AI-Run Ransomware, New Oracle Flaw, NetNut Busted, and EU investigator hit with spyware

This episode covers researchers’ report of “Jade Puffer,” the first ransomware attack run end-to-end by an autonomous AI agent, which exploited a patched Langflow RCE (CVE-2025-3248) but showed flaws like weak AES-128 ECB encryption and an unusable key.

It also warns of active exploitation of a critical Oracle Payments vulnerability (CVE-2026-46817, CVSS 9.8) alongside ongoing fallout from a separate PeopleSoft zero-day (CVE-2026-35273) used by ShinyHunters/UNC6240.

A joint operation involving Google disrupted the NetNut residential proxy botnet, affecting millions of hijacked devices.

Researchers detail a likely $1M extortion-only payment tied to Union County, Ohio, and Citizen Lab reports EU lawmaker Stelios Kouloglou was hacked with Pegasus during spyware-abuse investigations via a HomeKit zero-day.

00:00 Today’s Cyber Headlines

00:55 AI Agent Ransomware Debut

03:32 Oracle Payments Under Attack

06:00 NetNut Proxy Network Takedown

08:29 Million Dollar Data Extortion

10:50 Pegasus Hits EU Investigator

12:48 Wrap Up and Sign Off

Previous
Previous

Squashed Spider, Google's Rogue Agent, AI bites Apple and a new phish for marketers

Next
Next

Bots, BioShocks, and Breaches