Blog – Page 49 – VigilantAI

May 21, 2025
No Comments

Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims

May 21, 2025
No Comments

Securing CI/CD workflows with Wazuh

May 21, 2025
No Comments

How to Detect Phishing Attacks Faster: Tycoon2FA Example

May 21, 2025
No Comments

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

May 21, 2025
No Comments

Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager

May 20, 2025
No Comments

Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery

May 20, 2025
No Comments

100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

May 20, 2025
No Comments

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

May 20, 2025
No Comments

South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware

May 20, 2025
No Comments

The Crowded Battle: Key Insights from the 2025 State of Pentesting Report

Whistleblower Claims DOGE Put Critical Social Security Data at Risk August 28, 2025
A whistleblower says the government put every American’s Social Security record at risk. Charles Borges, Chief Data Officer at the Social Security Administration, filed the complaint. He describes a “live copy of the country’s Social Security information in a cloud environment that circumvents oversight.” The file is the Numident database. It holds names, birth dates, […]
Kirsten Doyle
Widespread Salesforce Data Theft Exploits Salesloft Drift Integration August 28, 2025
A major data theft campaign has hit corporate Salesforce instances. The actor, tracked as UNC6395, leveraged compromised OAuth tokens from the Salesloft Drift application to pull data. The attacks ran from August 8 through at least August 18. Google Threat Intelligence Group (GTIG) says the campaign moved at scale. Data was exported by the bucketful. […]
Kirsten Doyle
What JPMorgan gets right about AI security — and why storage must catch up August 27, 2025
JPMorgan’s open letter to technology vendors isn’t just another security advisory — it’s a watershed moment for enterprise AI adoption. When the world’s largest bank publicly demands that providers “urgently reprioritize security,” it signals a fundamental shift in how businesses will evaluate AI systems going forward. Though the message was originally aimed at SaaS providers, […]
Giorgio Regni
Critical Docker Desktop Flaw Exposes Host Systems to Malicious Containers August 27, 2025
Containers are supposed to isolate and keep things in their lane. But a new vulnerability proves that line is fragile. CVE-2025-9074 affects Docker Desktop on Windows and macOS. A malicious container can reach the Docker Engine, launch other containers, mount the host filesystem, and escalate privileges to admin. The score is 9.3. It is critical. […]
Kirsten Doyle
New ZipLine Campaign Exploits Contact Forms to Target US Supply Chains August 27, 2025
Bad actors are patient. They know trust takes time. With ZipLine, they have turned patience into a weapon. Check Point Research has uncovered a campaign aimed at U.S. manufacturers and supply-chain critical industries. The trick is simple, yet unusual. The attacker does not send the first email. Instead, they use the target’s own “Contact Us” […]
Kirsten Doyle
Farmers Insurance Breach Exposing 1.1 Million Customers August 27, 2025
Farmers Insurance has confirmed a breach affecting more than 1.07 million customers nationwide. The intrusion traces to a third-party vendor and links to a broader wave of attacks targeting Salesforce environments. Google, Cisco, Adidas, Qantas, and Allianz have also fallen victim. The breach began on 29 May. Farmers’ notification explains: “One of Farmers’ third-party vendors […]
Kirsten Doyle
Fortinet Uncovers Phishing Campaign Targeting Companies via UpCrypter August 27, 2025
Researchers recently uncovered a worldwide phishing scam that leverages highly convincing phishing emails to deliver a malware dropper called UpCrypter. According to Fortinet FortiGuard Labs, the detection count has doubled within a timespan of two weeks; an alarming rate of growth. Researcher Cara Lin observed, “This is not just about stealing email logins, but is […]
Katrina Thompson
AI and Supply Chain Transparency Redefine Embedded Software Security in 2025 August 27, 2025
The embedded software world is undergoing one of its most profound shifts in decades, according to Black Duck’s State of Embedded Software Quality and Safety 2025 report. The global survey of 785 developers, managers, and security professionals reveals the two major forces reshaping the industry: the rapid adoption of AI for development, and the growing […]
Josh Breaker Rolfe
Malicious Go Module Sends Stolen SSH Credentials to Telegram August 26, 2025
A Go package disguised as an SSH brute forcer has been caught stealing credentials and sending them straight to a Telegram bot controlled by a Russian-speaking threat actor. Socket’s Threat Research Team found the package, called golang-random-ip-ssh-bruteforce, still live on GitHub and the Go Module registry. It claims to be a “fast” SSH brute forcer. […]
Kirsten Doyle
The Technologies Redefining UK, European, and NATO Defence August 26, 2025
The United Kingdom is sharpening its defence posture. Five technologies stand at the heart of this effort. While the industry’s heavyweights continue to supply capability, fresh value lies with early to mid-stage firms. These smaller players, often led by veterans and security professionals, move fast. They innovate, adapt, and bring new answers to complex military […]
Kirsten Doyle

Category: Blog

Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims

Securing CI/CD workflows with Wazuh

How to Detect Phishing Attacks Faster: Tycoon2FA Example

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager

Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery

100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware

The Crowded Battle: Key Insights from the 2025 State of Pentesting Report

[email protected]