[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:sysdig-clocks-first-documented-case-of-agentic-ransomware-mr9y62go":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":13,"action_required":18,"article_ids":19,"ioc_summary":21,"source_urls":22,"status":24,"expires_at":25,"created_at":26,"updated_at":27,"articles":28},"02e17f6d-3d86-4d10-83ec-251fab9580ca","Sysdig clocks first documented case of agentic ransomware","sysdig-clocks-first-documented-case-of-agentic-ransomware-mr9y62go","JadePuffer deployed the first documented end-to-end agentic ransomware attack in June 2026, using AI agents to autonomously conduct reconnaissance, steal credentials, move laterally, and encrypt systems. The attack exploited CVE-2025-3248 in Langflow and targeted MySQL and Alibaba Nacos instances. This represents a significant threat escalation: AI-orchestrated ransomware executes 600+ payloads with 31-second error correction cycles, dramatically lowering the skill floor for ransomware operations.","critical","advisory",[12],"CVE-2025-3248",[14,15,16,17],"Sysdig","Langflow","MySQL","Alibaba Nacos","Immediately patch all Langflow instances to the latest version to close CVE-2025-3248. Hunt for exploitation attempts and suspicious lateral movement in MySQL and Nacos logs. Flag any anomalous LLM API calls (OpenAI, Anthropic, DeepSeek, Gemini tokens) in your environment.",[20],"80704ee8-7783-4fb4-aa72-cfe96ec373c6",null,[23],"https:\u002F\u002Fcyberscoop.com\u002Fsysdig-judepuffer-ai-agentic-ransomware-attack\u002F","active","2026-07-09T01:05:12.39+00:00","2026-07-07T01:05:18.921872+00:00","2026-07-07T01:07:44.470528+00:00",[29],{"id":20,"title":6,"url":23}]