This Week in Cybersecurity: AI, Exploits & Ransomware – July 6-12, 2026

The JadePuffer threat actor used an agentic AI in a ransomware attack this week, exploiting CVE-2025-3248 in Langflow. This occurred alongside widespread critical zero-day exploits impacting widely used enterprise software. We are also tracking persistent activity from ransomware operations and state-sponsored APTs, who continue to target critical infrastructure and sensitive data with new techniques.

1. Agentic AI Used in Novel Ransomware Attack via Langflow Vulnerability

The JadePuffer threat actor utilized agentic AI in a ransomware attack, exploiting CVE-2025-3248 (a CVSS 9.8 critical vulnerability) in Langflow, an open-source framework for large language model (LLM) applications. According to a SecurityWeek report, the LLM actively parsed free-text context and took actions indicating system understanding, moving beyond simple pattern-matching. After achieving initial code execution through the flaw, JadePuffer claims to have deployed the LLM for advanced reconnaissance. The group claims the LLM autonomously swept the compromised system for sensitive data like API keys, cloud credentials, and cryptocurrency wallets. JadePuffer also claims the LLM dumped Langflow's Postgres database, scanned internal address spaces for vulnerable services, probed for MinIO addresses, and deployed a cron job to ensure persistent access; Langflow has not confirmed these specific actions.

This marks a significant shift in ransomware capabilities, moving beyond traditional automation to autonomous decision-making in attack execution. A CVSS 9.8 is a severe rating, and its exploitation here required a specific LLM-driven application vulnerability. Organizations using Langflow or similar LLM frameworks must immediately apply available patches for CVE-2025-3248. Beyond patching, scrutinize LLM-driven applications for unexpected behaviors and ensure they operate within tightly constrained environments. Implement kernel-level telemetry for unusual data access patterns or outbound connections initiated by AI agents. This is a new level of attack sophistication.

2. Critical Zero-Day Vulnerabilities in Adobe ColdFusion, Progress ADC, and Redsea Cloud eHR Actively Exploited

This week saw widespread active exploitation of several critical zero-day vulnerabilities. Adobe ColdFusion environments are facing massive exploitation due to a critical path traversal flaw, CVE-2026-48282, which grants deep system access to attackers, as reported by Daily CyberSecurity. Concurrently, Progress ADC products contain active OS command injection flaws (CVE-2026-8037), allowing unauthenticated adversaries to execute arbitrary system commands, a severe risk for any internet-facing deployment. Additionally, Redsea Cloud eHR systems suffer from dangerous arbitrary file upload vulnerabilities, which threat actors are actively using to deploy malicious payloads onto affected servers.

CISA also escalated two severe vulnerabilities this week: CVE-2026-48558, an authentication bypass in SimpleHelp with a perfect CVSS 10.0 score, allows unauthenticated remote attackers to gain administrative access without needing credentials. This flaw is being actively exploited. Furthermore, CVE-2026-45659, a critical data deserialization vulnerability in Microsoft Office SharePoint, could lead to remote code execution if exploited. Patch all these vulnerabilities immediately, starting with internet-facing systems. For SimpleHelp users, a CVSS 10.0 means compromise is likely if not already occurred; consider isolating affected systems until patches can be deployed. Review logs for indicators of compromise related to these specific CVEs, as post-exploitation activities are likely already underway.

3. KDDI Email System Breach Exposes 14.22 Million Accounts, Klue-Salesforce OAuth Tokens Compromised

KDDI, a major Japanese telecommunications provider, disclosed a major email system breach on June 23, 2026, impacting an email platform it provided to six Japanese internet service providers, as reported by Bright Defense. KDDI confirmed that up to 14.22 million email addresses and corresponding passwords (including active, dormant, and canceled accounts) may have been exposed due to a vulnerability in third-party software used for the email service. This represents a substantial risk for credential stuffing attacks against other services. Affected users should immediately reset passwords and enable multi-factor authentication everywhere possible.

In a separate incident, Klue, a competitive intelligence platform, confirmed a supply chain breach in June 2026. Attackers accessed its integration environment using compromised legacy credentials. This breach enabled the attackers to obtain OAuth tokens connected to customer platforms and gain unauthorized access to Salesforce CRM data across multiple customer environments. The compromise of OAuth tokens is particularly insidious, circumventing traditional password-based security. Klue customers must revoke all OAuth tokens associated with the platform immediately and review Salesforce activity logs for any unauthorized access. Both incidents underscore the need for rigorous supply chain security assessments and strong credential management, including the timely revocation of legacy access.

4. Anubis Ransomware Exploiting Citrix Bleed 2 Vulnerability; Friends Ransomware Using Double Extortion

Ransomware groups continue to evolve their tactics. The Anubis ransomware operation, a rebrand of the Sphinx Ransomware-as-a-Service (RaaS) group, is now actively exploiting the Citrix Bleed 2 vulnerability (CVE-2025-5777) for initial access into victim networks, according to The Hacker News. Anubis claims 91 victims to date, with 11 new victims claimed in June 2026 alone. The group states its targets span critical sectors including healthcare, business services, manufacturing, technology, and financial services. Organizations utilizing Citrix NetScaler ADC or Gateway products must prioritize patching CVE-2025-5777 immediately to prevent initial access.

