Andrew Davies
Back to sources
email newsletterJuly 6, 2026

JadePuffer AI Attack πŸ€–,Anthropic v. Alibaba βš–οΈ, PamStealer macOS Bug 🍏

TLDR InfoSec

Retained excerpt

JadePuffer is the first known ransomware operation fully automated by an LLM-driven agent exploiting CVE-2025-3248 with no human intervention TLDR TLDR INFORMATION SECURITY 2026-07-06 πŸ”“ ATTACKS & VULNERABILITIES JADEPUFFER RANSOMWARE USED AI AGENT TO AUTOMATE ENTIRE ATTACK (5 MINUTE READ) JadePuffer, the first known ransomware operation fully automated by an LLM-driven agent exploiting CVE-2025-3248 in Langflow with no human intervention, conducted reconnaissance, stole credentials, performed lateral movement to an internet-exposed MySQL/Nacos server, encrypted 1,342 Nacos configuration items, and demanded Bitcoin payment, leaving the victim unable to recover data despite mitigation attempts. MEDTRONIC DATA BREACH IMPACTS 3.8 MILLION PEOPLE (2 MINUTE READ) ShinyHunters accessed Medtronic's corporate IT systems in April and stole patient data, including names, contact details, dates of birth, Social Security numbers, and health information. Medtronic reports 3,834,294 affected…

This limited excerpt is retained to explain the source trail. Rights remain with the original publisher.

JadePuffer AI Attack πŸ€–,Anthropic v. Alibaba βš–οΈ, PamStealer macOS Bug 🍏 | Crashboard