AI-Run Ransomware, New Oracle 9.8 Flaw Exploited, NetNut Proxy Network Busted, and Pegasus Hits EU Spyware Investigator This episode covers researchers' report of "Jade Puffer," the first ransomware attack run end-to-end by an autonomous AI agent, which exploited a patched Langflow RCE (CVE-2025-3248) but showed flaws like weak AES-128 ECB encryption and an unusable key. It also warns of active exploitation of a critical Oracle Payments vulnerability (CVE-2026-46817, CVSS 9.8) alongside ongoing fallout from a separate PeopleSoft zero-day (CVE-2026-35273) used by ShinyHunters/UNC6240. A joint operation involving Google disrupted the NetNut residential proxy botnet, affecting millions of hijacked devices. Researchers detail a likely $1M extortion-only payment tied to Union County, Ohio, and Citizen Lab reports EU lawmaker Stelios Kouloglou was hacked with Pegasus during spyware-abuse investigations via a HomeKit zero-day. 00:00 Today's Cyber Headlines 00:55 AI Agent Ransomware Debut 03:32 Oracle Payments Under Attack 06:00 NetNut Proxy Network Takedown 08:29 Million Dollar Data Extortion 10:50 Pegasus Hits EU Investigator 12:48 Wrap Up and Sign Off