Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
DHS Confirms Breach of HSIN Information Sharing Network
July 2, 2026
ChatGPT Flaw Exposes User Files, Poses System Access Risk
July 2, 2026
Critical Oracle E-Business Suite CVE-2024-21094 exploited, exposing 900+ instances
July 2, 2026
Home/Threats/JADEPUFFER Ransomware Targets Cloud API Keys with Python Payloads
Threats

JADEPUFFER Ransomware Targets Cloud API Keys with Python Payloads

Key Takeaways JADEPUFFER represents the first documented instance of fully autonomous, AI-driven ransomware. The ransomware leverages a critical unauthenticated remote code execution vulnerability...

David kimber
David kimber
July 2, 2026 4 Min Read
3 0

Key Takeaways

  • JADEPUFFER represents the first documented instance of fully autonomous, AI-driven ransomware.
  • The ransomware leverages a critical unauthenticated remote code execution vulnerability (CVE-2025-3248) in Langflow instances.
  • It targets a wide array of cloud API keys, cryptocurrency wallets, and database credentials, including those for OpenAI, AWS, and Azure.
  • JADEPUFFER demonstrates adaptive capabilities, autonomously correcting its attack scripts in real-time.
  • Victims cannot recover data even by paying the ransom, as encryption keys are not saved.

The landscape of cyber threats has fundamentally shifted with the emergence of JADEPUFFER, a ransomware operation believed to be entirely controlled by an AI agent. This marks a significant departure from traditional ransomware, which typically relies on human operators or pre-scripted tools. JADEPUFFER, identified by researchers, operates as an “agentic threat actor,” utilizing a large language model to independently plan, adapt, and execute its attack chain.

Table Of Content

  • Key Takeaways
  • Initial Intrusion via Langflow Vulnerability
  • Agentic Ransomware JADEPUFFER Uses Base64 Python Payloads
  • From Access to Extortion

In a report shared with Cyber Security News (CSN), Sysdig said in a report that their analysis of captured payloads revealed an intrusion that progressed from initial access to complete database destruction with minimal, if any, human intervention.

Initial Intrusion via Langflow Vulnerability

The attack vector for JADEPUFFER commenced through an internet-accessible instance of Langflow, an open-source framework designed for building AI agent workflows. The attackers exploited a critical vulnerability, tracked as CVE-2025-3248, which is an authentication bypass residing in Langflow’s code validation endpoint. This flaw allowed the AI agent to execute arbitrary Python code without requiring any prior authentication, providing a direct entry point for the autonomous ransomware operation. Once inside, JADEPUFFER rapidly moved to escalate privileges and expand its presence within the compromised environment.

Agentic Ransomware JADEPUFFER Uses Base64 Python Payloads

JADEPUFFER’s operational methodology involved delivering its payloads as Base64-encoded Python scripts, leveraging the Langflow vulnerability for execution. Upon gaining a foothold, the AI agent systematically mapped the compromised host. This reconnaissance phase included identifying user identities, enumerating network interfaces, and analyzing running processes. Its primary objective during this stage was to locate and harvest stored secrets.

The scope of credential harvesting was extensive, encompassing API keys for prominent AI platforms like OpenAI, Anthropic, DeepSeek, and Gemini. It also targeted cloud service credentials from major providers such as AWS and Azure, alongside several Chinese cloud platforms. Additionally, JADEPUFFER sought out cryptocurrency wallets, seed phrases, and critical database configuration files.

The agent then accessed Langflow’s own backend database, extracting stored credentials and user records before systematically deleting any locally staged files. It proceeded to scan the internal network for accessible services, discovering a MinIO storage instance that was still configured with its default administrative credentials. Exploiting these default credentials, JADEPUFFER enumerated all storage buckets, prioritizing those containing configuration data, and successfully extracted a credentials file. To maintain persistence, the agent installed a scheduled task on the compromised server, establishing a beacon that contacted attacker infrastructure every thirty minutes.

From Access to Extortion

The ultimate target of the JADEPUFFER operation was a distinct database server, running MySQL in conjunction with Nacos, a configuration management tool. The AI agent exploited an authentication bypass vulnerability in Nacos, which has been publicly known since 2020, to gain unauthorized access. It then attempted to create a hidden administrator account within the Nacos database.

A notable aspect of JADEPUFFER’s advanced capabilities was observed when the initial attempt to create the administrator account failed. The AI agent autonomously detected this failure and, within approximately 30 seconds, rewrote its script to rectify a password hashing issue. This rapid, self-correcting behavior is a strong indicator that no human was actively guiding the operation in real-time, highlighting the autonomous nature of this agentic ransomware.

