Blog – Page 72 – VigilantAI

February 20, 2025
No Comments

Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

February 19, 2025
No Comments

Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes

February 19, 2025
No Comments

The Ultimate MSP Guide to Structuring and Selling vCISO Services

February 19, 2025
No Comments

New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection

February 19, 2025
No Comments

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

February 19, 2025
No Comments

CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

February 18, 2025
No Comments

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

February 18, 2025
No Comments

Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

February 18, 2025
No Comments

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

February 18, 2025
No Comments

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Taming Repeat Clickers: Managing High-Risk Cyber Behaviors July 16, 2025
Of all the battles against phishing and social engineering attacks, organizations have a silent and underestimated security threat: the repeat clicker. These individuals, despite years of awareness training and simulated phishing drills, consistently click on suspicious links in emails. Unlike one-time mistakes, repeated clicking indicates ingrained behavioral habits that blanket awareness programs cannot correct. To […]
Erich Kron
SVG Smuggling: How Malicious Images Are Hijacking Browsers July 16, 2025
Threat actors have a new trick: hiding malicious JavaScript inside what looks like an innocent image, according to the Ontinue research team. A string of phishing campaigns is using SVG (Scalable Vector Graphics) files to smuggle browser redirects past traditional security tools. The result? Stealthy attacks, minimal user interaction, and victims who never see it […]
Kirsten Doyle
Railway Systems at Risk: Critical Vulnerability Could Allow Remote Control of Trains July 16, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a grave warning about a critical vulnerability affects railroad communication systems across the US. The flaw, designated as CVE-2025-1727, can potentially enable bad actors to control train brakes remotely (radio-proximity, not global internet). This vulnerability focuses on the End-of-Train and Head-of-Train protocols, collectively known as FRED. […]
Kirsten Doyle
CISOs Take Charge as OT Security Matures July 16, 2025
Operational technology (OT) security has become a boardroom issue, according to recent Fortinet research. The report reveals that 52% of organizations now assign OT cybersecurity to the CISO or CSO, up from just 16% in 2022. That number is expected to climb to 80% within the next year. This growing executive accountability reflects heightened concerns […]
Josh Breaker Rolfe
NCA Nets Suspects in Cyber Attacks on M&S, Co-op and Harrods July 15, 2025
Four young people have been arrested after cyber attacks on some of the UK’s best-known retailers. The National Crime Agency picked up two 19-year-old men, a 17-year-old boy, and a 20-year-old woman. Early morning raids. Homes searched. Devices seized. All remain in custody. The arrests follow coordinated attacks on M&S, Co-op and Harrods in April. […]
Kirsten Doyle
84% of Enterprises at Risk from Weak API Security July 15, 2025
Enterprise platforms have a major API security gap, with 84% of organizations exposing sensitive data through APIs without adequate safeguards, new research from Raidiam has revealed. The study, which profiled 68 companies in sectors like fintech, SaaS, and payments, highlights a growing disconnect between the sensitivity of data flowing through APIs and the strength of […]
Josh Breaker Rolfe
The Dark Data Marketplaces Funding Cybercrime July 14, 2025
Every breach headline hides a second-act drama that unfolds out of sight. Once hackers extract a trove of corporate records or consumer log-ins, that data rarely sits idle; it flows straight into a shadow economy that has grown as sophisticated as any legitimate e-commerce sector. Researchers now count about 30,000 active hidden-service sites on the […]
Isla Sibanda
PerfektBlue: Bluetooth Flaws Expose Cars to One-Click Remote Code Execution July 14, 2025
Four linked vulnerabilities in OpenSynergy’s Blue SDK allow attackers to take over a vehicle’s infotainment system with a single click. The flaws affect major automotive brands, including Mercedes-Benz, Volkswagen, and Skoda. The PCA Security Assessment Team discovered the issues while analyzing compiled Blue SDK binaries. They didn’t have source code. They didn’t need it. The […]
Kirsten Doyle
New Attack Uses Gemini Summaries to Deliver Phishing Lures July 14, 2025
A new vulnerability in Google Gemini for Workspace shows how AI can be turned into a silent accomplice. A security researcher has uncovered a way to smuggle malicious commands into an email, hidden from the user’s view but faithfully executed by Gemini. When the recipient clicks “Summarize this email,” Gemini parses the invisible instruction and […]
Kirsten Doyle
McBreach with Fries? Default Logins, Sloppy Code Expos McDonald’s Job Applicants July 14, 2025
A security lapse in McHire, McDonald’s chatbot-powered recruitment platform, exposed personal data from more than 64 million job applicants. The breach combined two fundamental flaws: default administrator credentials and an insecure direct object reference (IDOR) vulnerability. McHire, used by 90% of McDonald’s franchisees, lets candidates chat with a bot named Olivia, built by Paradox.ai, to […]
Kirsten Doyle