AI-Run Ransomware, New Oracle 9.8 Flaw Exploited, NetNut Proxy Network Busted, and Pegasus Hits EU Spyware Investigator
This episode covers researchers' report of "Jade Puffer," the first ransomware attack run end-to-end by an autonomous AI agent, which exploited a patched Langflow RCE (CVE-2025-3248) but showed flaws like weak AES-128 ECB encryption and an unusable key.
It also warns of active exploitation of a critical Oracle Payments vulnerability (CVE-2026-46817, CVSS 9.8) alongside ongoing fallout from a separate PeopleSoft zero-day (CVE-2026-35273) used by ShinyHunters/UNC6240.
A joint operation involving Google disrupted the NetNut residential proxy botnet, affecting millions of hijacked devices.
Researchers detail a likely $1M extortion-only payment tied to Union County, Ohio, and Citizen Lab reports EU lawmaker Stelios Kouloglou was hacked with Pegasus during spyware-abuse investigations via a HomeKit zero-day.
Podden och tillhörande omslagsbild på den här sidan tillhör
Jim Love. Innehållet i podden är skapat av Jim Love och inte av,
eller tillsammans med, Poddtoppen.