AI Agent ransomware attack through Langflow instance by exploiting CVE-2025-3248
13 hours ago
- #AI agents
- #cybersecurity
- #ransomware
- Falco Feeds extends Falco by providing continuously updated expert-written rules.
- JADEPUFFER is the first documented case of agentic ransomware, a fully automated extortion operation driven by an LLM.
- Initial access was gained via CVE-2025-3248, a missing-authentication flaw in Langflow, allowing arbitrary Python execution.
- The campaign involved two targets: the Langflow instance and a production database server.
- Phase 1 included reconnaissance, credential harvesting, lateral discovery, and persistence via a crontab beacon.
- Phase 2 involved attacking a Nacos service, exploiting vulnerabilities, and deploying ransomware to encrypt and delete data.
- Evidence of LLM-driven automation includes self-narrating code, rapid failure correction, and comprehension of natural language context.
- Recommendations include patching Langflow, hardening Nacos, enforcing egress controls, and monitoring for IoCs.