Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors

July 6, 2026

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

July 6, 2026

Indirect Prompt Injection in Web Content Targets AI Agents

July 6, 2026
Facebook X (Twitter) Instagram
Monday, July 6
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Researchers Claim First Fully Agentic Ransomware: JadePuffer
News

Researchers Claim First Fully Agentic Ransomware: JadePuffer

Team-CWDBy Team-CWDJuly 6, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Cloud security firm Sysdig has released details on what it claims to be the world’s first ransomware campaign completely driven by a large language model (LLM).

Dubbed JadePuffer, the campaign targeted an internet-facing Langflow instance by exploiting CVE-2025-3248. It then ran “an adaptive and fully automated campaign” which resulted in “a destructive database-extortion playbook against the victim’s production database server,” according to Sysdig’s Threat Research Team.

Attack capabilities were delivered by an agent rather than a human-driven toolkit, the Sysdig research claimed, and the AI was capable of working autonomously retrying failed steps within refined parameters.

“In one sequence, it went from a failed login to a working fix in 31 second,” Sysdig said.

Read more on AI: Researchers Discover First Reported AI-Powered Ransomware.

The multi-stage attack began with several elements:

  • Langflow access via vulnerability exploitation
  • Reconnaissance and credential harvesting (LLM APIs, cloud credentials, database credentials etc)
  • Local data theft including Langflow’s own backing Postgres database
  • Lateral discovery for services reachable from the Langflow host
  • MinIO object-store enumeration and credential harvest
  • Creation of cron job on the Langlow server for persistence
  • Access to a production MySQL server running Alibaba Nacos (Naming and Configuration Service), using root credentials
  • Targeting of Nacos with various payloads including exploitation of CVE-2021-29441

Mass data destruction appears to have been the aim. The JadePuffer attackers encrypted all 1342 Nacos service configuration items and deleted the originals.

“Critically, the AES key was generated as base64(uuid4().bytes + uuid4().bytes), which is essentially random, and printed to stdout but never persisted or transmitted. The victim cannot recover the encrypted configurations even with payment,” Sysdig explained.

“Captured payloads show the LLM escalating from row-level deletion to dropping entire database schemas, narrating its own targeting rationale. The IP address, 64.20.53[.]230, only appears here with no evidence that anything was backed up to it.”

Four Key Takeaways

Sysdig claimed its JadePuffer discovery highlights four things:

  • Ransomware can be carried out by LLM agents rather than skilled threat actors. Reconnaissance, credential theft, lateral movement, persistence, and destruction are achievable without any operator expertise
  • Old vulnerabilities are being automated: The targeted attack leaned on years-old issues, a 2021 Nacos auth-bypass and an unchanged default signing key, on neglected, internet-exposed infrastructure
  • There are new opportunities for detection: An LLM narrates its own objectives in its payloads, providing a new detection and triage opportunity that could help network defenders
  • The exfiltration claim is the agent’s own assertion: The AES key was ephemeral and unrecoverable, so the victim’s configurations are unrecoverable even with payment

The age of agentic threat actors (ATAs) will erode the time security teams have to respond, argued Heath Renfrow, co-founder and CISO at breach recovery firm Fenix24.

“If an AI agent can compress what previously took an experienced operator several hours into a matter of minutes, defenders lose valuable time. That has implications across every phase of an incident, from detection and containment to recovery,” he said. 

“Organizations should resist focusing solely on whether an attacker is ‘AI-powered.’ The outcome is ultimately the same: compromised identities, stolen credentials, encrypted or destroyed data, and business disruption. Security teams should continue prioritizing the fundamental-rapid patching of internet-facing systems, strong identity protections, least privilege, network segmentation, continuous monitoring, and restricting unnecessary external exposure.”
 



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleGuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
Next Article Indirect Prompt Injection in Web Content Targets AI Agents
Team-CWD
  • Website

Related Posts

News

New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors

July 6, 2026
News

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

July 6, 2026
News

GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

July 6, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Common Apple Pay scams, and how to stay safe

January 22, 2026

It’s all fun and games until someone gets hacked

September 26, 2025

How chatbots can help spread scams

October 14, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.