Blog – Page 2 – VigilantAI

August 15, 2025
No Comments

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

August 14, 2025
No Comments

New HTTP/2 ‘MadeYouReset’ Vulnerability Enables Large-Scale DoS Attacks

August 14, 2025
No Comments

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS

August 14, 2025
No Comments

New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits

August 14, 2025
No Comments

Have You Turned Off Your Virtual Oven?

August 14, 2025
No Comments

Simple Steps for Attack Surface Reduction

August 14, 2025
No Comments

Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses

August 14, 2025
No Comments

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

August 13, 2025
No Comments

New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks

August 13, 2025
No Comments

Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws

KawaLocker Ransomware Emerges in New Attack August 18, 2025
Huntress analysts have tracked a fresh ransomware incident involving KawaLocker, also known as KAWA4096. The variant is new, but the method is familiar. Attackers gained access, disabled defenses, and moved to encrypt files. Ransomware families surface often. A year ago, Huntress reported on ReadText34. Just last month, a never-before-seen strain called Crux appeared. KawaLocker joins […]
Kirsten Doyle
Managing Third-Party Security Risks in Education August 15, 2025
In December 2024, PowerSchool — one of North America’s most widely used student information systems — disclosed a breach that affected millions of students and educators. Hackers gained access using a compromised password and remained undetected for nine days, exposing sensitive personal information, including Social Security numbers and medical histories. This wasn’t just a system […]
Zac Amos
Canadian Parliament Hit by Cyberattack, Investigation Underway August 15, 2025
The House of Commons and Canada’s cybersecurity agency are investigating a significant breach of parliamentary employee data, CBC News reports. An internal email to CBC staff on Monday 11 August said a malicious actor exploited a recent Microsoft vulnerability to gain unauthorized access to a database used to manage computers and mobile devices. The data […]
Kirsten Doyle
Credential Theft and Data Exfiltration Lead Modern Ransomware Threats August 15, 2025
Ransomware and infostealer threats are evolving faster than most organizations can keep pace. Security teams have invested heavily in backup and recovery systems, yet today’s most damaging attacks often bypass encryption altogether. Picus Security’s Blue Report 2025 uncovered a shift: threat actors are targeting credential theft, data exfiltration, and lateral movement, founded on stealth and […]
Kirsten Doyle
Why upskilling must be a strategic priority for UK tech organisations August 14, 2025
The UK tech sector stands at a crossroads. On one hand, we are seeing ambitious investments in emerging technologies, particularly AI, cloud computing, and cybersecurity. On the other hand, a significant disconnect grows between the pace of innovation and the digital capabilities of the current workforce. According to a 2024 study by the University of […]
Alexia Pedersen
Six New Windows Vulnerabilities Found, Including First Rust-Based Kernel Flaw August 14, 2025
Six new vulnerabilities have been found in Microsoft Windows. One is critical. All are serious. Check Point Research discovered the flaws and disclosed them privately to Microsoft. Patches were released on 12 August as part of Patch Tuesday. The risks are varied: system crashes, arbitrary code execution, and information leaks. For attackers, the attack surface […]
Kirsten Doyle
The Real Purpose of the UK’s Online Safety Act: An Expert Explains August 13, 2025
The introduction of the UK’s Online Safety Act has sparked a lot of conversation and confusion. Both users and businesses are still trying to make sense of what it really means and how to navigate it. Professor George Loukas, Professor of Cyber Security (Human-centric and Cyber-physical Security) at the University of Greenwich, is here to […]
Dilki Rathnayake
Empowering Citizen Developers Without Compromising Security August 13, 2025
Thanks to no-code tools, citizen application development platforms (CADPs) are ushering in a new era where business units are no longer waiting in IT backlogs for application support—they’re building their own. Employees without coding skills are creating business applications, workflow automations, and integrations with a few clicks. According to Gartner, citizen developers will contribute up […]
Yair Finzi
Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images August 13, 2025
In March last year, an insidious software supply chain compromise was revealed. The discovery of a backdoor in XZ Utils shook the cybersecurity world, thanks to its technical sophistication and for the bad actor’s methodical patience. A developer known as “Jia Tan” had spent two years earning trust in the XZ Utils project. The code […]
Kirsten Doyle
Erlang/OTP SSH Flaw Actively Exploited in OT Networks August 13, 2025
A critical flaw in Erlang’s Open Telecom Platform is under active attack. CVE-2025-32433 carries a CVSS score of 10.0 and allows remote code execution without authentication. According to Palo Alto’s Unit 42 reseachers, it affects the platform’s native SSH daemon, used to manage hosts in telecom, 5G, and industrial systems. Bad actors can send specific […]
Kirsten Doyle

Category: Blog

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

New HTTP/2 ‘MadeYouReset’ Vulnerability Enables Large-Scale DoS Attacks

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS

New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits

Have You Turned Off Your Virtual Oven?

Simple Steps for Attack Surface Reduction

Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks

Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws

[email protected]