Pegasus Hacks the MEP Investigating Pegasus
The day's security anchor is a Citizen Lab report confirming that a sitting MEP on the committee investigating commercial spyware was infected with Pegasus while that investigation was active. Simultaneously, threat researchers documented the first confirmed case of AI agents conducting autonomous ransomware operations in production environments.
Security
Citizen Lab's findings on espionage against the European Parliament are a case study in brazenness. The target is a member of PEGA — the parliamentary committee established after Pegasusgate to investigate commercial surveillance tools and their misuse — and the infection was active during the committee's own investigation. Citizen Lab follows its standard forensic methodology and stops short of attribution, but the political context narrows the suspect list considerably. The operational security failure is compounded by a political one: EU institutions trying to regulate commercial spyware now have direct evidence that their own investigators were targeted, which either accelerates legislative resolve or demonstrates how little deterrence currently exists.
The most technically significant item of the day: Sysdig's threat research team documents JadePuffer, a campaign that exploited CVE-2025-3248, a critical remote code execution flaw in Langflow, the open-source AI workflow platform widely deployed for production agentic pipelines. What sets JadePuffer apart is post-exploitation behavior: the attacker deploys AI agents that autonomously enumerate databases, exfiltrate records, and deliver extortion demands without a human operator in the loop after initial access. This is the first well-documented instance of agentic AI conducting end-to-end ransomware automation in live attacks — not scripted tooling with AI branding, but genuine autonomous operation. Langflow has patched the CVE; unpatched internet-exposed instances are now demonstrably weaponized, and the pattern will spread to other agentic workflow platforms as similar vulnerabilities surface.
Both stories share a structural thread: improving AI capability reduces the human labor required per attack. Avalon, a newly documented modular framework bundling CrownX ransomware, reinforces the point — its modular architecture lets operators swap payloads and persistence mechanisms faster than defenders can update signatures, and its multi-stage phishing chain is tuned specifically to bypass traditional email security controls. Modularity plus AI-assisted automation is the attack surface that defensive teams need to start modeling explicitly.
On infrastructure: a joint operation involving Google took down NetNut, a residential proxy network built on approximately two million compromised Android devices — predominantly smart TVs and streaming boxes enrolled as exit nodes without user consent. Residential proxies are valuable to attackers because traffic appears to originate from legitimate consumer IPs, bypassing reputation filters. The scale of this takedown is notable; the infection vector — malicious apps in third-party Android stores and compromised firmware — is unchanged and will regenerate the infrastructure.
AI
Mistral released Leanstral 1.5, a model purpose-built for formal mathematical proof via the Lean 4 proof assistant. The immediate practical applications are verified mathematics and formally auditable code generation; the longer implication is models capable of attesting to their own output correctness through machine-checkable proofs rather than human review. Mistral continues building a specialized model portfolio alongside its general-purpose family — the bet is that verifiability becomes a first-class requirement as AI moves into high-stakes deployment contexts.
On inference economics: Wafer AI published GLM5.2 benchmark results on AMD's MI355X, reporting 2,626 tokens per second per node at a stated cost more than 2x lower than comparable NVIDIA Blackwell configurations. Source caveat applies — Wafer AI sells MI355X capacity — but the directional story is consistent with AMD's public positioning. For teams where cost-per-token is the binding deployment constraint, MI355X is now a credible alternative worth benchmarking against your own workloads.
Epoch AI's data team flags a spike in high-severity CVE reports coinciding with the Claude Mythos Preview launch. Causation is speculative, but the most plausible read is that capable models are accelerating security research throughput — meaning more powerful frontier models may systematically raise the CVE discovery rate. That is a dual-use dynamic with obvious implications that deserves more rigorous study than a data-insight post provides, but is worth tracking.
A new productivity ROI study puts real-world AI gains at about 3% of worker hours, with essentially none of it flowing through to revenue impact. The finding is consistent with what organizations keep rediscovering: the constraint was never keystroke speed or search latency, but process design, decision ownership, and institutional structure. The benchmark-to-deployment gap remains AI's central unsolved enterprise problem.
Tech
Community resistance to data center construction has escalated from zoning disputes to recall elections: US residents are pursuing campaigns to remove local officials who approved large-scale facilities, citing water consumption, noise, heat impact, and a pervasive sense that decisions were made without genuine community input. Recall elections are a qualitative escalation from public comment periods — hyperscalers planning US capacity in the next permitting cycle are now doing site selection with electoral risk as an explicit variable alongside power availability and land cost.
Starlink adoption is accelerating across sub-Saharan Africa, driven by terrestrial infrastructure that has consistently failed to deliver affordable broadband beyond urban centers. The pattern echoes mobile networks bypassing the landline era: where terrestrial economics couldn't close, LEO satellite is delivering what fiber did not. Set beside the data center backlash in infrastructure-saturated developed markets, the two stories frame the same network economy from opposite ends of the global infrastructure gap.
The thread to pull tomorrow: whether Citizen Lab's Pegasus findings produce any concrete EU legislative response, and whether JadePuffer spawns documented copycat campaigns targeting other exposed agentic workflow platforms.
Also yesterday
- PamStealer macOS Malware Abuses PAM Dialogs to Harvest Login Passwords
- North Korea-Linked npm Packages Hijack Rollup Polyfill Names to Steal Dev Secrets
- Bad Epoll (CVE-2026-46242): Patch Your Linux Kernel Now — Any User Can Go Root
- Espionage Against the European Parliament
- AI Agent ransomware attack through Langflow instance by exploiting CVE-2025-3248
- New Avalon Malware Framework Packs CrownX Ransomware Capabilities
- NetNut proxy network disrupted, 2 million infected devices cut off
- Leanstral 1.5: Proof Abundance for All
- GLM5.2 on AMD MI355X at 2626 tok/s/node at over 2x lower cost than Blackwell
- New serious vulnerabilities spiked around release of Claude Mythos Preview
- AI saves about 3% of your hours, and almost none of it reaches the money
- US residents angry datacenters 'shoved down our throats' are recalling officials
- Africans Are Turning to Starlink
Synthesized by Claude · sanity-checked before publish.