Blog – VigilantAI

May 15, 2026
No Comments

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

May 15, 2026
No Comments

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

May 14, 2026
No Comments

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

May 14, 2026
No Comments

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

May 14, 2026
No Comments

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

May 14, 2026
No Comments

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

May 14, 2026
No Comments

How AI Hallucinations Are Creating Real Security Risks

May 14, 2026
No Comments

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

May 14, 2026
No Comments

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

May 14, 2026
No Comments

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

What to do when your AI’s guardrails fail May 14, 2026
I want to talk about the Microsoft 365 Copilot bug. Not because it was exceptional, but because what it exposed should change how every organization architects AI governance. For weeks at the beginning of the year, Microsoft 365 Copilot read and summarized confidential emails despite sensitivity labels and Data Loss Prevention policies being correctly configured […]
Tim Freestone
Microsoft patches 138 vulnerabilities as AI-driven discovery accelerates May 14, 2026
Microsoft is poised to set a new record for yearly patching by having released patches for over 130 vulnerabilities as part of its May Patch Tuesday release, pushing Microsoft’s total number of patched vulnerabilities to over 500 in just five months in 2026. Researchers at Microsoft and other organizations said that AI-enabled vulnerability discovery systems have greatly accelerated and amplified the […]
Kirsten Doyle
Foxconn confirms cyberattack following Nitrogen ransomware claims May 14, 2026
Foxconn has confirmed that several of its North American factories were hit by a cyberattack, after the Nitrogen ransomware group claimed to have stolen 8TB of data comprising more than 11 million files. According to the bad actor, the information supposedly obtained contains private directives, project details, technical drawings, and related project documents that pertain to companies such as Intel, Apple, Google, […]
Kirsten Doyle
The evolution of cyber risk: Addressing geopolitical threats May 13, 2026
Ransomware, data breaches, phishing schemes—cyber attacks can take many forms. Traditionally, the motive of these attackers can often be traced back to some sort of tangible goal. An attacker may want to extort some financial gain from a business, while another may seek to gather sensitive information to commit other crimes, like fraud. Any breach […]
Avani Desai
Canvas cyberattack disrupts universities as ShinyHunters threatens massive data leak May 12, 2026
An attack on the popular Instructure Canvas learning management system has caused major disruptions for schools and universities in the US, just as students gear up for finals. This poses a serious threat to the personal data of millions of students and teachers. Multiple institutions reported outages affecting the web-based Canvas platform on Thursday, with […]
Kirsten Doyle
Zara Owner Inditex Confirms Customer Data Breach Affecting Nearly 200,000 People May 11, 2026
Fashion retailer Inditex, the parent company of Zara, has confirmed unauthorized access to customer transaction databases hosted by a third-party provider. Data breach notification service Have I Been Pwned said approximately 197,400 unique email addresses were included in the leaked dataset. The company said it had launched security protocols and notified the relevant authorities following the incident, Reuters […]
Kirsten Doyle
Online Safety Act failing to deliver “step change” for children, report warns May 11, 2026
A new report published by Internet Matters, reveals that the Online Safety Act (OSA) in the UK, although bringing visibility of online safety tools, does not seem to be living up to expectations of providing the much-needed “meaningful protection from harm.” In their report titled The Online Safety Act: Are Children Safer Online?, Internet Matters has highlighted a […]
Kirsten Doyle
Investigating the aftermath: understanding digital forensics after a cyber incident May 7, 2026
Successfully recovering your business from a cyberattack often requires much more than just loading up backups. Although your first instinct is likely to prioritize normal operations as quickly as possible, there’s also the important process of taking a detailed look at events before moving forward. Taking the time to investigate past events helps you understand […]
Nazy Fouladirad
“Recovery Is the New Prevention”: a Q&A with CSO of Health-ISAC, Errol Weiss May 7, 2026
Errol Weiss spent fourteen years in banking and finance before joining Health-ISAC, where he serves as Chief Security Officer. His career has tracked a quiet but profound shift in how critical sectors think about cyber defense, away from prevention at all costs, toward resilience and rapid recovery. In a conversation with Joe Pettit, Weiss explains why treating attacks as inevitable changes […]
Errol Weiss and Joe Pettit
Trelix admits breach on a ‘portion’ of its source code repository May 7, 2026
Trellix has disclosed unauthorized access to a portion of its source code repository. However, it did not specify which portion of its source code was accessed, nor did it provide many further details about the incident. “Upon learning of this matter, we immediately began working with leading forensic experts to resolve it. We have also notified law enforcement,” the company said in a statement. Based on its investigation to date, Trellix added […]
Kirsten Doyle

Category: Blog

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

How AI Hallucinations Are Creating Real Security Risks

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

[email protected]