AI-Run Ransomware, New Oracle Critical Flaw, NetNut busted

AI-Run Ransomware, New Oracle 9.8 Flaw Exploited, NetNut Proxy Network Busted, and Pegasus Hits EU Spyware Investigator
 
This episode covers researchers’ report of “Jade Puffer,” the first ransomware attack run end-to-end by an autonomous AI agent, which exploited a patched Langflow RCE (CVE-2025-3248) but showed flaws like weak AES-128 ECB encryption and an unusable key.
 
It also warns of active exploitation of a critical Oracle Payments vulnerability (CVE-2026-46817, CVSS 9.8) alongside ongoing fallout from a separate PeopleSoft zero-day (CVE-2026-35273) used by ShinyHunters/UNC6240.
 
A joint operation involving Google disrupted the NetNut residential proxy botnet, affecting millions of hijacked devices.
 
Researchers detail a likely $1M extortion-only payment tied to Union County, Ohio, and Citizen Lab reports EU lawmaker Stelios Kouloglou was hacked with Pegasus during spyware-abuse investigations via a HomeKit zero-day.
 
00:00 Today’s Cyber Headlines
00:55 AI Agent Ransomware Debut
03:32 Oracle Payments Under Attack
06:00 NetNut Proxy Network Takedown
08:29 Million Dollar Data Extortion
10:50 Pegasus Hits EU Investigator
12:48 Wrap Up and Sign Off

This article has been indexed from Cybersecurity Today

Read the original article: