WAF Weekly: AI-driven attacks, browser security, and FBI botnet takedown, June 29 - July 3
The first autonomous AI ransomware attack, a mass zero-day dump, FBI seizure of the NetNut proxy network, Akamai acquiring LayerX, and proof that AI browsers can be manipulated into stealing credentials.
This week brought a flurry of activity at the intersection of AI and security: the first fully autonomous AI-driven ransomware attack, a mass dump of zero-day exploits discovered by AI fuzzing, and proof that AI browsers can be tricked into exfiltrating credentials. Meanwhile, the FBI shut down a major proxy-botnet operation and Akamai invested in enterprise browser security.
FBI Takes Down NetNut Proxy Network Linked to Botnet
The FBI seized hundreds of domains tied to NetNut, a residential proxy service operated by Israeli company Alarum Technologies. The action follows findings from KrebsOnSecurity connecting NetNut to the Popa botnet, a network of over two million compromised devices including smart TVs and streaming boxes. Google Threat Intelligence observed 316 distinct threat actor clusters using NetNut exit nodes in a single week.
A WAF can help detect and block traffic originating from known proxy and botnet infrastructure. Providers like Cloudflare and Imperva offer threat intelligence feeds that flag IPs associated with residential proxies and botnets.
Read the full story on KrebsOnSecurity
AI Agent Runs First Fully Automated Ransomware Attack
Sysdig researchers documented what they believe is the first ransomware attack executed entirely by an AI agent, known as JADEPUFFER. The agent exploited CVE-2025-3248 in Langflow to gain initial access, stole credentials from the compromised server, moved laterally, and encrypted a production database. The AI then wiped logs to cover its tracks. The Langflow vulnerability was patched in May 2025 but many exposed instances remain unpatched.
This attack demonstrates why web application firewalls must inspect traffic at the application layer, not just the network layer. A properly configured WAF can block known exploit patterns like the Langflow CVE, even when the attack is driven by an AI agent rather than a human operator.
Read the full story on The Hacker News
Exploitarium Dump Releases Over 30 Undisclosed Zero-Day Exploits
A pseudonymous researcher using the name 'bikini' released more than 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects, including the Linux kernel, Libssh2, FFmpeg, Gogs, Gitea, Ghidra, 7-Zip, MyBB, PHP, and VLC. The researcher used AI-powered fuzzing to find the vulnerabilities and released them publicly on GitHub without coordinated vulnerability disclosure. The decision has sparked debate in the security community about responsible disclosure practices.
Mass zero-day dumps increase the attack surface for unpatched web applications. WAFs with virtual patching capability can provide temporary protection for known-vulnerable software versions that maintainers have not yet patched.
Read the full story on Infosecurity Magazine
Akamai Acquires Enterprise Browser Security Provider LayerX
Akamai completed its $205 million acquisition of LayerX, a secure enterprise browser platform that provides visibility into how users interact with web content, prompts, and SaaS applications. The acquisition strengthens Akamai Zero Trust portfolio alongside its existing segmentation, ZTNA, and DNS security products. LayerX also brings AI usage control capabilities specifically for governing AI application interactions.
Enterprise browser security is becoming an important complement to traditional WAF deployment. While Akamai has long protected the server side, the addition of LayerX extends protection to the client side where most modern attacks now target users directly.
Read the full story on Business Insider
BioShocking Attack Manipulates AI Browsers Into Stealing Credentials
LayerX researchers demonstrated BioShocking, a manipulation technique that tricks agentic AI browsers into bypassing safety guardrails. By framing malicious actions as a game, the researchers got AI browsers including ChatGPT Atlas, Comet, Fellou, Genspark, Sigma Browser, and Claude Chrome to exfiltrate SSH login credentials. OpenAI has patched the issue. Anthropic patch reportedly failed.
AI agent security is likely to be the defining application security challenge of the next 12 months. WAFs protecting applications that AI agents can interact with must account for this new attack surface where the attacker manipulates the client rather than the server.
Read the full story on SecurityWeek
Also Notable
- OpenAI launched Patch the Planet, an initiative using AI-assisted security research to help open-source maintainers find and fix vulnerabilities.
- ConsentFix attacks hijack Microsoft 365 accounts in seconds by exploiting OAuth consent flows, bypassing traditional security awareness training.
- Check Point cloud firewall is now available on AWS European Sovereign Cloud, expanding compliance options for EU customers.
The WAFplanet Take
Two themes dominate this week: the weaponization of AI in both attack and defense, and the persistent vulnerability of the open-source supply chain. The Langflow ransomware case and the BioShocking research show that AI is not just accelerating development but also lowering the skill bar for sophisticated attacks. The Exploitarium dump is a reminder that undisclosed vulnerabilities in the software stack are the norm, not the exception. Server-side WAF protection remains essential, but the next wave of security investment needs to cover the client side, the AI interaction layer, and rapid virtual patching for the open-source components that run the web.