Blog – Page 52 – VigilantAI

May 15, 2025
No Comments

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

May 15, 2025
No Comments

5 BCDR Essentials for Effective Ransomware Defense

May 15, 2025
No Comments

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

May 14, 2025
No Comments

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

May 14, 2025
No Comments

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

May 14, 2025
No Comments

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering

May 14, 2025
No Comments

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

May 14, 2025
No Comments

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

May 14, 2025
No Comments

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

May 14, 2025
No Comments

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

Whistleblower Claims DOGE Put Critical Social Security Data at Risk August 28, 2025
A whistleblower says the government put every American’s Social Security record at risk. Charles Borges, Chief Data Officer at the Social Security Administration, filed the complaint. He describes a “live copy of the country’s Social Security information in a cloud environment that circumvents oversight.” The file is the Numident database. It holds names, birth dates, […]
Kirsten Doyle
Widespread Salesforce Data Theft Exploits Salesloft Drift Integration August 28, 2025
A major data theft campaign has hit corporate Salesforce instances. The actor, tracked as UNC6395, leveraged compromised OAuth tokens from the Salesloft Drift application to pull data. The attacks ran from August 8 through at least August 18. Google Threat Intelligence Group (GTIG) says the campaign moved at scale. Data was exported by the bucketful. […]
Kirsten Doyle
What JPMorgan gets right about AI security — and why storage must catch up August 27, 2025
JPMorgan’s open letter to technology vendors isn’t just another security advisory — it’s a watershed moment for enterprise AI adoption. When the world’s largest bank publicly demands that providers “urgently reprioritize security,” it signals a fundamental shift in how businesses will evaluate AI systems going forward. Though the message was originally aimed at SaaS providers, […]
Giorgio Regni
Critical Docker Desktop Flaw Exposes Host Systems to Malicious Containers August 27, 2025
Containers are supposed to isolate and keep things in their lane. But a new vulnerability proves that line is fragile. CVE-2025-9074 affects Docker Desktop on Windows and macOS. A malicious container can reach the Docker Engine, launch other containers, mount the host filesystem, and escalate privileges to admin. The score is 9.3. It is critical. […]
Kirsten Doyle
New ZipLine Campaign Exploits Contact Forms to Target US Supply Chains August 27, 2025
Bad actors are patient. They know trust takes time. With ZipLine, they have turned patience into a weapon. Check Point Research has uncovered a campaign aimed at U.S. manufacturers and supply-chain critical industries. The trick is simple, yet unusual. The attacker does not send the first email. Instead, they use the target’s own “Contact Us” […]
Kirsten Doyle
Farmers Insurance Breach Exposing 1.1 Million Customers August 27, 2025
Farmers Insurance has confirmed a breach affecting more than 1.07 million customers nationwide. The intrusion traces to a third-party vendor and links to a broader wave of attacks targeting Salesforce environments. Google, Cisco, Adidas, Qantas, and Allianz have also fallen victim. The breach began on 29 May. Farmers’ notification explains: “One of Farmers’ third-party vendors […]
Kirsten Doyle
Fortinet Uncovers Phishing Campaign Targeting Companies via UpCrypter August 27, 2025
Researchers recently uncovered a worldwide phishing scam that leverages highly convincing phishing emails to deliver a malware dropper called UpCrypter. According to Fortinet FortiGuard Labs, the detection count has doubled within a timespan of two weeks; an alarming rate of growth. Researcher Cara Lin observed, “This is not just about stealing email logins, but is […]
Katrina Thompson
AI and Supply Chain Transparency Redefine Embedded Software Security in 2025 August 27, 2025
The embedded software world is undergoing one of its most profound shifts in decades, according to Black Duck’s State of Embedded Software Quality and Safety 2025 report. The global survey of 785 developers, managers, and security professionals reveals the two major forces reshaping the industry: the rapid adoption of AI for development, and the growing […]
Josh Breaker Rolfe
Malicious Go Module Sends Stolen SSH Credentials to Telegram August 26, 2025
A Go package disguised as an SSH brute forcer has been caught stealing credentials and sending them straight to a Telegram bot controlled by a Russian-speaking threat actor. Socket’s Threat Research Team found the package, called golang-random-ip-ssh-bruteforce, still live on GitHub and the Go Module registry. It claims to be a “fast” SSH brute forcer. […]
Kirsten Doyle
The Technologies Redefining UK, European, and NATO Defence August 26, 2025
The United Kingdom is sharpening its defence posture. Five technologies stand at the heart of this effort. While the industry’s heavyweights continue to supply capability, fresh value lies with early to mid-stage firms. These smaller players, often led by veterans and security professionals, move fast. They innovate, adapt, and bring new answers to complex military […]
Kirsten Doyle

Category: Blog

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

5 BCDR Essentials for Effective Ransomware Defense

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

[email protected]