Blog – Page 52 – VigilantAI

March 27, 2025
No Comments

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

March 27, 2025
No Comments

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

March 26, 2025
No Comments

New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations

March 26, 2025
No Comments

RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment

March 26, 2025
No Comments

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

March 26, 2025
No Comments

Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience

March 26, 2025
No Comments

Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks

March 26, 2025
No Comments

How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More

March 26, 2025
No Comments

Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms

March 26, 2025
No Comments

New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround

The Evolving Importance of Identity Governance in FinTech July 10, 2025
In the rapidly evolving FinTech landscape, data is power, and access to this data must be seamless but at the same time secure. FinTech companies offer novel services to sizable consumers; however, they must secure sensitive financial information against breaches, fraud, and any regulatory violations. The data security requires managing access privileges for internal employees, […]
Anant Wairagade
ServiceNow Fixes High-Severity Data Leak Flaw After Varonis Uncovers ‘Count(er) Strike)’ July 10, 2025
A high-severity vulnerability in the ServiceNow platform could have exposed vast amounts of sensitive data to low-privileged or even anonymous users. Researchers at Varonis Threat Labs discovered the issue, dubbed Count(er) Strike, which exploits a flaw in how the system displays record counts, offering attackers a quiet but powerful method of data inference and exfiltration. […]
Kirsten Doyle
Google’s Gemini Can Now Access WhatsApp by Default, Even If Tracking Is Off July 10, 2025
Google has quietly switched on default access for its Gemini AI to interact with apps like WhatsApp, even if you previously told it not to. Android users began receiving emails last week alerting them that Gemini now has broader access to their phones. As of 9 July, the AI assistant can read and act on […]
Kirsten Doyle
M&S Chair Admits Devastating Cyberattack but Refuses to Say if Ransom Was Paid July 10, 2025
Marks & Spencer chairman Archie Norman has faced tough questions in Parliament after a cyberattack that paralysed the British retailer’s digital operations for months and is expected to cost the company £300 million in lost profits. Appearing before the Business and Trade Committee on 8 July, Norman described the breach as “devastating” but refused to […]
Kirsten Doyle
AI Impersonator Posed as Secretary of State Rubio to Target World Leaders July 9, 2025
An unidentified individual used artificial intelligence to impersonate U.S. Secretary of State Marco Rubio, contacting foreign ministers, a U.S. governor, and a member of Congress via voice and text messages, according to a State Department cable first seen by The Washington Post. The impersonator cloned Rubio’s voice using AI-powered software, then reached out through Signal, […]
Kirsten Doyle
Tax Credit Consultancy Exposes Nearly 250,000 Records in Major Data Breach July 9, 2025
A tax credit consulting firm seems to have exposed the personal data of thousands of Americans after leaving a slew of sensitive documents unprotected online. The breach was discovered by cybersecurity researcher Jeremiah Fowler, who reported his findings to vpnMentor. As outlined by Fowler, the unencrypted, non-password-protected database contained 245,949 records, which translated to nearly […]
Kirsten Doyle
CISA Flags Four Actively Exploited Flaws, Urges Swift Remediation July 9, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four more security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing clear evidence of active exploitation in the wild. The latest additions span a range of technologies, some dating back more than a decade. The vulnerabilities are: CVE-2014-3931 (CVSS score: 9.8) – A buffer […]
Kirsten Doyle
Mitigating the Toxic Cloud Trilogy to Empower Everyone from the Most to the Least Tech-Savvy July 8, 2025
Cloud computing has its perks: speed, scalability, and innovation, to name just a few. However, increasing reliance on cloud computing has changed the threat landscape and created substantial points of vulnerability. The toxic cloud trilogy of cloud workload risks – those that are publicly exposed, critically vulnerable, and highly privileged – represents the most dangerous. […]
Josh Breaker Rolfe
Ransomware Attack Cripples Ingram Micro, Disrupts Global Services July 8, 2025
Ingram Micro has confirmed a ransomware attack that has forced systems offline and disrupted core services across its global operations. The breach, first reported as an unexplained outage on 3 July has now been linked to the SafePay ransomware group, one of the more active players in the 2025 threat landscape. By 6 July, the […]
Kirsten Doyle
Stolen Identities Now the Biggest Threat in Cybersecurity July 8, 2025
The biggest threat to your business may no longer be malware or ransomware. It’s your people. Or rather, their identities. Between 2023 and the first quarter of 2025, identity-driven threats surged by 156%, now accounting for 59% of all confirmed cyber incidents, according to new research by eSentire’s Threat Response Unit (TRU). The findings mark […]
Kirsten Doyle