Blog – Page 49 – VigilantAI

April 2, 2025
No Comments

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

April 2, 2025
No Comments

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

April 1, 2025
No Comments

Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

April 1, 2025
No Comments

Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform

April 1, 2025
No Comments

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

April 1, 2025
No Comments

New Case Study: Global Retailer Overshares CSRF Tokens with Facebook

April 1, 2025
No Comments

China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions

April 1, 2025
No Comments

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

April 1, 2025
No Comments

Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices

April 1, 2025
No Comments

Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices

The Evolving Importance of Identity Governance in FinTech July 10, 2025
In the rapidly evolving FinTech landscape, data is power, and access to this data must be seamless but at the same time secure. FinTech companies offer novel services to sizable consumers; however, they must secure sensitive financial information against breaches, fraud, and any regulatory violations. The data security requires managing access privileges for internal employees, […]
Anant Wairagade
ServiceNow Fixes High-Severity Data Leak Flaw After Varonis Uncovers ‘Count(er) Strike)’ July 10, 2025
A high-severity vulnerability in the ServiceNow platform could have exposed vast amounts of sensitive data to low-privileged or even anonymous users. Researchers at Varonis Threat Labs discovered the issue, dubbed Count(er) Strike, which exploits a flaw in how the system displays record counts, offering attackers a quiet but powerful method of data inference and exfiltration. […]
Kirsten Doyle
Google’s Gemini Can Now Access WhatsApp by Default, Even If Tracking Is Off July 10, 2025
Google has quietly switched on default access for its Gemini AI to interact with apps like WhatsApp, even if you previously told it not to. Android users began receiving emails last week alerting them that Gemini now has broader access to their phones. As of 9 July, the AI assistant can read and act on […]
Kirsten Doyle
M&S Chair Admits Devastating Cyberattack but Refuses to Say if Ransom Was Paid July 10, 2025
Marks & Spencer chairman Archie Norman has faced tough questions in Parliament after a cyberattack that paralysed the British retailer’s digital operations for months and is expected to cost the company £300 million in lost profits. Appearing before the Business and Trade Committee on 8 July, Norman described the breach as “devastating” but refused to […]
Kirsten Doyle
AI Impersonator Posed as Secretary of State Rubio to Target World Leaders July 9, 2025
An unidentified individual used artificial intelligence to impersonate U.S. Secretary of State Marco Rubio, contacting foreign ministers, a U.S. governor, and a member of Congress via voice and text messages, according to a State Department cable first seen by The Washington Post. The impersonator cloned Rubio’s voice using AI-powered software, then reached out through Signal, […]
Kirsten Doyle
Tax Credit Consultancy Exposes Nearly 250,000 Records in Major Data Breach July 9, 2025
A tax credit consulting firm seems to have exposed the personal data of thousands of Americans after leaving a slew of sensitive documents unprotected online. The breach was discovered by cybersecurity researcher Jeremiah Fowler, who reported his findings to vpnMentor. As outlined by Fowler, the unencrypted, non-password-protected database contained 245,949 records, which translated to nearly […]
Kirsten Doyle
CISA Flags Four Actively Exploited Flaws, Urges Swift Remediation July 9, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four more security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing clear evidence of active exploitation in the wild. The latest additions span a range of technologies, some dating back more than a decade. The vulnerabilities are: CVE-2014-3931 (CVSS score: 9.8) – A buffer […]
Kirsten Doyle
Mitigating the Toxic Cloud Trilogy to Empower Everyone from the Most to the Least Tech-Savvy July 8, 2025
Cloud computing has its perks: speed, scalability, and innovation, to name just a few. However, increasing reliance on cloud computing has changed the threat landscape and created substantial points of vulnerability. The toxic cloud trilogy of cloud workload risks – those that are publicly exposed, critically vulnerable, and highly privileged – represents the most dangerous. […]
Josh Breaker Rolfe
Ransomware Attack Cripples Ingram Micro, Disrupts Global Services July 8, 2025
Ingram Micro has confirmed a ransomware attack that has forced systems offline and disrupted core services across its global operations. The breach, first reported as an unexplained outage on 3 July has now been linked to the SafePay ransomware group, one of the more active players in the 2025 threat landscape. By 6 July, the […]
Kirsten Doyle
Stolen Identities Now the Biggest Threat in Cybersecurity July 8, 2025
The biggest threat to your business may no longer be malware or ransomware. It’s your people. Or rather, their identities. Between 2023 and the first quarter of 2025, identity-driven threats surged by 156%, now accounting for 59% of all confirmed cyber incidents, according to new research by eSentire’s Threat Response Unit (TRU). The findings mark […]
Kirsten Doyle