them, AI agents are simply another form of automation that can perform tasks using the tools you've provided. Think of them as smart macros that make decisions ...
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework ...
Researchers from security firm Trend Micro warn that a critical remote code execution vulnerability patched in April in the Langflow AI agent framework is being exploited to deploy botnet malware. The ...
A critical vulnerability in Langflow, an open source framework for AI agent development, has been exploited in the wild shortly after its initial disclosure. The Cybersecurity and Infrastructure ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results