Cybersecurity Daily: News & Threats · 6 Jul 2026 · 5 min

JADEPUFFER Confirmed: Fully Autonomous AI Ransomware Crosses a New Line

For the first time, ransomware has been confirmed running entirely without human operators — JADEPUFFER exploited Langflow CVE-2025-3248, chained Nacos bypasses, and moved laterally with no one at the controls. Today's briefing also covers Scattered Spider's arrest via Windows telemetry, Oracle EBS active exploitation, SimpleHelp's Djinn Stealer campaign, and critical Roundcube patches.

Cybersecurity Daily: News & Threats
Now Playing
JADEPUFFER Confirmed: Fully Autonomous AI Ransomware Crosses a New Line

Audio is available on Spreaker — see link below.

What's covered

JADEPUFFER Autonomous AI Ransomware

For the first time, a ransomware attack has been confirmed running entirely without human operators. No one was watching the terminal.

Listen now →

Langflow CVE-2025-3248 Exposure

Langflow is an open-source Python framework for building AI agent workflows. Internet-exposed instances store API keys and cloud credentials as operational data.

Listen now →

SimpleHelp Djinn Stealer Campaign

Shifting to the broader vulnerability picture, SimpleHelp remote management software is now under active exploitation. CVE-2026-48558 is an authentication bypass that's being used to deploy a new malware family called Djinn Stealer.

Listen now →

Oracle EBS Payments Active Exploitation

Oracle E-Business Suite is also under pressure. The Payments module has a critical flaw, CVE-2026-46817, and active exploitation attempts have been logged since July first.

Listen now →

Scattered Spider Arrest Telemetry Link

On the law enforcement side, a nineteen-year-old suspected Scattered Spider operator was arrested by the FBI and Finnish authorities. The attribution came through Windows eleven device identifier telemetry.

Listen now →

Roundcube and Windchill Patches

Two more items worth flagging quickly. Roundcube Webmail patched six vulnerability classes in releases one-point-seven-point-two and one-point-six-point-seventeen, including stored and zero-click XSS, SSRF bypasses, and session injection.

Listen now →

Key Watchpoints Going Forward

The watchpoints going forward are narrow and specific. First, patch velocity on Langflow.

Listen now →

Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.

More episodes

From Cybersecurity Daily: News & Threats