AHQ-AGENCY Cybersecurity News

Noticias Destacadas

Latest News

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now...

2025-12-06 - BleepingComputer

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

A hacking campaign is targeting GlobalProtect logins and scannig SonicWall APIs since December 2, 2025. A campaign began on December 2 targeting Palo ...

2025-12-06 - Security Affairs

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that c...

2025-12-06 - The Hacker News

New wave of VPN login attempts targets Palo Alto GlobalProtect portals

A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS A...

2025-12-06 - BleepingComputer

Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin...

2025-12-06 - Krebs on Security

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (...

2025-12-06 - The Hacker News

Maximum-severity XXE vulnerability discovered in Apache Tika

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 ca...

2025-12-06 - Security Affairs

Warning: React2Shell vulnerability already being exploited by threat actors

Plugging the React2Shell vulnerability in the open source React server and Next.js in IT environments has just become even more urgent with reports th...

2025-12-05 - CSO Online

Attackers hit React defect as researchers quibble over proof

A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others asser...

2025-12-05 - CyberScoop

China Hackers Using Brickstorm Backdoor to Target Government, IT Entities

Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the on...

2025-12-05 - Security Boulevard

Rust Code Delivers Better Security, Also Streamlines DevOps

Software teams at Google and other Rust adopters see safer code when using the memory-safe language, and also fewer rollbacks and less code review.

2025-12-05 - Dark Reading

Insecure use of Signal app part of wider Department of Defense problem, suggests Senate report

The Signalgate scandal that enveloped US Secretary of Defense Pete Hegseth in March appears to be symptomatic of a wider lax attitude towards the use ...

2025-12-05 - CSO Online

Chinese cyberspies target VMware vSphere for long-term persistence

Chinese state-sponsored threat actors are backdooring VMware vCenter and VMware ESXi servers with a malware program written in Go, allowing them to ma...

2025-12-05 - CSO Online

More evidence your AI agents can be turned against you

Aikido found that AI coding tools from Google, Anthropic, OpenAI and others regularly embed untrusted prompts into software development workflows. The...

2025-12-05 - CyberScoop

India Rolls Back App Mandate Amid Surveillance Concerns

Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It ...

2025-12-05 - Dark Reading

Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security

Microsoft has been named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security, which we believe highlights the innovative capabilities of ...

2025-12-05 - Microsoft Security Blog

Barts Health NHS discloses data breach after Oracle zero-day hack

Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-busin...

2025-12-05 - BleepingComputer

Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues

The bill, first introduced late last year, deals with regulations, training, grants and more. The post Bipartisan health care cybersecurity legislatio...

2025-12-05 - CyberScoop

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that...

2025-12-05 - The Hacker News

FBI warns of virtual kidnapping scams using altered social media photos

The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. [......

2025-12-05 - BleepingComputer

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, trac...

2025-12-05 - The Hacker News

Cultural Lag Leaves Security as the Weakest Link

For too long, security has been cast as a bottleneck – swooping in after developers build and engineers test to slow things down. The reality is blunt...

2025-12-05 - Security Boulevard

Hardening browser security with zero-trust controls

The shift from perimeter-based security to zero trust is now indispensable for combating modern threats. The obsolete “castle-and-moat” model, grantin...

2025-12-05 - CSO Online

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for se...

2025-12-05 - Infosecurity Magazine

In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor

Other noteworthy stories that might have slipped under the radar: Akamai patches HTTP smuggling vulnerability, Claude Skills used to execute ransomwar...

2025-12-05 - SecurityWeek

Threat Landscape Grows Increasingly Dangerous for Manufacturers

Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.

2025-12-05 - Dark Reading

React2Shell Vulnerability Under Attack From China-Nexus Groups

A maximum-severity vulnerability affecting the React JavaScript library has been exploited in the wild, further stressing the need to patch now.

2025-12-05 - Dark Reading

Cloudflare Outage Caused by React2Shell Mitigations

The critical React vulnerability has been exploited in the wild by Chinese and other threat actors. The post Cloudflare Outage Caused by React2Shell M...

2025-12-05 - SecurityWeek

A Practical Guide to Continuous Attack Surface Visibility

Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automate...

2025-12-05 - BleepingComputer

CISOs Should Be Asking These Quantum Questions Today

As quantum quietly moves beyond lab experiment and into production workflows, here's what enterprise security leaders should be focused on, according ...

2025-12-05 - Dark Reading

China-Linked Warp Panda Targets North American Firms in Espionage Campaign

CrowdStrike warned that Warp Panda, a China-linked cyber-espionage group, is targeting US organizations to steal sensitive data and support Beijing’s ...

