Blog – Page 3 – VigilantAI

February 4, 2026
No Comments

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

February 3, 2026
No Comments

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

February 3, 2026
No Comments

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

February 3, 2026
No Comments

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

February 3, 2026
No Comments

When Cloud Outages Ripple Across the Internet

February 3, 2026
No Comments

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

February 3, 2026
No Comments

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

February 3, 2026
No Comments

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

February 2, 2026
No Comments

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

February 2, 2026
No Comments

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

The Winter Olympics Are Back, and So Are Attackers February 6, 2026
The Olympics have traditionally been a major attack vector for cyber disruption, espionage, and financially motivated attacks. The 2018 Winter Olympic Games in PyeongChang saw the Olympic Destroyer malware used to disrupt Wi-Fi, ticket, and venue systems during the opening ceremony of the games. During the Paris 2024 event, there was an increase in scanning, […]
Kirsten Doyle
Rethinking the Security Estate: Why IT Spend Isn’t the Same as Cybersecurity Readiness February 5, 2026
Cybersecurity spend is projected to reach $183 billion by 2028, but that growth masks a dangerous misconception. Many midmarket organizations equate rising IT budgets with improved security, assuming that broad spending on technology automatically translates to better protection. However, this is creating a widening gap between what companies perceive and their actual security readiness. IT […]
Michael Gray
Microsoft: Python-Powered Infostealers Are Now Targeting macOS at Scale February 5, 2026
Microsoft has warned that information-stealing attacks are rapidly expanding beyond Windows to target Apple macOS environments using cross-platform languages such as Python. The software giant’s Defender Security Research Team has observed macOS-targeted infostealer campaigns using social engineering techniques like ClickFix since late 2025 to distribute disk image (DMG) installers that deploy stealer malware families like Atomic macOS Stealer (AMOS), MacSync, and DigitStealer. The […]
Kirsten Doyle
Forescout’s 2025 Threat Roundup: 84% OT Surge Signals Expanding Cyber Chaos February 5, 2026
In 2025, attackers didn’t only target traditional areas of vulnerability; they went after those with the least defense and the most rapid change. These include new AI technologies, web applications, and operational technology (OT) for industries such as healthcare, manufacturing, energy, government, and finance. In fact, attacks against OT protocol rose by a whopping 84% with Modbus, Ethernet/IP, and BACnet at the forefront. IoT exploits increased to 19%, hitting cameras and […]
Kirsten Doyle
Notepad++ Update Hijacked in Six-Month, State-Linked Supply-Chain Attack February 3, 2026
Attackers have hijacked the update mechanism of Notepad++, one of the world’s most popular open-source text editors, delivering malware to targeted users over a period of six months. In an advisory, developer Don Ho discussed how bad actors weaponized his two-decade-old project between June and December last year. An update, said: “Multiple independent security researchers have assessed that the threat actor is likely a Chinese state-sponsored group, which would explain […]
Kirsten Doyle
Attackers allege 1.4TB data breach at Iron Mountain February 3, 2026
The Everest ransomware group has claimed responsibility for the breach against the global information management and storage firm Iron Mountain, stating that it stole approximately 1.4 terabytes of the firm’s internal and customer data. The claims were made through the group’s posts on the dark web forums. The images provided by the attackers reveal that the names of several […]
Kirsten Doyle
Equipping Defenders: The Strategic Value of Adversary Infrastructure Intelligence February 3, 2026
In the world of cybersecurity, understanding adversary infrastructure is critical for defenders and researchers tracking adversary operations. We use the term “adversary infrastructure” to refer to any infrastructure that is established by or commandeered by adversaries to support their operations. This includes command and control (C2) servers, open web directories hosting malicious files, and residential […]
Emily Austin
Balancing Identity and Data Security in 2026: Why a Two-Pillar Strategy Matters February 2, 2026
Security teams entering 2026 face a familiar truth dressed in new clothes. The technologies change, the tools get smarter, but most compromises still trace back to two core areas of any organization: identity and data. Securing them with separate programs is an invitation to gaps and blind spots. Treating them as the two columns that […]
Dirk Schrader
Data Privacy Week 2026: Why Good Intentions Are No Longer Enough January 30, 2026
It’s Data Privacy Week, the annual international awareness initiative from the National Cybersecurity Alliance (NCA) aimed at empowering individuals and businesses to value individual privacy, safeguard data, and build trust. “Your online activities generate a treasure trove of data – from your interests to your purchases, as well as your online behaviors, and it is collected by websites, apps, […]
Kirsten Doyle
Sextortion and the Psychology of Fear: How Scammers Are Targeting Teenagers January 28, 2026
Sextortion is a form of extortion or blackmail in which a criminals threaten to share private or intimate information or images unless a victim gives them money. Criminals can get hold of these images by compromising credentials or coercing someone into sending the images or create deepfakes (i.e., images created with the help of AI) […]
Martina Dove

Category: Blog

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

When Cloud Outages Ripple Across the Internet

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

[email protected]