Blog – Page 146 – VigilantAI

gurushyam.mony
October 21, 2024
No Comments

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

gurushyam.mony
October 21, 2024
No Comments

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

gurushyam.mony
October 21, 2024
No Comments

How Hybrid Password Attacks Work and How to Defend Against Them

gurushyam.mony
October 21, 2024
No Comments

FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation

gurushyam.mony
October 21, 2024
No Comments

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

gurushyam.mony
October 21, 2024
No Comments

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

gurushyam.mony
October 21, 2024
No Comments

Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

gurushyam.mony
October 21, 2024
No Comments

THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 – Oct 13)

gurushyam.mony
October 21, 2024
No Comments

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems

gurushyam.mony
October 21, 2024
No Comments

5 Steps to Boost Detection and Response in a Multi-Layered Cloud

KawaLocker Ransomware Emerges in New Attack August 18, 2025
Huntress analysts have tracked a fresh ransomware incident involving KawaLocker, also known as KAWA4096. The variant is new, but the method is familiar. Attackers gained access, disabled defenses, and moved to encrypt files. Ransomware families surface often. A year ago, Huntress reported on ReadText34. Just last month, a never-before-seen strain called Crux appeared. KawaLocker joins […]
Kirsten Doyle
Managing Third-Party Security Risks in Education August 15, 2025
In December 2024, PowerSchool — one of North America’s most widely used student information systems — disclosed a breach that affected millions of students and educators. Hackers gained access using a compromised password and remained undetected for nine days, exposing sensitive personal information, including Social Security numbers and medical histories. This wasn’t just a system […]
Zac Amos
Canadian Parliament Hit by Cyberattack, Investigation Underway August 15, 2025
The House of Commons and Canada’s cybersecurity agency are investigating a significant breach of parliamentary employee data, CBC News reports. An internal email to CBC staff on Monday 11 August said a malicious actor exploited a recent Microsoft vulnerability to gain unauthorized access to a database used to manage computers and mobile devices. The data […]
Kirsten Doyle
Credential Theft and Data Exfiltration Lead Modern Ransomware Threats August 15, 2025
Ransomware and infostealer threats are evolving faster than most organizations can keep pace. Security teams have invested heavily in backup and recovery systems, yet today’s most damaging attacks often bypass encryption altogether. Picus Security’s Blue Report 2025 uncovered a shift: threat actors are targeting credential theft, data exfiltration, and lateral movement, founded on stealth and […]
Kirsten Doyle
Why upskilling must be a strategic priority for UK tech organisations August 14, 2025
The UK tech sector stands at a crossroads. On one hand, we are seeing ambitious investments in emerging technologies, particularly AI, cloud computing, and cybersecurity. On the other hand, a significant disconnect grows between the pace of innovation and the digital capabilities of the current workforce. According to a 2024 study by the University of […]
Alexia Pedersen
Six New Windows Vulnerabilities Found, Including First Rust-Based Kernel Flaw August 14, 2025
Six new vulnerabilities have been found in Microsoft Windows. One is critical. All are serious. Check Point Research discovered the flaws and disclosed them privately to Microsoft. Patches were released on 12 August as part of Patch Tuesday. The risks are varied: system crashes, arbitrary code execution, and information leaks. For attackers, the attack surface […]
Kirsten Doyle
The Real Purpose of the UK’s Online Safety Act: An Expert Explains August 13, 2025
The introduction of the UK’s Online Safety Act has sparked a lot of conversation and confusion. Both users and businesses are still trying to make sense of what it really means and how to navigate it. Professor George Loukas, Professor of Cyber Security (Human-centric and Cyber-physical Security) at the University of Greenwich, is here to […]
Dilki Rathnayake
Empowering Citizen Developers Without Compromising Security August 13, 2025
Thanks to no-code tools, citizen application development platforms (CADPs) are ushering in a new era where business units are no longer waiting in IT backlogs for application support—they’re building their own. Employees without coding skills are creating business applications, workflow automations, and integrations with a few clicks. According to Gartner, citizen developers will contribute up […]
Yair Finzi
Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images August 13, 2025
In March last year, an insidious software supply chain compromise was revealed. The discovery of a backdoor in XZ Utils shook the cybersecurity world, thanks to its technical sophistication and for the bad actor’s methodical patience. A developer known as “Jia Tan” had spent two years earning trust in the XZ Utils project. The code […]
Kirsten Doyle
Erlang/OTP SSH Flaw Actively Exploited in OT Networks August 13, 2025
A critical flaw in Erlang’s Open Telecom Platform is under active attack. CVE-2025-32433 carries a CVSS score of 10.0 and allows remote code execution without authentication. According to Palo Alto’s Unit 42 reseachers, it affects the platform’s native SSH daemon, used to manage hosts in telecom, 5G, and industrial systems. Bad actors can send specific […]
Kirsten Doyle