2025-12-05 - Infosecurity Magazine

Imper.ai Emerges From Stealth Mode With $28 Million in Funding

The cybersecurity startup detects impersonation risk in real-time, across video, phone, and chat communication. The post Imper.ai Emerges From Stealth...

2025-12-05 - SecurityWeek

Avoiding the next technical debt: Building AI governance before it breaks

The AI rush is repeating a familiar mistake. Early in my career, a risk executive I worked with used to say, “You didn’t invite me to drink the beer; ...

2025-12-05 - CSO Online

US Organizations Warned of Chinese Malware Used for Long-Term Persistence

Warp Panda has been using the BrickStorm, Junction, and GuestConduit malware in attacks against US organizations. The post US Organizations Warned of ...

2025-12-05 - SecurityWeek

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours o...

2025-12-05 - The Hacker News

Leaks show Intellexa burning zero-days to keep Predator spyware running

A fresh investigation uncovers how Predator spyware still reaches victims through high-priced, newly bought zero-days.

2025-12-05 - Malwarebytes Labs

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

Array Networks AG gateways have been under active exploitation since August 2025 due to a command injection flaw, JPCERT/CC warns. A command injection...

2025-12-05 - Security Affairs

Louvre to Bolster Its Security, Issues €57m Public Tender

The French museum is planning to revamp its safety and security systems following a high-profile burglary in October

2025-12-05 - Infosecurity Magazine

ShadyPanda Takes its Time to Weaponize Legitimate Extensions

ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. ...

2025-12-05 - Security Boulevard

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

CISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecur...

2025-12-05 - Security Affairs

Lumia Security Raises $18 Million for AI Security and Governance

The startup will invest in expanding its engineering and research teams, deepening product integrations, and scaling go-to-market efforts. The post Lu...

2025-12-05 - SecurityWeek

Ghost-Tap Scam Makes Payments Scarier

The BBB warns of a rising ghost-tap scam exploiting tap-to-pay cards and mobile wallets. How attackers use NFC proximity tricks. The post Ghost-Tap Sc...

2025-12-05 - Security Boulevard

CrowdStrike Extends Scope of AWS Cybersecurity Alliance

CrowdStrike deepens its AWS partnership with automated Falcon SIEM configuration, AI security capabilities, EventBridge integrations and new MSSP-focu...

2025-12-05 - Security Boulevard

Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified

Data leaks have shed a new light on Intellexa’s flagship spyware infrastructure and attack vectors

2025-12-05 - Infosecurity Magazine

Check Point introduces Quantum Firewall R82.10 with new AI and zero trust security capabilities

Check Point announced its new Check Point Quantum Firewall Software, R82.10, introducing 20 new capabilities designed to help enterprises safely adopt...

2025-12-05 - Help Net Security

Building the missing layers for an internet of agents

Cybersecurity teams are starting to think about how large language model agents might interact at scale. A new paper from Cisco Research argues that t...

2025-12-05 - Help Net Security

What security leaders should watch for when companies buy or sell a business

In this Help Net Security video, Lane Sullivan, SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about dur...

2025-12-05 - Help Net Security

Data brokers are exposing medical professionals, and turning their personal lives into open files

Large amounts of personal information about medical professionals are available on people search sites. A new analysis by Incogni’s researchers shows ...

2025-12-05 - Help Net Security

New infosec products of the week: December 5, 2025

Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ, and Upwind. ...

2025-12-05 - Help Net Security

SMS Phishers Pivot to Points, Taxes, Fake Retailers

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, ju...

2025-12-04 - Krebs on Security

Intellexa remotely accessed Predator spyware customer systems, investigation finds

It was one of a trio of reports about the spyware vendor over the course of a day, with additional evidence about further infections among the finding...

2025-12-04 - CyberScoop

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware

The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that’s just what’s been ...

2025-12-04 - CyberScoop

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a new OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. ...

2025-12-04 - Security Affairs

How scammers use fake insurance texts to steal your identity

We follow the trail of a simple insurance text scam to show how it can spiral into full-blown identity theft.

2025-12-04 - Malwarebytes Labs

Cybersecurity strategies to prioritize now

In this article, Damon Becknel, Vice President and Deputy CISO for Regulated Industries at Microsoft, outlines four things to prioritize doing now. Th...

2025-12-04 - Microsoft Security Blog

CISA and International Partners Issue Guidance for Secure AI in Infrastructure

Cybersecurity agencies have issued guidance for securely integrating AI into OT systems

2025-12-04 - Infosecurity Magazine

Canadian police trialing facial recognition bodycams

Facial recognition software has long been criticized for accuracy issues and past wrongful arrests.

