Cybersecurity News - Noticias de Ciberseguridad

Latest News

How Trust Centers and AI are replacing security questionnaires and accelerating B2B sales

Something strange happens in the final weeks of a sales quarter. No matter how aligned the stakeholders are, it often takes just one email to derail a...

2025-09-06 - Security Boulevard

VirusTotal finds hidden malware phishing campaign in SVG files

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver...

2025-09-06 - BleepingComputer

How to Pick the Right Authentication Solution for Your Growing Startup

Compare top authentication providers for growing startups. Learn which auth solution saves money, time, and improves user experience for 40k+ users. T...

2025-09-06 - Security Boulevard

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenam...

2025-09-06 - The Hacker News

BSidesSF 2025: Slaying The Dragons: A Security Professional’s Guide To Malicious Packages

Creator, Author and Presenter: Kirill Boychenko Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for ...

2025-09-06 - Security Boulevard

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secr...

2025-09-06 - BleepingComputer

Qantas cuts executive bonuses by 15% after a July data breach

Qantas cuts executive bonuses by 15% after a July cyberattack exposed data of 5.7M people, despite reporting $1.5B profit last fiscal year. Qantas cut...

2025-09-06 - Security Affairs

MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel

MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response. Background: Modern adver...

2025-09-06 - Security Affairs

Securing AI Models Against Adversarial Attacks in Financial Applications

The rapid adoption of artificial intelligence (AI) agents across industries has brought significant benefits but also increased exposure to cyber thre...

2025-09-06 - Security Boulevard

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials fro...

2025-09-06 - The Hacker News

GOP Cries Censorship Over Spam Filters That Work

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Repu...

2025-09-06 - Krebs on Security

6 Best Practices for CMMC Physical Security Control

The first C in CMMC stands for cybersecurity, so it makes sense that the vast majority of content and information about it (both here and elsewhere on...

2025-09-06 - Security Boulevard

How Has IoT Security Changed Over the Past 5 Years?

Experts agree there have been subtle improvements, with new laws and applied best practices, but there is still a long way to go.

2025-09-05 - Dark Reading

Critical SAP S/4HANA Vulnerability Under Attack, Patch Now

Exploitation of CVE-2025-42957 requires "minimal effort" and can result in a complete compromise of the SAP system and host OS, according to...

2025-09-05 - Dark Reading

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software. A critical command injectio...

2025-09-05 - Security Affairs

Anyone Using Agentic AI Needs to Understand Toxic Flows

The biggest vulnerabilities may lie at the boundaries of where the AI agent connects with the enterprise system.

2025-09-05 - Dark Reading

Microsoft now enforces MFA on Azure Portal sign-ins for all tenants

Microsoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. [...]

2025-09-05 - BleepingComputer

Secretive MaaS Group 'TAG-150' Develops Novel 'CastleRAT'

TAG-150 is running a multifaceted and relatively successful malware-as-a-service operation, without advertising itself on the Dark Web.

2025-09-05 - Dark Reading

Nexar dashcam video database hacked

A hacker cracked into a database of video recordings taken from Nexar-branded cameras, which are built to be placed drivers’ cars,...

2025-09-05 - Malwarebytes Labs

EU fines Google $3.5 billion for anti-competitive ad practices

The European Commission has fined Google €2.95 billion ($3.5 billion) for abusing its dominance in the digital advertising technology market and favor...

2025-09-05 - BleepingComputer

NYU team behind AI-powered malware dubbed ‘PromptLock’

Researchers at NYU’s Tandon School of Engineering confirmed they created the code as part of a project to illustrate potential harms of AI-powered mal...

2025-09-05 - CyberScoop

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery ...

2025-09-05 - The Hacker News

Scammers Are Using Grok to Spread Malicious Links on X

It's called "grokking," and gives spammers a way to skirt X's ban on links in promoted posts and reach larger audiences than ever before.

2025-09-05 - Dark Reading

Financial services firm Wealthsimple discloses data breach

Wealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undis...

2025-09-05 - BleepingComputer

Bridgestone Confirms "Limited Cyber Incident" Impacting Facilities in North America

Bridgestone Americas confirmed the incident but has not detailed the scope of the attack

2025-09-05 - Infosecurity Magazine

How to Close the AI Governance Gap in Software Development

Widespread adoption of AI coding tools accelerates development—but also introduces critical vulnerabilities that demand stronger governance and oversi...

2025-09-05 - SecurityWeek

Azure mandatory multifactor authentication: Phase 2 starting in October 2025

Microsoft Azure is announcing the start of Phase 2 multi-factor authentication enforcement at the Azure Resource Manager layer, starting October 1, 20...

2025-09-05 - Microsoft Security Blog

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as Ca...

2025-09-05 - The Hacker News

South Carolina School District Data Breach Affects 31,000 People

An investigation has revealed that files were stolen in a data breach affecting a South Carolina school district

2025-09-05 - Infosecurity Magazine

Hacker nutzen gravierende Schwachstelle bei SAP S/4HANA aus

Ein Exploit für die Schwachstelle wurde bereits in freier Wildbahn beobachtet.Nitpicker / Shutterstock Vergangenen Monat hat SAP einen Patch für S/...

2025-09-05 - CSO Online

Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool

Called A2, the framework mimics human analysis to identify vulnerabilities in Android applications and then validates them. The post Academics Build A...

2025-09-05 - SecurityWeek

You should be aware of these latest social engineering trends

Instead of relying on advanced tools or complex scripts, experienced attackers penetrate systems and steal data using the most effective weapon of all...

2025-09-05 - CSO Online

FireCompass Raises $20 Million for Offensive Security Platform

The AI-powered automated penetration testing firm will invest the new funds in R&D, team expansion, and global scale. The post FireCompass Raises...

2025-09-05 - SecurityWeek

In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked

Noteworthy stories that might have slipped under the radar: Google fined €325 million, City of Baltimore sent $1.5 million to scammer, Bridgestone tar...

2025-09-05 - SecurityWeek

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)

A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited ext...

2025-09-05 - Help Net Security

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog. T...

2025-09-05 - Security Affairs

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security

Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions...

2025-09-05 - Infosecurity Magazine

Stealthy attack serves poisoned web pages only to AI agents

AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Sha...

2025-09-05 - Help Net Security

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wil...

2025-09-05 - The Hacker News

North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks

The hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure. The post North Korean Hackers Targ...

2025-09-05 - SecurityWeek

SVG files used in hidden malware campaign impersonating Colombian authorities

VirusTotal uncovered an undetected malware campaign using SVG files that impersonated the Colombian justice system. VirusTotal researchers uncovered a...

2025-09-05 - Security Affairs

DigitalOcean adds Single Sign-On to help businesses centralize user access

DigitalOcean has announced support for Single Sign-On. This integration is designed to provide digital native businesses with secure authentication to...

2025-09-05 - Help Net Security

Massiver Anstieg bei Hackerangriffen auf deutschen Bildungssektor

srcset="https://b2b-contenthub.com/wp-content/uploads/2025/09/shutterstock_2626144453.jpg?quality=50&strip=all 7680w, https://b2b-contenthub.com/w...

2025-09-05 - CSO Online

Hirsch Velocity 3.9 turns security into business value

Hirsch released Velocity 3.9, the latest advancement in its security management platform. Purpose-built for organizations that demand trust, complianc...

2025-09-05 - Help Net Security

US and 14 Allies Release Joint Guidance on Software Bill of Materials

The joint guidance is a welcome first step towards a common, global adoption of SBOMs, experts argued

2025-09-05 - Infosecurity Magazine

61% of US Companies Hit by Insider Data Breaches

The OPSWAT report found that insider breaches cost impacted firms $2.7m on average due to factors such as regulatory fines and diminished productivity

2025-09-05 - Infosecurity Magazine

Sendmarc appoints Rob Bowker as North American Region Lead

Veteran email security leader to expand MSP and VAR partnerships and accelerate DMARC adoption. Sendmarc today announced the appointment of Rob Bo...

2025-09-05 - CSO Online

Lack of board access: The No. 1 factor for CISO dissatisfaction

Cybersecurity leaders agree that they must engage with the board at their organizations to do their jobs. In reality, board engagement lags, and that ...

2025-09-05 - CSO Online

September 2025 Patch Tuesday forecast: The CVE matrix

We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in so...

2025-09-05 - Help Net Security

AI can help track an ever-growing body of vulnerabilities, CISA official says

Artificial intelligence was a recurring theme among federal leaders who spoke at a GDIT event held Thursday. The post AI can help track an ever-growin...

2025-09-04 - CyberScoop

Sitecore zero-day vulnerability springs up from exposed machine key

The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor c...

2025-09-04 - CyberScoop

Roblox introduces age checks to use communication features

Roblox announced plans to roll out age estimation for using the communication features on the platform to help fight sexual predators.

2025-09-04 - Malwarebytes Labs

Give your PC a fresh start: New free tools to boost your PC’s speed, security, and peace of mind

Today we're launching Malwarebytes Tools, a new set of free features designed to give your Windows PC a breath of fresh air.

2025-09-04 - Malwarebytes Labs

TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts

The Quad7 botnet is adding End-of-Life TP-Link routers to its arsenal and using them to steal Microsoft 365 accounts.

2025-09-04 - Malwarebytes Labs

Popular Android VPN apps found to have security flaws and China links

A recent report has revealed that many VPNs might allow others to sniff your data—and they're not being honest about who's behind them.

2025-09-04 - Malwarebytes Labs

Streameast, world’s largest pirated live sports network, shut down by Egyptian authorities

An antipiracy coalition of entertainment companies applauded the takedown. The network’s two operators were arrested at their residences in Egypt. The...

2025-09-03 - CyberScoop

Cato Networks acquires AI security startup Aim Security

Cato's move comes as the company also extended its Series G funding round with an additional $50 million from Acrew Capital. The post Cato Networks ac...

2025-09-03 - CyberScoop

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer inte...

2025-09-01 - Krebs on Security

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credit...

2025-08-28 - Krebs on Security

Storm-0501’s evolving techniques lead to cloud-based ransomware

Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, ...

2025-08-27 - Microsoft Security Blog

Microsoft ranked number one in modern endpoint security market share third year in a row

For a third year a row, Microsoft has been named the number one leader for endpoint security market share, as featured in a new IDC report. The post M...

2025-08-27 - Microsoft Security Blog

Securing and governing the rise of autonomous agents

Hear directly from Corporate Vice President and Deputy Chief Information Security Officer (CISO) for Identity, Igor Sakhnov, about how to secure and g...

2025-08-26 - Microsoft Security Blog

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clear...

2025-08-26 - Krebs on Security

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily....

2025-08-21 - Microsoft Security Blog

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

A 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, ...

2025-08-21 - Krebs on Security

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

2022-08-31 - Threatpost

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

2022-08-30 - Threatpost

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

2022-08-29 - Threatpost

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

2022-08-26 - Threatpost

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

2022-08-25 - Threatpost

Noticias en Español

Google corrige 120 vulnerabilidades, incluidas dos vulnerabilidades de día cero bajo ataque.

Google ha publicado actualizaciones de seguridad para abordar 120 vulnerabilidades de seguridad en su sistema operativo Android como parte de ...

2025-09-06 - Segu-Info

Detectados paquetes npm maliciosos que roban claves de wallets Ethereum

Cuatro paquetes maliciosos detectados en npm fingen ser utilidades legítimas para desarrolladores de Ethereum, pero en realidad están diseñados para r...

2025-09-06 - Una al Día

Una Campaña de Smishing con SMS Spoofing usando a la Dirección General de Tráfico con la Operación Salida de Libro

La semana pasada me llegó a mi número de teléfono personal un ataque de Smishing para capturar mis datos personales y, por supuesto, mi tarjeta de cré...

2025-09-06 - El Lado del Mal

Cómo prepararse para el fin de soporte de Windows 10

El 14 de octubre Microsoft dejará de brindar soporte oficial para Windows 10. Conoce qué opciones tienes para que tus equipos no queden expuestos y vu...

2025-09-05 - WeLiveSecurity

Detectar fugas de datos antes de un desastre

En enero de 2025, expertos en ciberseguridad de Wiz Research descubrieron que DeepSeek, especialista chino en inteligencia artificial, había sufrido u...

