Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Threat researchers at cloud security firm Sysdig have disclosed what they describe as the first documented ransomware operation carried out end-to-end by an autonomous AI agent, with no human typing ...
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted ...
Developers get unrestricted access to thousands of nearly CVE-free images from the Minimus catalog of distroless, hardened ...
a laptop screen with a webpage of the IT Army of Ukraine group of volunteer hackers. The IT Army of Ukraine first set up in the wake of Russia's devastating attack, and has since hugely grown in ...
In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million times per week on npm, and pushed poisoned versions straight to the public ...
Operation Navy Ghost is targeting Python developers who build Telegram bots by hiding backdoors inside trojanized Pyrogram forks uploaded to PyPI. The campaign has been active since November 2025, ...
CISA is one of around 100 organizations approved to use Anthropic’s Mythos model, which is far better than human penetration ...