2025-12-04 - Malwarebytes Labs

Update Chrome now: Google fixes 13 security issues affecting billions

Google has pushed out a Chrome update with 13 security fixes, including a high-severity flaw in Digital Credentials.

2025-12-04 - Malwarebytes Labs

Attackers have a new way to slip past MFA in educational orgs

Researchers are seeing a rise in Evilginx to steal session cookies, letting them bypass the need for a multi-factor authentication (MFA) token among e...

2025-12-03 - Malwarebytes Labs

How to build forward-thinking cybersecurity teams for tomorrow

To secure the future, we must future-proof our cybersecurity talent and develop teams that are agile, innovative, and perpetually learning. The post H...

2025-12-02 - Microsoft Security Blog

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mas...

2025-11-26 - Krebs on Security

Charting the future of SOC: Human and AI collaboration for better security

This blog shares our journey and insights from building autonomous AI agents for MDR operations and explores how the shift to a GenAI-powered SOC rede...

2025-11-25 - Microsoft Security Blog

Is Your Android TV Streaming Box Part of a Botnet?

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access...

2025-11-24 - Krebs on Security

Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year

We’re happy to share that Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Access Management for the ninth consecuti...

2025-11-21 - Microsoft Security Blog

Mozilla Says It’s Finally Done With Two-Faced Onerep

In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser t...

2025-11-20 - Krebs on Security

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

2022-08-31 - Threatpost

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

2022-08-30 - Threatpost

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

2022-08-29 - Threatpost

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

2022-08-26 - Threatpost

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

2022-08-25 - Threatpost

Noticias en Español

Quantum Sensors: Cuando lo invisible se hace visible gracias al Mundo Cuántico

La historia de la humanidad es la historia de la medición. Desde ”La Piedra del Sol” que usaban los vikingos para orientarse en la inmensidad del Atlá...

2025-12-07 - El Lado del Mal

Phishing corporativo se dispara en 2025: los ataques ya triplican al malware y ponen en jaque la identidad empresarial

Un reciente informe revela que en 2025 los ataques de phishing contra usuarios corporativos se han multiplicado por cuatro, superando con creces a las...

2025-12-06 - Una al Día

Nerdearla España 2025: AI & Cybersecurity "Love & Hate Story" en Youtube

Como estamos en fin de semana, aprovecho para recopilar y traer las últimas charlas que he impartido este año. La temática no es nueva, porque he esta...

2025-12-06 - El Lado del Mal

React2Shell: anatomía de una vulnerabilidad histórica en React Server Components

A comienzos de enero de 2025, el investigador independiente J. C. Tommasi inició una revisión sistemática del flujo interno que React emplea para tran...

2025-12-06 - Hackplayers

DIG, Fraud y Worm GPT las IA del cibercrimen

Estas IA sin restricciones y de uso malicioso emergen en la dark web. En este artículo las analizaremos desde una perspectiva informativa y preventiva...

2025-12-05 - WeLiveSecurity

React2Shell: falla crítica en React y Next.js expone millones de apps (CVSS 10)

Una vulnerabilidad grave permite ejecución remota de código en servidores que usan React Server Components. Descubre cómo proteger tu aplicación.

2025-12-05 - WeLiveSecurity

Pentesting en Android: metodología completa (II)

El documento "All About Android Pentesting: A Complete Methodology" fue desarrollador por Xcheater Ver Parte I Analizar el ...

2025-12-05 - Segu-Info

La Universidad de Phoenix expone datos tras ataque a Oracle EBS por Clop

La Universidad de Phoenix sufrió una fuga masiva de datos tras un ataque orquestado por el grupo Clop, quienes explotaron una vulnerabilidad de día ce...

2025-12-05 - Una al Día

Recompensas Pasivas con Bit2Me Earn

En el universo de los activos digitales, la clave para el éxito a largo plazo es la eficiencia. ¿Te imaginas una forma de aumentar la cantidad de tus ...

2025-12-05 - El Lado del Mal

Microsoft corrige silenciosamente la falla de Windows LNK tras años de explotación activa

De acuerdo a ACROS Security's 0patch, Microsoft ha solucionado silenciosamente una falla de seguridad que ha sido explotada por varios actores de am...

2025-12-04 - Segu-Info

123456 sigue siendo la contraseña más usada en 2025

Reportes recientes confirman nuevamente que el mal hábito de elegir contraseñas débiles y predecibles sigue vigente, y que ya no diferencia entre gene...

