Forgot your password?
typodupeerror

Submission + - AI Agent Executes 'First' End-To-End Ransomware Attack (theregister.com)

An anonymous reader writes: They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented agentic ransomware infection with an LLM — not a human — driving the entire extortion operation, from gaining initial access to compromising a production database server and destroying data. The security shop’s research team named the agentic intruder JadePuffer and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248, and then ran a fully automated attack. “The most striking characteristic, however, was the LLM's behavior,” Sysdig director of threat research Michael Clark said in a blog about the agentic ransomware and extortion operation.

JadePuffer’s “self-narrating” payloads “contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don’t often write but LLM-generated code produces reflexively,” Clark added. “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.” After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials “with explicit coverage of Chinese providers” including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials.

The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker’s infrastructure every 30 minutes. JadePuffer’s intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we’re told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider’s microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn’t know how the attacker obtained them. These credentials weren’t stolen from the victim’s environment.

JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can’t recover the encrypted data, even if they paid the ransom demand, because the agent escalated “from row-level deletion to dropping entire database schemas, narrating its own targeting rationale,” without backing up any of the encrypted data.

Comment Obligatory religious joke (Score 3, Funny) 58

After discovering how to clone humans, two scientists challenged God:

"We don't need you anymore," they said. "We can make life by ourselves now."

"Okay," God replied, "let's have a man-making contest."

"All right," said the scientists. "We'll do it like you did in the beginning." Then they reached down to grab a handful of dirt to begin to form a man.

Then they heard God's voice from heaven: "Hold it - get your own dirt!"

--
Credit: Not sure who created this joke, but I 8th-commandmented it from here.

Comment Re:Yes. This is how you keep housing costs down (Score 1) 124

he only thing that can make it less carbon intensive is using low carbon power to generate the electricity.

1) Use solar, hydro, wave-power, etc. so there is no or very little incremental carbon cost
2) Offset the amortized carbon-cost of setting up the green-power-plant and any small incremental carbon cost by planting forests or buying carbon offsets.

There you go, net zero.

Submission + - Max Planck Slapped With Paper Retractions by Suspected Rogue Algorithm (science.org) 1

He Who Has No Name writes: Being a titan in the history of physics, the 1918 Nobel Laureate in Physics, having the smallest rational physical measurement (the Planck Length) named after you, and being deceased for 79 years is all apparently still not enough to prevent your work from being threshed and hit with retractions by an algorithm. Science.org has a succinct article that explains it:

"In early May, Yves Gingras, a historian of physics at the University of Quebec (UQ) at Montreal, was browsing Retraction Watch, a website that catalogs fraud, data manipulation, and other scientific sins. He noticed a link that read, “Retractions by Nobel Prize winners.” Were there really Nobel laureates whose papers had been withdrawn from the scientific literature?
After clicking, Gingras froze. “That’s impossible,” he recalls thinking. The fourth name on the list, with two retracted papers, was Max Planck—a legendary pioneer of quantum mechanics and the 1918 Nobel laureate in physics. Gingras had never heard a whiff of scandal about Planck, who was almost as widely revered for his character as his physics. In 1933, for example, he bravely confronted Adolf Hitler over Nazi Germany’s discriminatory laws against Jews."

The Springer Nature, the current-day owner of the journal Naturwissenschaften in which the papers were published 86 years ago, appears to have set an algorithm loose on their library, hunting for plagiarism and other reasons to retract papers... and failed to tell it to leave historic cornerstone works and authors alone.

"The retraction of the second Planck paper, published in 1940, left Gingras and Khelfaoui even more baffled. It also cited copyright violation—yet the piece had never appeared elsewhere. Then Khelfaoui noticed something that added to suspicions that an algorithm was at work. [...] In November 1940, philosopher Aloys Müller criticized Planck’s views in a Naturwissenschaften piece titled “Naturwissenschaft und reale Außenwelt” (“Natural Science and the Real External World”). A month later, Planck responded in print—and used the exact same title. This, Gingras and Khelfaoui suspect, caused Springer Nature’s copyright bot to retract the paper as plagiarism decades later, even though the contents of the two essays differ markedly."

However, apparently feeling like they had to retract the paper was not enough to fully dissuade Springer Nature from still selling it, in its retracted form:

"Gingras was especially incensed that Springer Nature deviated from the normal practice of merely slapping the word RETRACTED across the digital version of the paper while still allowing scholars to read the text. Instead, the publisher posted a blank white page with the cryptic phrase, “This article has been withdrawn due to article violation.” Springer Nature is nevertheless still selling the empty PDF for $39.95."

Comment Re: UK - where you get lesser sentence raping a ch (Score 1) 72

Are you talking about the average child-molestation-sentence compared to the average sentence for testing fraud of this scale, or are you cherry-picking cases?

Also, context mayters: If you are looking at the average child molestation care, is the average case one where a 20 year old is busted with a 15 year old girlfriend (where you could make a case for 35 months being a reasonable average sentence) or is the average more like a 50 year old serial rapist who molested dozens of people 12 or younger (where 350 months may be considered too lenient)?

Comment Re: Memory prices (Score 2) 27

What would really make them worth something is an easy upgrade path to an operating system that was still getting security updates.

Google, Apple, and the major phone vendors could score big PR points be extending security updates to 10 years on products introduced since 2016. In the long run PR points can translate into customer loyalty which can translate into "Step 4: PROFIIT!" in a non-sarcastic way.

Slashdot Top Deals

Real Programs don't use shared text. Otherwise, how can they use functions for scratch space after they are finished calling them?

Working...