Cybersecurity News - Noticias de Ciberseguridad

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental or...

Smart Slider updates hijacked to push malicious WordPress, Joomla versions

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors....

OpenAI Readies Rollout of New Cyber Model as Industry Shifts to Defense

OpenAI is finalizing a cybersecurity product slated for a restricted release to select partners. The new model, as reported by Axios, could signal gro...

The Web Is Full of Traps — and AI Agents Walk Right into Them

The enterprise is deploying AI agents at a pace that has outrun every security framework written to govern them. These agents don’t just answer questi...

Aembit IAM for Agentic AI Is Now Generally Available

5 min readAembit IAM for Agentic AI is now GA. Enforce AI agent access to MCP servers with Blended Identity, secretless credential exchange, and polic...

Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’

FBI cyber chief Brett Leatherman told CyberScoop the Russian GRU campaign was unique in how it could propagate from routers to beyond. The post Inside...

In-Memory Loader Drops ScreenConnect

IntroductionIn February 2026, Zscaler ThreatLabz discovered an attack chain where attackers used a fake Adobe Acrobat Reader download to lure victims ...

Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees

Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Stor...

[un]prompted 2026 – Al Go Beep Boop!

Author, Creator & Presenter: Adam Laurie (Major Malfunction) CISO At Alpitronic Our thanks to [un]prompted for publishing their Creators, Authors...

Claude Managed Agents bring execution and control to AI agent workflows

Anthropic’s Claude Managed Agents are a suite of composable APIs for building and deploying cloud-hosted agents at scale, handling sandboxed cod...

113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs

MyLovely.AI, an AI girlfriend platform, suffered a data breach that exposed over 100,000 users. MyLovely.AI allows people to create personalized not s...

Masjesu botnet targets IoT devices while evading high-profile networks

Masjesu is a stealthy DDoS-for-hire botnet targeting IoT devices, active since 2023 and designed to stay hidden by avoiding high-profile networks. Mas...

When attackers already have the keys, MFA is just another door to open

Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the se...

Apple Intelligence AI Guardrails Bypassed in New Attack

RSAC researchers hacked Apple Intelligence using the Neural Exect method and Unicode manipulation. The post Apple Intelligence AI Guardrails Bypassed ...

Can we Trust AI? No – But Eventually We Must

From hallucinations and bias to model collapse and adversarial abuse, today’s AI is built on probability rather than truth, yet enterprises are deploy...

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

A severe Android intent‑redirection vulnerability in a widely deployed SDK exposed sensitive user data across millions of apps. Microsoft researchers ...

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)

In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-3...

Mallory brings contextual threat intelligence to security operations

Mallory is launching an AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: What...

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vuln...

Weak at the seams

Before I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, war...

Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access

Dozens of such keys can be extracted from apps’ decompiled code to gain access to all Gemini endpoints. The post Google API Keys in Android Apps Expos...

Webinar: From noise to signal - What threat actors are targeting next

Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join ou...

Contemporary Controls BASC 20T

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated wi...

GPL Odorizers GPL750

View CSAF Summary Successful exploitation of this vulnerability could allow a low privileged remote attacker to manipulate register values, which woul...

Don’t just fight fraud, hunt it

As traditional fraud markers become obsolete, we must treat digital identity as critical infrastructure and adopt a layered, real-time defense to neut...

OPSWAT adds predictive AI engine to MetaDefender for pre-execution threat detection

OPSWAT has announced OPSWAT Predictive Alin AI, its first proprietary AI-based threat detection engine for the MetaDefender Platform. This AI-based in...

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

The bugs could allow attackers to modify protected resources and escalate their privileges to administrator. The post Palo Alto Networks, SonicWall Pa...

Weak at the seams

Before I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, war...

New ClickFix variant bypasses Apple safeguards with one‑click script execution

ClickFix malware campaigns are evolving again, with threat actors removing one of their most obvious and user‑dependent steps: convincing victims to p...

The Hidden Security Risks of Shadow AI in Enterprises

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may bo...

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least ...

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate,...

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activ...

Eurail says December data breach impacts 300,000 individuals

Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of o...

Politicians Are Spending More Money on Security as They Increasingly Become Targets

Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence.

The long road to your crypto: ClipBanker and its marathon infection chain

Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that ...

The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences

A hacker allegedly stole 10+ PB of sensitive military and aerospace data from China’s National Supercomputing Center, risking national security. A mas...

Hackers exploiting Acrobat Reader zero-day flaw since December

Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]

Patch windows collapse as time-to-exploit accelerates

The gap between vulnerability disclosure and exploitation is drastically decreasing, putting security teams’ patching practices on notice. Accordin...

Internet-Exposed ICS Devices Raise Alarm for Critical Sectors

Exposed ICS devices and insecure protocols like Modbus increase risks to critical infrastructure, enabling disruption, data access, and potential sabo...