2025-12-04 - WeLiveSecurity

Pentesting en Android: metodología completa (I)

El documento "All About Android Pentesting: A Complete Methodology" fue desarrollador por Xcheater Android está en todas part...

2025-12-04 - Segu-Info

Alerta Roja en npm: Malware Utiliza ‘Prompts Ocultos’ para Burlar a las IAs de Ciberseguridad

El panorama de la seguridad en la cadena de suministro de software acaba de dar un giro inquietante. Investigadores de ciberseguridad han descubierto ...

2025-12-04 - Una al Día

Cómo aumentar el porcentaje de éxito al hacer Jailbreak a LLMs usando poesía en el Prompt

En el año 2023 en el artículo titulado: "ChatGPT, ¿me das ideas para cómo matar al presidente de los EEUU?" os contaba, entre otras cosas, como en un ...

2025-12-04 - El Lado del Mal

URGENTE: errores críticos en React y Next.js permiten la ejecución remota de código sin autenticación (PARCHEA!)

Se ha revelado un fallo de seguridad de máxima gravedad en el protocolo "Flight" de React Server Components (RSC) que, de explotarse con éxito,...

2025-12-03 - Segu-Info

Inyección SQL y DoS: nuevas vulnerabilidades sacuden el ecosistema Django

El proyecto publica las versiones 5.2.9, 5.1.15 y 4.2.27 para mitigar dos fallos que afectan a todas las ramas soportadas, incluida la futura Django 6...

2025-12-03 - Una al Día

Entra ID endurecerá su Política de Seguridad de Contenido (CSP) para bloquear ataques en el inicio de sesión

Microsoft ha revelado una actualización crítica en su política de seguridad que entrará en vigor en octubre de 2026. La compañía bloqueará la ejec...

2025-12-03 - Segu-Info

Historias Cortas Sobre Fondo Azul - Podcast Audiolibro en Spotify

Uno de los libros que más se han vendido en 0xWord ha sido el de "Historias cortas sobre fondo azul", que es una lectura para amenizar nuestro cerebro...

2025-12-03 - El Lado del Mal

MuddyWater ataca infraestructuras críticas disfrazándose del juego Snake

MuddyWater ataca infraestructuras críticas en Israel y Egipto, utilizando malware personalizado, tácticas mejoradas y un libro de jugadas predecible

2025-12-02 - WeLiveSecurity

Descubren una operación oculta usando OAST para explotar más de 200 CVE desde Google Cloud

Investigadores de seguridad han identificado una campaña clandestina que utiliza una infraestructura privada de OAST (Out-of-Band Application Security...

2025-12-02 - Una al Día

PromptFix: cómo los atacantes manipulan la IA para vulnerar la seguridad

PromptFix, evolución de ClickFix, manipula asistentes de IA mediante instrucciones ocultas para vulnerar la seguridad del usuario.

2025-12-01 - WeLiveSecurity

TaskHound: automatizando la detección de tareas programadas peligrosas en entornos Windows

En seguridad ofensiva y defensiva hay piezas del sistema que, por pura costumbre, terminan olvidadas. Todos hablamos de servicios, privilegios, ACLs, ...

2025-11-30 - Hackplayers

Seguridad de las API

Seguridad de las API Autor INCIBE (INCIBE) Lun, 24/11/2025 - 11:06 En sus inici...

2025-11-24 - INCIBE-CERT

WhatsApp Contact Enumeration Flaw: anatomía de una vulnerabilidad que expuso datos de 3.500 millones de usuarios

Durante años, WhatsApp ha presumido —con razón— de su cifrado punto a punto y su arquitectura robusta basada en el protocolo Signal. Sin embargo, incl...

2025-11-20 - Hackplayers

Taller ROP - Parte 2 (ret2libc clásico)

Si echáis un vistazo al artículo anterior, iniciábamos un taller de ROP con un programa que era un pequeño código en C con una función vulnerable muy ...

2025-11-12 - Hackplayers

Taller ROP - Parte 1 (control RIP)

El Return-Oriented Programming (ROP) es una técnica de explotación que permite ejecutar código arbitrario sin inyectar nuevo código: en lugar de eso s...

2025-11-08 - Hackplayers

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

2025-10-27 - Flu Project

Adoptando DevSecOps: Seguridad integrada desde el código hasta la producción

Adoptando DevSecOps: Seguridad integrada desde el código hasta la producción Autor INCIBE (INCIBE) Lun, 20/10/2025 - ...

2025-10-20 - INCIBE-CERT

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

2025-10-13 - Flu Project

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

2025-10-06 - Flu Project

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

2025-09-29 - Flu Project

Supercomputación y computación cuántica en ciberseguridad

Supercomputación y computación cuántica en ciberseguridad Autor INCIBE (INCIBE) Jue, 18/09/2025 - 13:02 ...

