Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Source: VentureBeat created with Imagen. MCP's STDIO transport, the default for connecting an AI agent to a local tool, executes any operating system command it receives. No sanitization. No execution ...
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading ...
The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says. A critical pre-authentication ...
A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...
MCP server for IBM Watson Orchestrate (WXO). Manage tools, agents, connections, flows, and execute tools from Cursor, VS Code Copilot, Claude Desktop, Antigravity, Windsurf, or the WxO Builder ...
A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass affects internal‑mode deployments common in enterprise setups. Two critical ...
Leverage Orchestrate’s digital skills to design solutions that automate repetitive tasks, orchestrate workflows across tools, and empower employees to focus on high-value work. ⏳ Complete your project ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results