Blog – VigilantAI

August 16, 2025
No Comments

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

August 16, 2025
No Comments

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

August 15, 2025
No Comments

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

August 15, 2025
No Comments

Zero Trust + AI: Privacy in the Age of Agentic AI

August 15, 2025
No Comments

U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions

August 15, 2025
No Comments

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

August 14, 2025
No Comments

New HTTP/2 ‘MadeYouReset’ Vulnerability Enables Large-Scale DoS Attacks

August 14, 2025
No Comments

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS

August 14, 2025
No Comments

New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits

August 14, 2025
No Comments

Have You Turned Off Your Virtual Oven?

Managing Third-Party Security Risks in Education August 15, 2025
In December 2024, PowerSchool — one of North America’s most widely used student information systems — disclosed a breach that affected millions of students and educators. Hackers gained access using a compromised password and remained undetected for nine days, exposing sensitive personal information, including Social Security numbers and medical histories. This wasn’t just a system […]
Zac Amos
Canadian Parliament Hit by Cyberattack, Investigation Underway August 15, 2025
The House of Commons and Canada’s cybersecurity agency are investigating a significant breach of parliamentary employee data, CBC News reports. An internal email to CBC staff on Monday 11 August said a malicious actor exploited a recent Microsoft vulnerability to gain unauthorized access to a database used to manage computers and mobile devices. The data […]
Kirsten Doyle
Credential Theft and Data Exfiltration Lead Modern Ransomware Threats August 15, 2025
Ransomware and infostealer threats are evolving faster than most organizations can keep pace. Security teams have invested heavily in backup and recovery systems, yet today’s most damaging attacks often bypass encryption altogether. Picus Security’s Blue Report 2025 uncovered a shift: threat actors are targeting credential theft, data exfiltration, and lateral movement, founded on stealth and […]
Kirsten Doyle
Why upskilling must be a strategic priority for UK tech organisations August 14, 2025
The UK tech sector stands at a crossroads. On one hand, we are seeing ambitious investments in emerging technologies, particularly AI, cloud computing, and cybersecurity. On the other hand, a significant disconnect grows between the pace of innovation and the digital capabilities of the current workforce. According to a 2024 study by the University of […]
Alexia Pedersen
Six New Windows Vulnerabilities Found, Including First Rust-Based Kernel Flaw August 14, 2025
Six new vulnerabilities have been found in Microsoft Windows. One is critical. All are serious. Check Point Research discovered the flaws and disclosed them privately to Microsoft. Patches were released on 12 August as part of Patch Tuesday. The risks are varied: system crashes, arbitrary code execution, and information leaks. For attackers, the attack surface […]
Kirsten Doyle
The Real Purpose of the UK’s Online Safety Act: An Expert Explains August 13, 2025
The introduction of the UK’s Online Safety Act has sparked a lot of conversation and confusion. Both users and businesses are still trying to make sense of what it really means and how to navigate it. Professor George Loukas, Professor of Cyber Security (Human-centric and Cyber-physical Security) at the University of Greenwich, is here to […]
Dilki Rathnayake
Empowering Citizen Developers Without Compromising Security August 13, 2025
Thanks to no-code tools, citizen application development platforms (CADPs) are ushering in a new era where business units are no longer waiting in IT backlogs for application support—they’re building their own. Employees without coding skills are creating business applications, workflow automations, and integrations with a few clicks. According to Gartner, citizen developers will contribute up […]
Yair Finzi
Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images August 13, 2025
In March last year, an insidious software supply chain compromise was revealed. The discovery of a backdoor in XZ Utils shook the cybersecurity world, thanks to its technical sophistication and for the bad actor’s methodical patience. A developer known as “Jia Tan” had spent two years earning trust in the XZ Utils project. The code […]
Kirsten Doyle
Erlang/OTP SSH Flaw Actively Exploited in OT Networks August 13, 2025
A critical flaw in Erlang’s Open Telecom Platform is under active attack. CVE-2025-32433 carries a CVSS score of 10.0 and allows remote code execution without authentication. According to Palo Alto’s Unit 42 reseachers, it affects the platform’s native SSH daemon, used to manage hosts in telecom, 5G, and industrial systems. Bad actors can send specific […]
Kirsten Doyle
Breach at Dutch Lab Exposes Data of 485,000 in Cervical Cancer Screening August 12, 2025
A breach at a Dutch laboratory has exposed the personal and medical data of more than 485,000 women in the national cervical cancer screening programme. The attack hit Clinical Diagnostics NMDL, a Eurofins subsidiary in Rijswijk. The lab tests self-sample kits and smear test samples for Bevolkingsonderzoek Nederland (Population Research Netherlands). Bad actors accessed names, […]
Kirsten Doyle