Meanwhile, a new strain named "Friends Ransomware" has emerged, employing a classic double-extortion strategy, as detailed by CYFIRMA's weekly intelligence report. This group encrypts user data, appending the ".friends124" extension to files, and creates a ransom note titled "RANSOM_NOTE.html". The note explicitly threatens public disclosure or sale of stolen information if the ransom isn't paid, a tactic designed to maximize pressure on victims. As proof of recovery capabilities, Friends Ransomware typically offers to decrypt a few non-essential files. Ensure immutable, tested backups and recovery strategies are in place, and implement stringent network segmentation to limit lateral movement if Friends Ransomware breaches defenses. Preparing an incident response plan for double extortion scenarios prevents further damage.

5. CISA Alerts on Linux ‘Bad Epoll’ Root Access Vulnerability and Iranian APT Activity

CISA has issued critical alerts this week concerning both a severe Linux kernel vulnerability and ongoing activity by a sophisticated Iranian state-sponsored APT. Technical details and proof-of-concept (PoC) code are now publicly available for CVE-2026-46242, dubbed "Bad Epoll," a race-condition use-after-free bug in the Linux kernel with a CVSS 7.8 score, as reported by SecurityWeek. This flaw could allow unprivileged processes to escalate privileges to root on Linux desktops, servers, and even Android phones, posing a significant risk for systems handling sensitive data or operating critical services. System administrators running Linux environments must apply kernel updates as soon as they become available to mitigate this serious vulnerability. The public PoC means active exploitation is highly probable.

Separately, CISA released an advisory detailing the activities of Iranian-affiliated APT actors who are exploiting internet-facing Operational Technology (OT) devices, specifically Rockwell Automation/Allen-Bradley PLCs, leading to disruptions in U.S. critical infrastructure sectors, per the CISA advisory and BleepingComputer. The Iranian APT group Seedworm (also known as MuddyWater, Temp Zagros, or Static Kitten) has been particularly active, observed on networks of a U.S. bank, an airport, and a software company since early February 2026. This group is known for espionage and information gathering, posing a strategic threat to national security. Organizations in critical infrastructure sectors must secure all internet-facing OT devices, implement network segmentation between IT and OT networks, and actively monitor for indicators of compromise associated with Seedworm's TTPs. Regular vulnerability assessments of OT environments are non-negotiable.

What to Watch Next Week

Keep an eye on the threat landscape as JadePuffer’s agentic AI tactics may inspire new attack methods; understanding the capabilities of autonomous AI agents is paramount for future defense strategies. Expect further patches and advisories for the numerous zero-day vulnerabilities in Adobe ColdFusion, Progress ADC, and Redsea Cloud eHR; rapid deployment will be key to avoiding compromise. Continue to monitor for Anubis ransomware activity, especially against unpatched Citrix Bleed 2 systems, and ensure your backups are immutable against double-extortion tactics from groups like Friends Ransomware.

Data at a Glance

Story Type Severity / Scale Status Source
Agentic AI Ransomware Novel Ransomware / Exploit CVE-2025-3248 (CVSS 9.8) Active Exploitation SecurityWeek
Critical Zero-Days Active Exploitation CVE-2026-48558 (CVSS 10.0) Active Exploitation Daily CyberSecurity
KDDI Email Breach Data Breach 14.22 million accounts exposed Confirmed Incident Bright Defense
Anubis Ransomware Ransomware / Exploit 91 victims claimed Active Campaign The Hacker News
Linux 'Bad Epoll' / Iranian APT Kernel Vulnerability / State APT CVE-2026-46242 (CVSS 7.8) PoC Public / Active Campaign SecurityWeek

The CVEDaily Take

This week’s roundup signals a distinct escalation: the agentic AI ransomware attack isn't just a curiosity, it's a blueprint for highly adaptive, autonomous threats. Paired with the sheer volume of critical zero-day exploitation and relentless state-sponsored activity, defenders are now operating in an environment where not only the speed of patching but also the intelligence of threat detection needs to accelerate dramatically. We believe Langflow's immediate public response regarding CVE-2025-3248 needs to include more explicit guidance on monitoring LLM-driven application behavior, rather than just patching the underlying vulnerability.
How are you evaluating and hardening your LLM-driven applications against agentic exploits like the Langflow attack?

FAQ

What happened in cybersecurity this week?
This week in cybersecurity was marked by a groundbreaking agentic AI ransomware attack by JadePuffer exploiting CVE-2025-3248 in Langflow. There was widespread active exploitation of critical zero-day vulnerabilities in products like Adobe ColdFusion and Progress ADC. KDDI confirmed a breach affecting 14.22 million email accounts, and a Klue supply chain compromise led to unauthorized access to Salesforce CRM data. Ransomware groups Anubis and Friends Ransomware remained highly active, and CISA warned of a serious Linux kernel vulnerability and ongoing attacks by the Iranian APT group Seedworm targeting U.S. critical infrastructure.

What was the biggest cyber attack this week?
The biggest cyber attack this week was arguably the novel agentic AI ransomware attack orchestrated by JadePuffer, exploiting CVE-2025-3248 in Langflow. This incident demonstrated an LLM-driven agent autonomously conducting reconnaissance, identifying secrets, and establishing persistence, signifying a new and concerning paradigm in automated attack capabilities beyond traditional scripting. Its implications for future threat models are significant, representing a new level of attacker sophistication.

What is CVE-2026-48558 and why is it critical?
CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp with a CVSS 10.0 score, meaning it's a perfect severity rating. This flaw allows an unauthenticated remote attacker to gain administrative access without needing any credentials, making it trivial to exploit. Its criticality stems from the ease of exploitation and the full control it grants, posing an immediate and severe risk to any organization using SimpleHelp that hasn't patched.