Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented ...
MotherDuck is launching Flights, an agent-native data pipeline that enables users to choose the MCP server and AI agent of their choice to build and deploy data pipelines in minutes using a flexible, ...
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
Pwn Relay A MIPS32 big-endian binary running under QEMU emulation. The binary is a management console with authentication, clearance-gated commands, and an audit trail. Players must reverse the binary ...
Agentic Workflow Guard is a Semgrep-style scanner for agentic workflows: unsafe GitHub Actions, Bitbucket Pipelines, GitLab CI, Travis CI, Drone CI, TeamCity, Harness CI/CD, Tekton Pipelines, Argo ...
Source: VentureBeat created with Imagen. MCP's STDIO transport, the default for connecting an AI agent to a local tool, executes any operating system command it receives. No sanitization. No execution ...
Security researchers at OX Security said last week that Anthropic's fast-spreading standard for connecting AI agents to tools that help these agents complete tasks contains an architectural flaw, and ...
A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...
The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says. A critical pre-authentication ...
Attackers are currently targeting a vulnerability in the AI tool Langflow for developing and deploying AI-powered agents and workflows. After successful attacks, they execute malicious code and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results