2025-09-05 - Segu-Info

Módulo de Entrevistas en MyPublicInbox: Recibir peticiones y solicitar entrevistas

El proyecto de MyPublicInbox no deja de crecer, y este año estamos incluyendo nuevos módulos para dar a los Perfiles Públicos más herramientas para ge...

2025-09-05 - El Lado del Mal

De cero a root: cómo dos vulnerabilidades críticas exponen los sistemas QNAP

QNAP, la empresa taiwanesa especializada en diseño y fabricación de dispositivos de almacenamiento conectado en red (NAS) y soluciones asociadas, se v...

2025-09-05 - Una al Día

Cuando el XML se convierte en Dropper: una técnica inédita que apunta a Colombia

El equipo de ESET detectó campañas en Colombia que usan archivos SVG para distribuir malware sin conexión externa y simular procesos legítimos.

2025-09-04 - WeLiveSecurity

Tus datos se están fugando a través del uso de IA ¿Por qué es importante la visibilidad de la red?

Las plataformas de IA generativa como ChatGPT, Gemini, Copilot y Claude son cada vez más comunes en las organizaciones. Si bien estas soluciones mej...

2025-09-04 - Segu-Info

GhostRedirector envenena servidores Windows para manipular resultados SEO en Google

El equipo de investigación de ESET identificó una amenaza que instala un backdoor pasivo en C++ y un módulo IIS malicioso para posicionar sitios fraud...

2025-09-04 - WeLiveSecurity

Alerta crítica: vulnerabilidad zero-day en Sitecore permite RCE por malas prácticas de configuración

Analistas de Mandiant han detectado la explotación activa de una vulnerabilidad crítica (CVE-2025-53690) en Sitecore, permitiendo ejecución remota de ...

2025-09-04 - Una al Día

Las URLs maliciosas dominan el panorama de las ciberamenazas

Las URLs maliciosas están creciendo a un ritmo exponencial para convertirse en uno de los principales vectores de ataque, según revela el segundo in...

2025-09-04 - Segu-Info

Photaka Link: De “¿Me pasas la foto por WhatsApp?” a “Ya la tengo en el móvil”

Cuando usas una cámara de fotos profesional o casi-profesional, hay escenas que todos hemos vivido: estás en una sesión, miras la pantallita de la cám...

2025-09-04 - El Lado del Mal

Sigue la sangría de ataques a Sales Force y a su cadena de suministro

Cloudflare es la última empresa afectada por una serie de brechas de seguridad de Salesloft Drift, parte de un ataque a la cadena de suministro reve...

2025-09-03 - Segu-Info

CISA declara la guerra a los fallos de seguridad en TP-Link y WhatsApp

La Agencia de Ciberseguridad e Infraestructura de Estados Unidos (CISA) ha actualizado su catálogo de vulnerabilidades explotadas conocidas (KEV) para...

2025-09-03 - Una al Día

Números Primos en sucesión: Un Viaje desde una Nueva Coordenada hasta los Límites del Cómputo buscando el nuevo Primo de Mersenne

¿Y si pudiéramos organizar los números primos, esos rebeldes e impredecibles ladrillos del universo matemático, en una línea ordenada? ¿Qué patrones o...

2025-09-03 - El Lado del Mal

CISA advierte sobre el crecimiento del ransomware Interlock

Este grupo tomó gran notoriedad debido al empleo de ClickFix, una nueva técnica de ingeniería social. Conoce sus características y de qué manera puede...

2025-09-02 - WeLiveSecurity

Qilin ransomware filtra 147 GB de datos de PathoQuest tras ataque a la biotecnológica

La biotecnológica PathoQuest ha sufrido una filtración de 147 GB de datos tras un ataque de ransomware orquestado por el grupo Qilin, cuyo método incl...

2025-09-02 - Una al Día

EducaGPT: Plataforma de educación para niños y niñas usando Inteligencia Artificial

Hola, soy Daniel Atik, emprendedor español que vive en Chile desde hace casi 20 años y, ante todo, papá de Laia. Muchas de las ideas que han marcado m...

