Blog – Page 73 – VigilantAI

February 18, 2025
No Comments

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

February 18, 2025
No Comments

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

February 18, 2025
No Comments

Debunking the AI Hype: Inside Real Hacker Tactics

February 18, 2025
No Comments

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

February 18, 2025
No Comments

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

February 17, 2025
No Comments

Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

February 17, 2025
No Comments

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

February 17, 2025
No Comments

CISO’s Expert Guide To CTEM And Why It Matters

February 17, 2025
No Comments

New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

February 17, 2025
No Comments

⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More

Taming Repeat Clickers: Managing High-Risk Cyber Behaviors July 16, 2025
Of all the battles against phishing and social engineering attacks, organizations have a silent and underestimated security threat: the repeat clicker. These individuals, despite years of awareness training and simulated phishing drills, consistently click on suspicious links in emails. Unlike one-time mistakes, repeated clicking indicates ingrained behavioral habits that blanket awareness programs cannot correct. To […]
Erich Kron
SVG Smuggling: How Malicious Images Are Hijacking Browsers July 16, 2025
Threat actors have a new trick: hiding malicious JavaScript inside what looks like an innocent image, according to the Ontinue research team. A string of phishing campaigns is using SVG (Scalable Vector Graphics) files to smuggle browser redirects past traditional security tools. The result? Stealthy attacks, minimal user interaction, and victims who never see it […]
Kirsten Doyle
Railway Systems at Risk: Critical Vulnerability Could Allow Remote Control of Trains July 16, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a grave warning about a critical vulnerability affects railroad communication systems across the US. The flaw, designated as CVE-2025-1727, can potentially enable bad actors to control train brakes remotely (radio-proximity, not global internet). This vulnerability focuses on the End-of-Train and Head-of-Train protocols, collectively known as FRED. […]
Kirsten Doyle
CISOs Take Charge as OT Security Matures July 16, 2025
Operational technology (OT) security has become a boardroom issue, according to recent Fortinet research. The report reveals that 52% of organizations now assign OT cybersecurity to the CISO or CSO, up from just 16% in 2022. That number is expected to climb to 80% within the next year. This growing executive accountability reflects heightened concerns […]
Josh Breaker Rolfe
NCA Nets Suspects in Cyber Attacks on M&S, Co-op and Harrods July 15, 2025
Four young people have been arrested after cyber attacks on some of the UK’s best-known retailers. The National Crime Agency picked up two 19-year-old men, a 17-year-old boy, and a 20-year-old woman. Early morning raids. Homes searched. Devices seized. All remain in custody. The arrests follow coordinated attacks on M&S, Co-op and Harrods in April. […]
Kirsten Doyle
84% of Enterprises at Risk from Weak API Security July 15, 2025
Enterprise platforms have a major API security gap, with 84% of organizations exposing sensitive data through APIs without adequate safeguards, new research from Raidiam has revealed. The study, which profiled 68 companies in sectors like fintech, SaaS, and payments, highlights a growing disconnect between the sensitivity of data flowing through APIs and the strength of […]
Josh Breaker Rolfe
The Dark Data Marketplaces Funding Cybercrime July 14, 2025
Every breach headline hides a second-act drama that unfolds out of sight. Once hackers extract a trove of corporate records or consumer log-ins, that data rarely sits idle; it flows straight into a shadow economy that has grown as sophisticated as any legitimate e-commerce sector. Researchers now count about 30,000 active hidden-service sites on the […]
Isla Sibanda
PerfektBlue: Bluetooth Flaws Expose Cars to One-Click Remote Code Execution July 14, 2025
Four linked vulnerabilities in OpenSynergy’s Blue SDK allow attackers to take over a vehicle’s infotainment system with a single click. The flaws affect major automotive brands, including Mercedes-Benz, Volkswagen, and Skoda. The PCA Security Assessment Team discovered the issues while analyzing compiled Blue SDK binaries. They didn’t have source code. They didn’t need it. The […]
Kirsten Doyle
New Attack Uses Gemini Summaries to Deliver Phishing Lures July 14, 2025
A new vulnerability in Google Gemini for Workspace shows how AI can be turned into a silent accomplice. A security researcher has uncovered a way to smuggle malicious commands into an email, hidden from the user’s view but faithfully executed by Gemini. When the recipient clicks “Summarize this email,” Gemini parses the invisible instruction and […]
Kirsten Doyle
McBreach with Fries? Default Logins, Sloppy Code Expos McDonald’s Job Applicants July 14, 2025
A security lapse in McHire, McDonald’s chatbot-powered recruitment platform, exposed personal data from more than 64 million job applicants. The breach combined two fundamental flaws: default administrator credentials and an insecure direct object reference (IDOR) vulnerability. McHire, used by 90% of McDonald’s franchisees, lets candidates chat with a bot named Olivia, built by Paradox.ai, to […]
Kirsten Doyle