In early July 2026, security firm Sysdig publicly disclosed a new type of ransomware attack. After gaining initial access by exploiting a Langflow vulnerability (CVE-2025-3248), the JadePuffer ransomware leveraged a Large Language Model (LLM) agent to automatically execute the entire attack chain. From reconnaissance, credential theft, lateral movement, and privilege...
Tag: LLM security
AI Security Incident Case: Jetbrains Plugin Supply Chain Attack Stealing AI Key
Overview In June 2026, the security research team Aikido detected a batch of collaborative malicious plugins in the JetBrains plugin market, totaling 15 plugins with nearly 70,000 cumulative installations. All of them would silently leak the AI service provider's API key to the attacker's server at the moment when the...
AI Security Incident Case: Account Takeover Due to Meta AI Support Assistant Authorization Flaw
Overview Between late May and early June 2026, several high-profile Instagram accounts were reportedly taken over by attackers, including Barack Obama's White House account, the personal account of U.S. Space Force Chief Master Sergeant Bentivegna, and the official account of beauty brand Sephora. Security researchers later discovered videos and screenshots...
AI Security Incident Case: Both Grok and Gemini Hallucinated When Verifying Minab Cemetery Photo
Overview A core risk within AI security threats lies in the reliability of AI models, manifested as distorted outputs, hallucinations, and the generation of misleading content. While these issues may seem like mere technical flaws, they have evolved into tangible harms in real-world information ecosystems. AI-generated misinformation can be presented...
AI Infrastructure LiteLLM Supply Chain Poisoning Alert
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain poisoning by the TeamPCP group on PyPI. It stole the publishing permission credentials by hacking into the security...
Insights into Claude Code Security: A New Pattern of Intelligent Attack and Defense
On February 20, 2026, AI company Anthropic released a new code security tool called Claude Code Security. This release coincided with the highly sensitive period of global capital markets to AI technology subverting the traditional software industry, which quickly triggered violent fluctuations in the capital market and caused the fall...




