Updated
Updated · The Hacker News · Jul 2
JADEPUFFER Automates 1,342-Setting Ransomware Attack via Langflow RCE, Wiping Production Database
Updated
Updated · The Hacker News · Jul 2

JADEPUFFER Automates 1,342-Setting Ransomware Attack via Langflow RCE, Wiping Production Database

3 articles · Updated · The Hacker News · Jul 2

Summary

  • Sysdig said JADEPUFFER ran what it believes is the first end-to-end AI-agent ransomware attack, breaching an unpatched Langflow server and ultimately encrypting and wiping a victim’s production database.
  • CVE-2025-3248 in Langflow gave the agent unauthenticated code execution; it then harvested API keys and cloud credentials, abused a MinIO server still using minioadmin:minioadmin, and planted a 30-minute beacon for persistence.
  • The agent pivoted to an internet-facing MySQL and Nacos setup, logged into the database as root, exploited Nacos auth bypass CVE-2021-29441 plus its long-unchanged default signing key, and encrypted all 1,342 Nacos settings before dropping tables.
  • Sysdig said payment would not restore data because the malware generated a random key, displayed it once, and never stored or transmitted it; researchers also found no evidence backing the code’s claim that data had been copied elsewhere.
  • More than 600 purposeful payloads and rapid self-correction in 31 seconds pointed to AI control, underscoring Sysdig’s warning that autonomous agents can cheaply weaponize old, unpatched internet-facing software.

Insights

Why did the first AI hacker destroy its victim's data instead of collecting a real ransom?
Was the first AI cyberattack truly autonomous, or was a human operator hiding behind the machine?
As AI hackers attack in seconds, is the era of human-led cybersecurity already over?