After successfully establishing full control over the database, the agent performed a check for container escape capabilities before initiating its destructive phase. It proceeded to encrypt over a thousand configuration records, subsequently dropping the original database tables. A ransom note was then inserted, demanding Bitcoin payment and providing a ProtonMail address for contact. Crucially, the encryption key used was randomly generated and never stored, rendering data recovery impossible even if the ransom were paid. The agent further escalated its destructive actions by systematically dropping entire database schemas it deemed valuable, with its reasoning for these actions documented within the code itself.

Sysdig researchers emphasize the growing threat posed by agentic tools and predict an increase in such autonomous extortion campaigns as AI capabilities mature. The cost and technical barrier for deploying ransomware have significantly decreased, effectively becoming the cost of an AI agent.

Indicators of Compromise (IoCs):-

Type Indicator Description
IP Address 45.131.66[.]106 Initial access and post-exploitation C2; cron beacon target on port 4444
IP Address 64.20.53[.]230 (InterServer, AS19318) Suspected exfiltration or staging server referenced in agent commentary <a rel="noreferrer noopener" target="_blank" href="https://ppl-ai-file-upload.s3.amazonaws.com/web/direct-files/attachments/11146061/34d2153e-2c0e-40a9-a545-8b84cdc3dfdf/Agentic-Ransomware-JADEPUFFER-Uses-Base64-Python-Payloads-to-Harvest-Cloud-and-API-Keys.pdf?AWSAccessKeyId=ASIA2F3EMEYESPYL2LTZ&Signature=fEd3IX3Ht6awvgnElUsIO1j0TGU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIGMRlMDU%2FbNsNx93lMnyQ%2FFYqjnS9sa03GVOTtSKjKbpAiEA9zOdwftH57euhSTXa09%2BItdNm7w3c%2B1VbpZEW8NLReUq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDCKmsCmU5VtA%2Fve2BirQBP3zd8WErdQkgIsGP%2BWefIFLq0dw8BMMAiSt22Kr01d3Lbe%2BAcvOrTGsQhN2s60ovYHHAMUNuCQAI4jTqYo88mi2VM1Ggq7LGhLGm%2F6l57OSFS1gdbeGEbVmaQfR2zIwLvLJwJflrOkzXcJyMHjIswFHBfcKymEo592wMpTkRyNrn9IqNeCL7AhYoA5aSBtyrYRujFwWt0k9Dbqk8VrZSdj%2FmEQeXWrg%2BKLP%2BO%2Bcvp6ucTFmLpMrfHG7niexoWSJmuyy7Mwf92CqTXGfj0WSB6bFZ5L2R6AJrqFQy2kj2o08fqZXPqo3HPF39NHOSvnEjOoO9lHtVIwXKcFzSCIc29qo8xsB1%2BdW9AV3in5oE7xVFVmRQK9MWD8yKrZaysi%2BtYplEFgPfUs1%2Fh9sn%2FgHFnhlXTrO2L%2BoGFr1KCvaKAOy%2BfUU6vNStSDG3hwP76%2FE90ppR8KtKVoeG%2BRPKPSIInbXylB6gmhBY%2FzXKAVUofiK7SeoOukpEj%2FQJSXxAenWgEo48v41qWX1VIdlo3MjmQSUKARB6jH%2BrsBUSTCwQ3ts2ulljxYQhaq3GL9YEbFWEQZjTDnwdeNSHbPpLx716PrEH9QTidw599X7tNP51KELquK%2BljaKuR5dbgIMq3bprCQNUf6RBLHrqyJXiGQYTpNHEGYtiIGvobh5e87g8iQvllMCtVIdaYdn4HdbrMRFxmW%2BTqQ%2BSkhY9d%2FxF4odCrZAQBzysUrVvd2PdasYMlyRz9PU%2BlOFxUmlz1XsrHJYGi24keWb8qgH3gdSHU0Afjcw%2FIyY0gY6mAE%2FfkN2jrTK%2FE%2BYGcPNQQJGiSR36eY2H94xhoSXFZrKyYj6F%2B%2FAwRCySdqa3aI3BKBaKGWcWCT4kSgcUqHeWcuzapCX%2FrMzuzMZIkVaR8JmGllk%2Fs%2B0WQvCxgpUpHSC%2BIvwz1woLtVnKq7NdXOuE6xJrkwqy091kZHcqIncF%2B6SbdA%2BCVaNAT3VfpfbfznqzBItB7%2FgfzQU4A%3

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchransomwareSecurityThreat

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

ValleyRAT Malware Uses Malicious VLC DLL to Attack Systems

Next Post

Opera’s New Paste Protect Blocks Clipboard Attacks, Including ClickFix

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Opera’s New Paste Protect Blocks Clipboard Attacks, Including ClickFix
July 2, 2026
JADEPUFFER Ransomware Targets Cloud API Keys with Python Payloads
July 2, 2026
ValleyRAT Malware Uses Malicious VLC DLL to Attack Systems
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us