2025-09-18 - INCIBE-CERT

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

2025-09-15 - Flu Project

Entendiendo BACnet: presente y futuro del protocolo en entornos industriales

Entendiendo BACnet: presente y futuro del protocolo en entornos industriales Autor INCIBE (INCIBE) Jue, 14/08/2025 - ...

2025-08-14 - INCIBE-CERT

Ataques DDoS: técnicas y mitigación en infraestructuras empresariales

Ataques DDoS: técnicas y mitigación en infraestructuras empresariales Autor David Matilla Rebollo Mar, 15/07/2025 - 1...

2025-07-15 - INCIBE-CERT

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

2025-07-01 - BlogThinkBig

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

2025-06-17 - BlogThinkBig

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

2025-06-13 - BlogThinkBig

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

2025-06-12 - BlogThinkBig

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

2025-06-06 - BlogThinkBig

AHQ-AGENCY Cybersecurity News

Noticias Destacadas

Latest News

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

New wave of VPN login attempts targets Palo Alto GlobalProtect portals

Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Maximum-severity XXE vulnerability discovered in Apache Tika

Warning: React2Shell vulnerability already being exploited by threat actors

Attackers hit React defect as researchers quibble over proof

China Hackers Using Brickstorm Backdoor to Target Government, IT Entities

Rust Code Delivers Better Security, Also Streamlines DevOps

Insecure use of Signal app part of wider Department of Defense problem, suggests Senate report

Chinese cyberspies target VMware vSphere for long-term persistence

More evidence your AI agents can be turned against you

India Rolls Back App Mandate Amid Surveillance Concerns

Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security

Barts Health NHS discloses data breach after Oracle zero-day hack

Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

FBI warns of virtual kidnapping scams using altered social media photos

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Cultural Lag Leaves Security as the Weakest Link

Hardening browser security with zero-trust controls

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor

Threat Landscape Grows Increasingly Dangerous for Manufacturers

React2Shell Vulnerability Under Attack From China-Nexus Groups

Cloudflare Outage Caused by React2Shell Mitigations

A Practical Guide to Continuous Attack Surface Visibility

CISOs Should Be Asking These Quantum Questions Today

China-Linked Warp Panda Targets North American Firms in Espionage Campaign

Imper.ai Emerges From Stealth Mode With $28 Million in Funding

Avoiding the next technical debt: Building AI governance before it breaks

US Organizations Warned of Chinese Malware Used for Long-Term Persistence

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Leaks show Intellexa burning zero-days to keep Predator spyware running

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

Louvre to Bolster Its Security, Issues €57m Public Tender

ShadyPanda Takes its Time to Weaponize Legitimate Extensions

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

Lumia Security Raises $18 Million for AI Security and Governance

Ghost-Tap Scam Makes Payments Scarier

CrowdStrike Extends Scope of AWS Cybersecurity Alliance

Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified

Check Point introduces Quantum Firewall R82.10 with new AI and zero trust security capabilities

Building the missing layers for an internet of agents

What security leaders should watch for when companies buy or sell a business

Data brokers are exposing medical professionals, and turning their personal lives into open files

New infosec products of the week: December 5, 2025

SMS Phishers Pivot to Points, Taxes, Fake Retailers

Intellexa remotely accessed Predator spyware customer systems, investigation finds

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

How scammers use fake insurance texts to steal your identity

Cybersecurity strategies to prioritize now​​

CISA and International Partners Issue Guidance for Secure AI in Infrastructure

Canadian police trialing facial recognition bodycams

Update Chrome now: Google fixes 13 security issues affecting billions

Attackers have a new way to slip past MFA in educational orgs

How to build forward-thinking cybersecurity teams for tomorrow

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

Charting the future of SOC: Human and AI collaboration for better security

Is Your Android TV Streaming Box Part of a Botnet?

Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year

Mozilla Says It’s Finally Done With Two-Faced Onerep

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Noticias en Español

Quantum Sensors: Cuando lo invisible se hace visible gracias al Mundo Cuántico

Phishing corporativo se dispara en 2025: los ataques ya triplican al malware y ponen en jaque la identidad empresarial

Nerdearla España 2025: AI & Cybersecurity "Love & Hate Story" en Youtube

React2Shell: anatomía de una vulnerabilidad histórica en React Server Components

DIG, Fraud y Worm GPT las IA del cibercrimen

React2Shell: falla crítica en React y Next.js expone millones de apps (CVSS 10)

Cybersecurity strategies to prioritize now