Post by Expel
31,327 followers
Sysdig reports the JadePuffer campaign as the first fully agentic ransomware attack–an LLM-driven agent exploited CVE-2025-3248 and carried out the rest of the attack on its own, retrying failed steps to boost success. Our Sr. Threat Intel Analyst Aaron Walton points out a human operator still directs the LLM, and this one looks distinctly unskilled. Here’s the takeaway for defenders: https://lnkd.in/g2vieKwv