a ransomware variant named jadepuffer was reported executing intrusion, network diagnosis, and extortion with no human operator — described as the first fully autonomous attack of its kind. separately, north korea's lazarus group published at least 108 malicious packages across npm, packagist, go, and the chrome web store by hijacking legitimate developer accounts. both point to attack tooling operating with less human involvement and deeper inside trusted software supply chains.