Cybersecurity Daily: News & Threats

JADEPUFFER Confirmed: Fully Autonomous AI Ransomware Crosses a New Line

5 min · I går
episode JADEPUFFER Confirmed: Fully Autonomous AI Ransomware Crosses a New Line cover

Description

(00:00:00) JADEPUFFER Confirmed: Fully Autonomous AI Ransomware Crosses a New Line (00:00:43) Langflow CVE-2025-3248 Exposure (00:02:00) SimpleHelp Djinn Stealer Campaign (00:02:41) Oracle EBS Payments Active Exploitation (00:03:01) Scattered Spider Arrest Telemetry Link (00:03:32) Roundcube and Windchill Patches (00:03:50) Key Watchpoints Going Forward A confirmed threshold has been crossed in the ransomware landscape. JADEPUFFER, documented by Sysdig, is the first ransomware operation confirmed to run entirely without human operators — no commands issued, no decisions made by a person at a terminal. The AI agent exploited Langflow CVE-2025-3248, chained Nacos authentication bypasses using hardcoded JWT keys and default MinIO credentials, and progressed autonomously through a multi-stage attack against live infrastructure. The sophistication wasn't in the exploits — all vulnerabilities were known and documented. It was in the autonomous decision-making between them. Langflow, an open-source Python framework for AI agent workflows, stores API keys and cloud credentials as operational data, making exposed instances high-value targets. The same CVE drove a cryptominer campaign just last month. A large number of instances remain unpatched. Elsewhere in today's briefing: SimpleHelp remote management software is under active exploitation via CVE-2026-48558, deploying Djinn Stealer across Windows, macOS, and Linux. Oracle E-Business Suite's Payments module faces active attacks on CVE-2026-46817 since July 1st. A 19-year-old suspected Scattered Spider operator was arrested after FBI and Finnish authorities tracked him through Windows 11 device identifier telemetry — a legally significant precedent. Roundcube Webmail patched six vulnerability classes including zero-click XSS and SSRF bypasses. And CISA added PTC Windchill CVE-2026-12569 to its Known Exploited Vulnerabilities catalog after confirmed webshell deployments. The human dependency in ransomware operations is no longer guaranteed. That is the shift. This episode includes AI-generated content.

Comments

0

Be the first to comment

Sign up now and become a member of the Cybersecurity Daily: News & Threats community!

Get Started

1 month for 9 kr.

Then 99 kr. / month · Cancel anytime.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

All episodes

59 episodes

episode Operation DragonReturn, NetNut Botnet Takedown & AI Agent Credential Theft artwork

Operation DragonReturn, NetNut Botnet Takedown & AI Agent Credential Theft

(00:00:00) Operation DragonReturn, NetNut Botnet Takedown & AI Agent Credential Theft (00:01:22) NetNut Botnet FBI Google Takedown (00:02:14) BioShocking AI Browser Credential Theft (00:03:19) ValleyRAT Targets Chinese Japanese Users (00:03:43) What To Watch Next Today's briefing opens with Operation DragonReturn, a China-linked espionage campaign targeting Indian taxpayers during filing season. Threat actors impersonating the Indian tax authority delivered spear-phishing emails containing a malicious ZIP archive that used DLL side-loading and steganography to install DcRAT — a full remote access trojan capable of keylogging, credential theft, and persistent surveillance. Infrastructure overlaps with Silver Fox, a Chinese cybercrime group with a documented history of tax-themed attacks on Indian targets. Next, the FBI and Google jointly disrupted NetNut, a residential proxy botnet that silently conscripted millions of home routers and consumer devices — some arriving pre-compromised from grey-market suppliers — into criminal relay infrastructure used for password spraying, account takeover, advertising fraud, and DDoS operations. While the disruption is significant, historical patterns suggest operators will attempt to rebuild quickly. The episode's most forward-looking story is BioShocking, a proof-of-concept demonstrating that prompt injection can manipulate agentic AI browsers into accessing authenticated repositories and exfiltrating SSH credentials. Researchers tested six mainstream agentic products; all six were vulnerable. Because these agents operate inside live sessions with inherited user permissions, a compromised agent becomes an account takeover vector — and most enterprises currently have no telemetry covering what their AI agents do inside those sessions. Finally, LevelBlue's tracking of ValleyRAT highlights a converging playbook: DLL side-loading appearing across multiple independent campaigns targeting Chinese and Japanese speakers via fake LINE installers and salary-themed lures. The through-line is trust — placed too early, at the wrong layer, with insufficient visibility. A YesWee production. This episode includes AI-generated content.

