CyberSecurityBoard
Sponsor Register Login

Hackers Exploiting Critical Langflow Vulnerability to Deploy Flodrix Botnet and Take System Control - Cyber Security News

Langflow, the popular Python framework for rapid AI prototyping, is under siege after researchers disclosed CVE-2025-3248, a flaw in the /api/v1/validate/code endpoint that lets unauthenticated attackers execute arbitrary Python with a single crafted POST request. Unlike its LeetHozer predecessor, Flodrix forks child processes with misleading names, erases forensic artefacts, and refuses to reinfect a host if a hidden .system_idle file is present, signalling that the node is already enslaved. The vulnerability captures the traffic burst pattern during the first hour of compromise, while the flodrix process illustrates how the malware renames itself to imitate benign system daemons. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Until enterprises patch to v1.3.0 and firewall public endpoints, Flodrix will continue converting unguarded AI nodes into obedient siege engines—one crafted POST at a time. Polyswarm analysts noted the sudden appearance of new malware samples that shared an XOR-obfuscated string table and a self-deleting loader—traits that immediately tied them to the emerging Flodrix botnet lineage. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Within hours of the public proof-of-concept, threat actors began mass-scanning Shodan and FOFA for servers running versions prior to 1.3.0, silently pivoting from reconnaissance commands such as whoami to full remote shells. The attack chain begins with a 200-byte exploit that injects Python straight into Langflow’s worker process, spawning /tmp/docker—a downloader that fetches the main ELF payload over raw TCP or concealed Tor circuits. The campaign’s breadth is sobering: more than 1,600 internet-facing Langflow servers were found, many inside research clouds and start-up clusters where default configurations expose the vulnerable endpoint. Early victims report CPU spikes and outbound traffic to Tor relays minutes after breach, underscoring the botnet’s dual role as both DDoS canon and covert data siphon. Once executed, Flodrix checks for root privileges and, if successful, installs a systemd service named langflow-sync.service, guaranteeing reboot persistence. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The stakes are high: once compromised, an instance can be weaponised for distributed denial-of-service (DDoS) attacks or wholesale data theft, jeopardising the very AI workflows it was meant to accelerate.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 30 Jun 2025 14:05:13 +0000


Cyber News related to Hackers Exploiting Critical Langflow Vulnerability to Deploy Flodrix Botnet and Take System Control - Cyber Security News

Hackers Exploiting Critical Langflow Vulnerability to Deploy Flodrix Botnet and Take System Control - Cyber Security News - Langflow, the popular Python framework for rapid AI prototyping, is under siege after researchers disclosed CVE-2025-3248, a flaw in the /api/v1/validate/code endpoint that lets unauthenticated attackers execute arbitrary Python with a single crafted ...
4 hours ago Cybersecuritynews.com CVE-2025-3248
Critical Langflow Vulnerability Allows Malicious Code Injection - Technical Details Revealed - Cybersecurity researchers have uncovered a critical remote code execution (RCE) vulnerability in Langflow, an open-source platform widely used for visually composing AI-driven agents and workflows. The security flaw affects all Langflow versions ...
2 months ago Cybersecuritynews.com
CISA Warns of Langflow Missing Authentication Vulnerability Exploited in Attacks - “Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests,” CISA stated in its advisory. Security ...
1 month ago Cybersecuritynews.com CVE-2025-3248
Critical Langflow RCE flaw exploited to hack AI app servers - The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw that allows any attacker on the internet to take full control of vulnerable Langflow servers by exploiting an API endpoint flaw. The U.S. Cybersecurity ...
1 month ago Bleepingcomputer.com CVE-2025-3248
Langflow RCE flaw exploited to hack AI app servers - The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw that allows any attacker on the internet to take full control of vulnerable Langflow servers by exploiting an API endpoint flaw. The U.S. Cybersecurity ...
1 month ago Bleepingcomputer.com CVE-2025-3248
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
2 days ago Cybersecuritynews.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
8 months ago Cyberdefensemagazine.com Akira
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
2 months ago Cybersecuritynews.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
1 year ago Bleepingcomputer.com Fancy Bear APT28 Turla Volt Typhoon
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com
New Botnet Dubbed “Eleven11bot” Hacked 30,000 Webcams - Security researcher Jérôme Meyer, who contributed to its analysis, described it as “one of the largest known DDoS botnet campaigns observed since the invasion of Ukraine in February 2022”. Unlike earlier Mirai iterations, Eleven11bot uses a ...
3 months ago Cybersecuritynews.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
1 year ago Cyberdefensemagazine.com
New Vo1d botnet variant infects 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has infected 1,590,299 Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised devices ...
4 months ago Bleepingcomputer.com
Vo1d malware botnet grows to 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised ...
4 months ago Bleepingcomputer.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
1 year ago Techrepublic.com
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
1 year ago Tripwire.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
1 year ago Packetstormsecurity.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
1 year ago Bleepingcomputer.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
1 year ago Techrepublic.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
1 year ago Scmagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)