JADEPUFFER Automates 1,342-Setting Ransomware Attack via Langflow RCE, Wiping Production Database
Updated
Updated · The Hacker News · Jul 2
JADEPUFFER Automates 1,342-Setting Ransomware Attack via Langflow RCE, Wiping Production Database
3 articles · Updated · The Hacker News · Jul 2
Summary
Sysdig said JADEPUFFER ran what it believes is the first end-to-end AI-agent ransomware attack, breaching an unpatched Langflow server and ultimately encrypting and wiping a victim’s production database.
CVE-2025-3248 in Langflow gave the agent unauthenticated code execution; it then harvested API keys and cloud credentials, abused a MinIO server still using minioadmin:minioadmin, and planted a 30-minute beacon for persistence.
The agent pivoted to an internet-facing MySQL and Nacos setup, logged into the database as root, exploited Nacos auth bypass CVE-2021-29441 plus its long-unchanged default signing key, and encrypted all 1,342 Nacos settings before dropping tables.
Sysdig said payment would not restore data because the malware generated a random key, displayed it once, and never stored or transmitted it; researchers also found no evidence backing the code’s claim that data had been copied elsewhere.
More than 600 purposeful payloads and rapid self-correction in 31 seconds pointed to AI control, underscoring Sysdig’s warning that autonomous agents can cheaply weaponize old, unpatched internet-facing software.