Blog – Page 5 – VigilantAI

January 30, 2026
No Comments

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

January 30, 2026
No Comments

Badges, Bytes and Blackmail

January 30, 2026
No Comments

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

January 30, 2026
No Comments

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

January 30, 2026
No Comments

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

January 29, 2026
No Comments

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

January 29, 2026
No Comments

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

January 29, 2026
No Comments

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

January 29, 2026
No Comments

3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

January 29, 2026
No Comments

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

The Winter Olympics Are Back, and So Are Attackers February 6, 2026
The Olympics have traditionally been a major attack vector for cyber disruption, espionage, and financially motivated attacks. The 2018 Winter Olympic Games in PyeongChang saw the Olympic Destroyer malware used to disrupt Wi-Fi, ticket, and venue systems during the opening ceremony of the games. During the Paris 2024 event, there was an increase in scanning, […]
Kirsten Doyle
Rethinking the Security Estate: Why IT Spend Isn’t the Same as Cybersecurity Readiness February 5, 2026
Cybersecurity spend is projected to reach $183 billion by 2028, but that growth masks a dangerous misconception. Many midmarket organizations equate rising IT budgets with improved security, assuming that broad spending on technology automatically translates to better protection. However, this is creating a widening gap between what companies perceive and their actual security readiness. IT […]
Michael Gray
Microsoft: Python-Powered Infostealers Are Now Targeting macOS at Scale February 5, 2026
Microsoft has warned that information-stealing attacks are rapidly expanding beyond Windows to target Apple macOS environments using cross-platform languages such as Python. The software giant’s Defender Security Research Team has observed macOS-targeted infostealer campaigns using social engineering techniques like ClickFix since late 2025 to distribute disk image (DMG) installers that deploy stealer malware families like Atomic macOS Stealer (AMOS), MacSync, and DigitStealer. The […]
Kirsten Doyle
Forescout’s 2025 Threat Roundup: 84% OT Surge Signals Expanding Cyber Chaos February 5, 2026
In 2025, attackers didn’t only target traditional areas of vulnerability; they went after those with the least defense and the most rapid change. These include new AI technologies, web applications, and operational technology (OT) for industries such as healthcare, manufacturing, energy, government, and finance. In fact, attacks against OT protocol rose by a whopping 84% with Modbus, Ethernet/IP, and BACnet at the forefront. IoT exploits increased to 19%, hitting cameras and […]
Kirsten Doyle
Notepad++ Update Hijacked in Six-Month, State-Linked Supply-Chain Attack February 3, 2026
Attackers have hijacked the update mechanism of Notepad++, one of the world’s most popular open-source text editors, delivering malware to targeted users over a period of six months. In an advisory, developer Don Ho discussed how bad actors weaponized his two-decade-old project between June and December last year. An update, said: “Multiple independent security researchers have assessed that the threat actor is likely a Chinese state-sponsored group, which would explain […]
Kirsten Doyle
Attackers allege 1.4TB data breach at Iron Mountain February 3, 2026
The Everest ransomware group has claimed responsibility for the breach against the global information management and storage firm Iron Mountain, stating that it stole approximately 1.4 terabytes of the firm’s internal and customer data. The claims were made through the group’s posts on the dark web forums. The images provided by the attackers reveal that the names of several […]
Kirsten Doyle
Equipping Defenders: The Strategic Value of Adversary Infrastructure Intelligence February 3, 2026
In the world of cybersecurity, understanding adversary infrastructure is critical for defenders and researchers tracking adversary operations. We use the term “adversary infrastructure” to refer to any infrastructure that is established by or commandeered by adversaries to support their operations. This includes command and control (C2) servers, open web directories hosting malicious files, and residential […]
Emily Austin
Balancing Identity and Data Security in 2026: Why a Two-Pillar Strategy Matters February 2, 2026
Security teams entering 2026 face a familiar truth dressed in new clothes. The technologies change, the tools get smarter, but most compromises still trace back to two core areas of any organization: identity and data. Securing them with separate programs is an invitation to gaps and blind spots. Treating them as the two columns that […]
Dirk Schrader
Data Privacy Week 2026: Why Good Intentions Are No Longer Enough January 30, 2026
It’s Data Privacy Week, the annual international awareness initiative from the National Cybersecurity Alliance (NCA) aimed at empowering individuals and businesses to value individual privacy, safeguard data, and build trust. “Your online activities generate a treasure trove of data – from your interests to your purchases, as well as your online behaviors, and it is collected by websites, apps, […]
Kirsten Doyle
Sextortion and the Psychology of Fear: How Scammers Are Targeting Teenagers January 28, 2026
Sextortion is a form of extortion or blackmail in which a criminals threaten to share private or intimate information or images unless a victim gives them money. Criminals can get hold of these images by compromising credentials or coercing someone into sending the images or create deepfakes (i.e., images created with the help of AI) […]
Martina Dove

Category: Blog

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Badges, Bytes and Blackmail

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

[email protected]