JadePuffer becomes the first LLM-autonomous ransomware chain — hitting Kubernetes clusters with polymorphic encryption and no human in the loop. Plus: Accenture source-code theft, a critical Chrome iOS bypass, and two more CVEs with shrinking defender windows.
Audio is available on Spreaker — see link below.
Ransomware just crossed a line. JadePuffer is the first documented attack chain where a large language model runs the operation, not just assists it.
The attack surface JadePuffer exploits is specific, and that matters for defenders. Kubernetes clusters frequently allow unrestricted outbound traffic to LLM API endpoints.
Elsewhere, threat actor "888" claims to have exfiltrated thirty-five gigabytes of source code from Accenture, posting the claim on PwnForums. The breach follows a credential-based attack pattern that's become the standard playbook against enterprise targets.
Google patched a critical policy-enforcement bypass in Chrome for iOS, CVE-2026-14075, fixed in version one-fifty-point-zero-point-seven-eight-seven-one-point-four-seven. A remote attacker can trigger the bypass through malicious HTML.
Two more exploitation windows closed faster than defenders could respond. Adobe's ColdFusion CVE-2026-48282, a maximum-severity flaw patched June thirtieth, was exploited in the wild within minutes of a public technical analysis.
Two more items worth tracking. The group known as Pink Crew is hijacking Microsoft 365 accounts through vishing calls, impersonating IT staff and walking victims through fake Entra passkey enrollment during the call itself.
The near-term watchpoints are clear. JadePuffer's attribution, once confirmed, will tell us whether this is a single actor or an emerging capability class.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.