2025-09-02 - El Lado del Mal

¿Qué es un executor de Roblox y por qué puede ser peligroso?

La popular plataforma cuenta con programas que despiertan un interés creciente, pero también pueden exponer a riesgos reales y consecuencias no desead...

2025-08-29 - WeLiveSecurity

vCenterHound: mapeando VMware vCenter en BloodHound

En entornos corporativos, VMware vCenter suele ser un punto crítico: centraliza la gestión de clusters, ESXi, VMs, datastores, redes y, por supuesto, ...

2025-08-28 - Hackplayers

MadeYouReset (CVE-2025-8671) el DoS ninja que obliga a tu servidor a hacerse el hara-kiri

Hermanos y hermanas del código, hoy traigo algo que parece sacado de una novela de ciencia ficción: tu propio servidor colapsando por su propia culpa ...

2025-08-18 - Hackplayers

Entendiendo BACnet: presente y futuro del protocolo en entornos industriales

Entendiendo BACnet: presente y futuro del protocolo en entornos industriales Autor INCIBE (INCIBE) Jue, 14/08/2025 - ...

2025-08-14 - INCIBE-CERT

Simulación reto OPC UA (Defcon 31)

Recientemente leía un post en X en el que anunciaba la resolución del CTF ICS de la #Defcon33, una impresionante simulación de un aeropuerto:✈️ Airpor...

2025-08-11 - Hackplayers

Fallos en CyberArk y HashiCorp permiten el acceso remoto a vaults sin credenciales

En agosto de 2025, sobre el escenario de Black Hat USA, la firma de investigación Cyata presentó una investigación bautizada como Vault Fault. Detrás ...

2025-08-09 - Hackplayers

CVE-2025-53786 – Anatomía de una escalada de privilegios silenciosa en entornos híbridos de Microsoft Exchange

Superficialmente, CVE-2025-53786 podría parecer “solo” otra vulnerabilidad de elevación de privilegios en Microsoft Exchange. Sin embargo, su verdader...

2025-08-07 - Hackplayers

Cuando el eslabón débil tiene nombre y apellidos

Vivimos en pleno 2025, en una época donde la seguridad perimetral ya no se define por muros, sino por microsegmentación, autenticación adaptativa y an...

2025-07-21 - Flu Project

Ataques DDoS: técnicas y mitigación en infraestructuras empresariales

Ataques DDoS: técnicas y mitigación en infraestructuras empresariales Autor INCIBE (INCIBE) Mar, 15/07/2025 - 10:31 ...

2025-07-15 - INCIBE-CERT

La brecha olvidada: ¿Tu seguridad física está en riesgo?

Hoy en día, cuando se habla de seguridad empresarial, la conversación gira siempre en torno a lo mismo: firewalls, ciberataques, contraseñas seguras, ...

2025-07-14 - Flu Project

(1/3) - Situación actual del DDoS: evolución, tendencias, impacto y estrategias de respuesta

Esta es la primera de tres publicaciones en las que analizaremos cómo han evolucionado estas amenazas y cómo impactan en las estrategias modernas de c...

2025-07-07 - Flu Project

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

2025-07-01 - BlogThinkBig

Normativas y estándares para el ámbito forense digital (III de III)

Hoy se dará finalización a esta cadena de artículos analizando las últimas normas UNE relacionadas y tratando las diferentes leyes de aplicación.https...

2025-06-30 - Flu Project

Normativas y estándares para el ámbito forense digital (II de III)

Hoy se dará continuidad a la cadena Normativas y estándares para el ámbito forense digital, que dio comienzo el pasado lunes con su primera edici...

2025-06-23 - Flu Project

Inyección NoSQL: Cómo una entrada maliciosa puede comprometer tu aplicación

Inyección NoSQL: Cómo una entrada maliciosa puede comprometer tu aplicación Autor INCIBE (INCIBE) Vie, 20/06/2025 - 1...

2025-06-20 - INCIBE-CERT

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

2025-06-17 - BlogThinkBig

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

2025-06-13 - BlogThinkBig

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

2025-06-12 - BlogThinkBig

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

2025-06-06 - BlogThinkBig

Acceso inicial no autorizado a equipos SCI - Parte 2

Acceso inicial no autorizado a equipos SCI - Parte 2 Autor INCIBE (INCIBE) Vie, 16/05/2025 - 10:45 ...

