Security news.
Today's security brief highlights the increasing sophistication of AI in cyberattacks, with the first documented case of an LLM-automated ransomware operation. Additionally, major vulnerabilities in widely used software and embedded devices have been disclosed, alongside significant disruptions to large-scale proxy networks.
JadePuffer Ransomware Used AI Agent to Automate Entire Attack
Researchers have identified JadePuffer as the first documented ransomware operation conducted entirely by a large language model (LLM) agent.
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
A U.S. government entity reportedly paid approximately $1 million to the group Kairos to prevent the leak of stolen files, though Kairos may not be a traditional ransomware gang.
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
North Korean threat actors linked to the Contagious Interview campaign have published 108 malicious packages and web browser extensions across npm, Packagist, Go, and Google Chrome in the ongoing PolinRider campaign.
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
Seven vulnerabilities have been disclosed in FatFs, a small filesystem library widely used in the firmware of security cameras, drones, industrial controllers, and other embedded devices.
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A newly disclosed Linux kernel flaw, CVE-2026-46242 (Bad Epoll), allows unprivileged users to gain root access on Linux desktops, servers, and Android devices; a fix is now available.
NetNut Proxy Network Disrupted, 2 Million Infected Devices Cut Off
A joint operation, including Google, has disrupted NetNut, a residential proxy network that provided access to millions of compromised Android devices.
Agentic AI Used to Conduct Ransomware Attack via Langflow
A recent attack demonstrated how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions, leading to a ransomware attack.
Medtronic Data Breach Impacts 3.8 Million People
In April, ShinyHunters accessed Medtronic's corporate IT systems, stealing personal and medical information belonging to 3.8 million individuals.