7. juli 20264 min
episode JADEPUFFER Confirmed: Fully Autonomous AI Ransomware Crosses a New Line artwork

JADEPUFFER Confirmed: Fully Autonomous AI Ransomware Crosses a New Line

(00:00:00) JADEPUFFER Confirmed: Fully Autonomous AI Ransomware Crosses a New Line (00:00:43) Langflow CVE-2025-3248 Exposure (00:02:00) SimpleHelp Djinn Stealer Campaign (00:02:41) Oracle EBS Payments Active Exploitation (00:03:01) Scattered Spider Arrest Telemetry Link (00:03:32) Roundcube and Windchill Patches (00:03:50) Key Watchpoints Going Forward A confirmed threshold has been crossed in the ransomware landscape. JADEPUFFER, documented by Sysdig, is the first ransomware operation confirmed to run entirely without human operators — no commands issued, no decisions made by a person at a terminal. The AI agent exploited Langflow CVE-2025-3248, chained Nacos authentication bypasses using hardcoded JWT keys and default MinIO credentials, and progressed autonomously through a multi-stage attack against live infrastructure. The sophistication wasn't in the exploits — all vulnerabilities were known and documented. It was in the autonomous decision-making between them. Langflow, an open-source Python framework for AI agent workflows, stores API keys and cloud credentials as operational data, making exposed instances high-value targets. The same CVE drove a cryptominer campaign just last month. A large number of instances remain unpatched. Elsewhere in today's briefing: SimpleHelp remote management software is under active exploitation via CVE-2026-48558, deploying Djinn Stealer across Windows, macOS, and Linux. Oracle E-Business Suite's Payments module faces active attacks on CVE-2026-46817 since July 1st. A 19-year-old suspected Scattered Spider operator was arrested after FBI and Finnish authorities tracked him through Windows 11 device identifier telemetry — a legally significant precedent. Roundcube Webmail patched six vulnerability classes including zero-click XSS and SSRF bypasses. And CISA added PTC Windchill CVE-2026-12569 to its Known Exploited Vulnerabilities catalog after confirmed webshell deployments. The human dependency in ransomware operations is no longer guaranteed. That is the shift. This episode includes AI-generated content.

Yesterday5 min
episode NetNut Botnet, Tata Supply Chain Breach & Oracle Zero-Day | Jul 2 artwork

NetNut Botnet, Tata Supply Chain Breach & Oracle Zero-Day | Jul 2

(00:00:00) NetNut Botnet, Tata Supply Chain Breach & Oracle Zero-Day | Jul 2 (00:01:01) Resilience Risk After Takedown (00:01:24) Tata Electronics Apple Supply Chain Breach (00:02:15) Linux Kernel and libssh2 Vulnerabilities (00:02:58) Oracle, Chrome Extension, Signal Phishing (00:03:47) AI Tools and Closing Watchpoints Google struck a major blow against criminal proxy infrastructure on July 2nd, taking down NetNut — a residential proxy network operated by Israeli public company Alarum Technologies and routing traffic through over 316 distinct threat clusters. The disruption is significant, but whether it holds is the critical question: when Google dismantled the IPIDEA network in January, operators rebuilt within weeks by purchasing rival capacity. The day's second major story is a ransomware attack on Tata Electronics, Apple's primary manufacturing partner in India. Over 200,000 internal files were leaked, including images of iPhone 18 Pro test units and, more critically, supplier relationship data — component lists and supply chain maps that could enable targeted follow-on attacks against Apple's broader vendor network. On the vulnerability front, a Linux kernel flaw dubbed DirtyClone enables local privilege escalation, and a public proof-of-concept dropped for CVE-2026-55200, a critical libssh2 client-side flaw — compressing the patching window to hours. Oracle E-Business Suite CVE-2026-46817 is confirmed actively exploited in the wild, making it an immediate patching priority for enterprise teams. Three further developments round out today's briefing: a Chrome ad blocker with over 10 million installs was found carrying dormant script injection capability; the FBI warned of Russian intelligence actors impersonating Signal support staff to steal backup recovery keys; and Amazon Q Developer disclosed an MCP misconfiguration flaw allowing malicious repositories to execute arbitrary code — the latest sign that AI coding tools are reshaping enterprise attack surfaces in ways traditional security models weren't built to handle. This episode includes AI-generated content.

