NAIC has confirmed it was targeted in the recent hacking campaign that exploited an Oracle PeopleSoft zero-day vulnerability.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.