AI-Run Ransomware, New Oracle Flaw, NetNut Busted, and EU investigator hit with spyware
This episode covers researchers’ report of “Jade Puffer,” the first ransomware attack run end-to-end by an autonomous AI agent, which exploited a patched Langflow RCE (CVE-2025-3248) but showed flaws like weak AES-128 ECB encryption and an unusable key.
It also warns of active exploitation of a critical Oracle Payments vulnerability (CVE-2026-46817, CVSS 9.8) alongside ongoing fallout from a separate PeopleSoft zero-day (CVE-2026-35273) used by ShinyHunters/UNC6240.
A joint operation involving Google disrupted the NetNut residential proxy botnet, affecting millions of hijacked devices.
Researchers detail a likely $1M extortion-only payment tied to Union County, Ohio, and Citizen Lab reports EU lawmaker Stelios Kouloglou was hacked with Pegasus during spyware-abuse investigations via a HomeKit zero-day.
00:00 Today’s Cyber Headlines
00:55 AI Agent Ransomware Debut
03:32 Oracle Payments Under Attack
06:00 NetNut Proxy Network Takedown
08:29 Million Dollar Data Extortion
10:50 Pegasus Hits EU Investigator
12:48 Wrap Up and Sign Off