Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Your AI agent did exactly what it was designed to do. The framework underneath it just handed an attacker a shell on the box that holds your OpenAI key, your database credentials, and your CRM tokens.
Hands On For all the buzz surrounding them, AI agents are simply another form of automation that can perform tasks using the tools you've provided. Think of them as smart macros that make decisions ...
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework ...
Researchers claimed to have uncovered what may be the first ransomware attack to be conducted by an AI agent. Dubbed ...
Researchers from security firm Trend Micro warn that a critical remote code execution vulnerability patched in April in the Langflow AI agent framework is being exploited to deploy botnet malware. The ...
A critical vulnerability in Langflow, an open source framework for AI agent development, has been exploited in the wild shortly after its initial disclosure. The Cybersecurity and Infrastructure ...