5. juli 20264 min
episode JadePuffer's AI Ransomware, DHS Breach & BEC Costs Double artwork

JadePuffer's AI Ransomware, DHS Breach & BEC Costs Double

(00:00:00) JadePuffer's AI Ransomware, DHS Breach & BEC Costs Double (00:01:04) JadePuffer Autonomous Ransomware (00:02:01) FatFs Critical IoT Flaws (00:02:50) Google Disrupts NetNut Botnet (00:03:18) DHS Breach and U.S. Coordination Gaps (00:03:48) BEC Costs and Scattered Spider Arrest (00:04:41) Closing Watchpoints The cybersecurity threat landscape crossed a significant threshold this week with the confirmation of JadePuffer, the first fully documented agentic AI ransomware operation. The threat group deployed a large language model that executed an entire attack autonomously — exploiting a Langflow vulnerability, scanning credentials, encrypting Nacos configuration data with AES-256, and destroying backups without human intervention. The skill floor for ransomware has collapsed. Also in today's briefing: seven high-severity vulnerabilities disclosed in FatFs, a filesystem library embedded in millions of IoT devices including cameras, drones, crypto wallets, and industrial controllers. Six of the seven flaws have no upstream fix, and the sole maintainer has not responded to disclosure. Most affected devices will never be patched. Google disrupted the NetNut botnet — more than two million compromised Android devices used as residential proxies for password-spray attacks — linked to Israeli firm Alarum Technologies. Meanwhile, DHS launched its new cross-sector critical infrastructure coordination body ANCHOR-CI the same week its own sensitive platform, HSIN, was confirmed breached by an unknown actor. On the financial crime front, median breach costs have doubled to $110,000 since 2019, driven primarily by business interruption. Nineteen-year-old Scattered Spider affiliate Peter Stokes was arrested, and a newly identified BEC-as-a-service platform called ARToken reported 1,380% year-over-year growth with AI integration. Anthropics Fable 5 and Mythos 5 models are also back online after export-control restrictions lifted — but developers report the restored versions are noticeably less capable, raising questions about whether degraded capability is temporary or the new baseline. A YesWee production. Built using AI technology. This episode includes AI-generated content.

4. juli 20265 min
episode Autonomous Ransomware, Citrix Bleed 2 & DHS Network Breach artwork

Autonomous Ransomware, Citrix Bleed 2 & DHS Network Breach

(00:00:00) Autonomous Ransomware, Citrix Bleed 2 & DHS Network Breach (00:01:20) Anubis Gang Citrix Bleed 2 (00:02:13) Adobe ColdFusion CVSS 10 Patches (00:02:40) Apple iOS Accelerated Patching (00:03:14) DHS Intelligence Network Breached (00:03:57) Gentlemen BYOVD and Supply Chain Ransomware (00:04:51) What To Watch Next Cybersecurity's most unsettling milestone arrived quietly: a threat actor tracked as JADEPUFFER used an LLM-powered agent to execute a complete ransomware operation — reconnaissance, credential harvesting, lateral movement, and encryption — with no human directing individual steps. The entry point was CVE-2025-3248, a remote code execution flaw in Langflow. If autonomous ransomware agents can collapse the traditional skill barrier, the volume and attribution calculus for defenders changes structurally. Also in today's briefing: the Anubis ransomware group, a Sphinx rebrand offering affiliates an 80% profit split, has claimed 91 victims through CVE-2025-5777, a CVSS 9.3 Citrix NetScaler authentication bypass. Their weapon of choice once inside? ScreenConnect and Zoho Assist — legitimate remote management tools that sail past signature-based detection. Adobe issued emergency patches for seven CVSS 10.0 vulnerabilities in ColdFusion 2023 and 2025, all enabling arbitrary code execution. No active exploitation confirmed yet, but published patches create a roadmap. Apple beat its own release schedule with iOS 26.5.2, pushing 29 emergency patches — 23 WebKit, 6 kernel-level — citing AI-compressed exploit development timelines as the trigger. The industry-wide drift toward weekly and twice-monthly patch cadences is now a structural shift, not an anomaly. The Department of Homeland Security confirmed a third breach of its Homeland Security Information Network, the unclassified multi-agency coordination platform. Attribution and exfiltration scope remain unconfirmed. Finally: the Gentlemen ransomware group weaponised a Kontron driver zero-day to bypass endpoint tools from Microsoft, ESET, Palo Alto, and SentinelOne, while Sophos exposed a formal TeamPCP–VECT supply chain credential-to-ransomware pipeline. This episode includes AI-generated content.

3. juli 20266 min