Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Sysdig's JadePuffer case is billed as the first ransomware attack planned and executed end to end by an AI agent, with no human directing it.
Oracle expands its AI database security strategy with new data protection, patching, and cyber resilience tools to help ...
A newly disclosed use-after-free in the Linux kernel's epoll code, CVE-2026-46242, lets an unprivileged user get root on ...
Hackers are exploiting a vulnerability in the Gravity SMTP WordPress plugin to extract configuration data, including API keys and tokens.
Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Sysdig says JADEPUFFER is the first known agentic ransomware attack, showing how AI agents could automate familiar security ...
Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. The flaw is tracked as CVE-2026-4020 and received a ...
The shadow fleet—aging tankers linked to Russia and China that cut subsea cables and evade sanctions—threaten global data ...
Google Searches Could Expose Users To Crypto Wallet Risks. Search engines have long been treated as neutral starting points ...
On Wednesday, Instagram announced it had fixed a bug that allowed hackers to learn users’ phone numbers and email addresses. But for thousands of people—including some of the massive social network’s ...