2025-05-16 - INCIBE-CERT

Acceso inicial no autorizado a equipos SCI - Parte 1

Acceso inicial no autorizado a equipos SCI - Parte 1 Autor INCIBE (INCIBE) Jue, 24/04/2025 - 10:54 ...

2025-04-24 - INCIBE-CERT

Cybersecurity News - Noticias de Ciberseguridad

Latest News

How Trust Centers and AI are replacing security questionnaires and accelerating B2B sales

VirusTotal finds hidden malware phishing campaign in SVG files

How to Pick the Right Authentication Solution for Your Growing Startup

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

BSidesSF 2025: Slaying The Dragons: A Security Professional’s Guide To Malicious Packages

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Qantas cuts executive bonuses by 15% after a July data breach

MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Securing AI Models Against Adversarial Attacks in Financial Applications

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

GOP Cries Censorship Over Spam Filters That Work

6 Best Practices for CMMC Physical Security Control

How Has IoT Security Changed Over the Past 5 Years?

Critical SAP S/4HANA Vulnerability Under Attack, Patch Now

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

Anyone Using Agentic AI Needs to Understand Toxic Flows

Microsoft now enforces MFA on Azure Portal sign-ins for all tenants

Secretive MaaS Group 'TAG-150' Develops Novel 'CastleRAT'

Nexar dashcam video database hacked

EU fines Google $3.5 billion for anti-competitive ad practices

NYU team behind AI-powered malware dubbed ‘PromptLock’

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

Scammers Are Using Grok to Spread Malicious Links on X

Financial services firm Wealthsimple discloses data breach

Bridgestone Confirms "Limited Cyber Incident" Impacting Facilities in North America

How to Close the AI Governance Gap in Software Development

Azure mandatory multifactor authentication: Phase 2 starting in October 2025

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

South Carolina School District Data Breach Affects 31,000 People

Hacker nutzen gravierende Schwachstelle bei SAP S/4HANA aus

Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool

You should be aware of these latest social engineering trends

FireCompass Raises $20 Million for Offensive Security Platform

In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security

Stealthy attack serves poisoned web pages only to AI agents

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks

SVG files used in hidden malware campaign impersonating Colombian authorities

DigitalOcean adds Single Sign-On to help businesses centralize user access

Massiver Anstieg bei Hackerangriffen auf deutschen Bildungssektor

Hirsch Velocity 3.9 turns security into business value

US and 14 Allies Release Joint Guidance on Software Bill of Materials

61% of US Companies Hit by Insider Data Breaches

Sendmarc appoints Rob Bowker as North American Region Lead

Lack of board access: The No. 1 factor for CISO dissatisfaction

September 2025 Patch Tuesday forecast: The CVE matrix

AI can help track an ever-growing body of vulnerabilities, CISA official says

Sitecore zero-day vulnerability springs up from exposed machine key

Roblox introduces age checks to use communication features

Give your PC a fresh start: New free tools to boost your PC’s speed, security, and peace of mind

TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts

Popular Android VPN apps found to have security flaws and China links

Streameast, world’s largest pirated live sports network, shut down by Egyptian authorities

Cato Networks acquires AI security startup Aim Security

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Storm-0501’s evolving techniques lead to cloud-based ransomware

Microsoft ranked number one in modern endpoint security market share third year in a row

Securing and governing the rise of autonomous agents​​

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Noticias en Español

Google corrige 120 vulnerabilidades, incluidas dos vulnerabilidades de día cero bajo ataque.

Detectados paquetes npm maliciosos que roban claves de wallets Ethereum

Una Campaña de Smishing con SMS Spoofing usando a la Dirección General de Tráfico con la Operación Salida de Libro

Cómo prepararse para el fin de soporte de Windows 10

Detectar fugas de datos antes de un desastre

Módulo de Entrevistas en MyPublicInbox: Recibir peticiones y solicitar entrevistas

De cero a root: cómo dos vulnerabilidades críticas exponen los sistemas QNAP

Securing and governing the rise of autonomous agents