Blog – Page 46 – VigilantAI

May 28, 2025
No Comments

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

May 28, 2025
No Comments

How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds

May 28, 2025
No Comments

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

May 28, 2025
No Comments

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

May 27, 2025
No Comments

Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

May 27, 2025
No Comments

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

May 27, 2025
No Comments

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

May 27, 2025
No Comments

AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

May 27, 2025
No Comments

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

May 27, 2025
No Comments

Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign

Whistleblower Claims DOGE Put Critical Social Security Data at Risk August 28, 2025
A whistleblower says the government put every American’s Social Security record at risk. Charles Borges, Chief Data Officer at the Social Security Administration, filed the complaint. He describes a “live copy of the country’s Social Security information in a cloud environment that circumvents oversight.” The file is the Numident database. It holds names, birth dates, […]
Kirsten Doyle
Widespread Salesforce Data Theft Exploits Salesloft Drift Integration August 28, 2025
A major data theft campaign has hit corporate Salesforce instances. The actor, tracked as UNC6395, leveraged compromised OAuth tokens from the Salesloft Drift application to pull data. The attacks ran from August 8 through at least August 18. Google Threat Intelligence Group (GTIG) says the campaign moved at scale. Data was exported by the bucketful. […]
Kirsten Doyle
What JPMorgan gets right about AI security — and why storage must catch up August 27, 2025
JPMorgan’s open letter to technology vendors isn’t just another security advisory — it’s a watershed moment for enterprise AI adoption. When the world’s largest bank publicly demands that providers “urgently reprioritize security,” it signals a fundamental shift in how businesses will evaluate AI systems going forward. Though the message was originally aimed at SaaS providers, […]
Giorgio Regni
Critical Docker Desktop Flaw Exposes Host Systems to Malicious Containers August 27, 2025
Containers are supposed to isolate and keep things in their lane. But a new vulnerability proves that line is fragile. CVE-2025-9074 affects Docker Desktop on Windows and macOS. A malicious container can reach the Docker Engine, launch other containers, mount the host filesystem, and escalate privileges to admin. The score is 9.3. It is critical. […]
Kirsten Doyle
New ZipLine Campaign Exploits Contact Forms to Target US Supply Chains August 27, 2025
Bad actors are patient. They know trust takes time. With ZipLine, they have turned patience into a weapon. Check Point Research has uncovered a campaign aimed at U.S. manufacturers and supply-chain critical industries. The trick is simple, yet unusual. The attacker does not send the first email. Instead, they use the target’s own “Contact Us” […]
Kirsten Doyle
Farmers Insurance Breach Exposing 1.1 Million Customers August 27, 2025
Farmers Insurance has confirmed a breach affecting more than 1.07 million customers nationwide. The intrusion traces to a third-party vendor and links to a broader wave of attacks targeting Salesforce environments. Google, Cisco, Adidas, Qantas, and Allianz have also fallen victim. The breach began on 29 May. Farmers’ notification explains: “One of Farmers’ third-party vendors […]
Kirsten Doyle
Fortinet Uncovers Phishing Campaign Targeting Companies via UpCrypter August 27, 2025
Researchers recently uncovered a worldwide phishing scam that leverages highly convincing phishing emails to deliver a malware dropper called UpCrypter. According to Fortinet FortiGuard Labs, the detection count has doubled within a timespan of two weeks; an alarming rate of growth. Researcher Cara Lin observed, “This is not just about stealing email logins, but is […]
Katrina Thompson
AI and Supply Chain Transparency Redefine Embedded Software Security in 2025 August 27, 2025
The embedded software world is undergoing one of its most profound shifts in decades, according to Black Duck’s State of Embedded Software Quality and Safety 2025 report. The global survey of 785 developers, managers, and security professionals reveals the two major forces reshaping the industry: the rapid adoption of AI for development, and the growing […]
Josh Breaker Rolfe
Malicious Go Module Sends Stolen SSH Credentials to Telegram August 26, 2025
A Go package disguised as an SSH brute forcer has been caught stealing credentials and sending them straight to a Telegram bot controlled by a Russian-speaking threat actor. Socket’s Threat Research Team found the package, called golang-random-ip-ssh-bruteforce, still live on GitHub and the Go Module registry. It claims to be a “fast” SSH brute forcer. […]
Kirsten Doyle
The Technologies Redefining UK, European, and NATO Defence August 26, 2025
The United Kingdom is sharpening its defence posture. Five technologies stand at the heart of this effort. While the industry’s heavyweights continue to supply capability, fresh value lies with early to mid-stage firms. These smaller players, often led by veterans and security professionals, move fast. They innovate, adapt, and bring new answers to complex military […]
Kirsten Doyle