Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.

CVE-2026-33017 lets attackers abuse an unauthenticated Langflow API endpoint, run Lambsys, and spread via reused SSH keys.

Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.