Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Kaspersky says 90+ spoofed domains use malicious installers and SEO to deliver AsyncRAT to Windows systems through ScreenConnect.