So geht Post-Incident Review

Post-Incident Reviews können dazu beitragen, die richtigen Lehren aus Sicherheitsvorfällen zu ziehen – wenn sie richtig aufgesetzt sind.dotshock | shu...

ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)

Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers

Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting i...

Number Usage in Passwords: Take Two, (Thu, Apr 9th)

In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was ho...

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog The U.S. Cy...

Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka...

Threat Actors Get Crafty With Emojis to Escape Detection

When 🤖 means "bot available," 🧰 signifies "toolkit," or 💰💰💰 translates to "big ransom," bad actors can evade filter...

AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties

Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which bounties don't fund.

‘We Were Not Ready for This’: Lebanon's Emergency System Is Hanging by a Thread

In Lebanon, nearly 1 in 5 people has been displaced by Israeli attacks, leaving the government to manage a modern crisis without modern digital infras...

TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26&#x...

Hack-for-hire spyware campaign targets journalists in Middle East, North Africa

Access Now, Lookout and SMEX joined research forces to find a campaign involving suspected Indian government-connected group Bitter, ProSpy spyware an...

Fraud Rockets Higher in Mobile-First Latin America

Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can re...

Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus

More Honeypot Fingerprinting Scans, (Wed, Apr 8th)

One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-1340 Iv...

Financial cyberthreats in 2025 and the outlook for 2026

In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing,...

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

In Telegram groups, men are sharing thousands of nonconsensual images of women and girls, buying spyware, and engaging in doxing and sexual abuse.

ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)

Feds quash widespread Russia-backed espionage network spanning 18,000 devices

Forest Blizzard, a threat group attributed to Russia’s GRU, hijacked network traffic to steal credentials and tokens for Microsoft accounts and other ...

Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure

As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructur...

Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything

The AI lab's Project Glasswing will bring together Apple, Google, and more than 45 other organizations. They'll use the new Claude Mythos Preview mode...

Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities

The program comes as the tech industry races to secure software before similar AI-powered offensive capabilities become too much for defenders to hand...

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Micr...

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipm...

Mitsubishi Electric GENESIS64 and ICONICS Suite products

View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by the affecte...

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

Advisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publ...

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyon...

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerab...

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities ...

A laughing RAT: CrystalX combines spyware, stealer, and prankware features

Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.

An AI gateway designed to steal your data

Dissecting the supply chain attack on LiteLLM, a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how ...

Coruna: the framework used in Operation Triangulation

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-3860...

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly...

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets th...

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical te...

Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas"

Hace muchos años, cuando estaba trabajando en mi Ph.D en los Time-Based Blind SQL Injection using Heavy Queries, en uno de mis documentos de la univer...

La falta de expertos en ciberseguridad pone en jaque la cadena de suministro

El nuevo estudio global de Kaspersky, “Supply chain reaction: securing the global digital ecosystem in an age of interdependence” ha identificado la f...

Doctor i lanza la primera IA que recomienda seguros de salud con precios reales

La inteligencia artificial está transformando múltiples industrias, y ahora también llega al mundo de los seguros de salud. Doctor i presenta el prime...

Cómo suplantaron a una telefónica mexicana para robar datos financieros

Una estafa por SMS muestra cómo los cibercriminales roban datos financieros y por qué reconocer estos engaños sigue siendo fundamental.

Los Gatos de la Suerte de Karla Frechilla

Hoy os voy a hablar de Gatos de la Suerte. Ya sabéis, esos gatos que saludan moviendo la patita que seguro que habéis visto un millón de veces. Pero s...

Detectan un aumento significativo de ciberataques durante la campaña fiscal 2026

Check Point Research, la división de Inteligencia de Amenazas de Check Point® Software Technologies Ltd., empresa global en soluciones de cibersegurid...

La IA se consolida como clave contra el fraude para 1 de cada 5 directivos en España

La inteligencia artificial se posiciona como protagonista indiscutible en el futuro de la tesorería de grandes y medianas empresas. Según un estudio r...

AI Companions: nuevas formas de compañía digital y riesgos que pasan desapercibidos

Un análisis de los riesgos de los AI Companions, ilustrado con un caso real que evidencia su impacto en privacidad y seguridad digital.

Cómo resolver los Captchas Cognitivos Visuales y Auditivos de GitHub con Gemini (o cualquier MM-LLM) sin despeinarte

Cuando empecé a jugar con los Captchas Cognitivos hace unos años estaba claro que los MM-LLMs iban a merendarte estos retos con una facilidad asombros...

​Los estafadores ya clonan tu voz con inteligencia artificial para vaciar tu cuenta bancaria

El INCIBE ha documentado en 2026 múltiples casos de fraude con voz sintética dirigidos tanto a empresas como a familias en España. La CNMC activará en...

BTMOB: el troyano de acceso remoto que avanza en la región

El panorama de amenazas del país sigue dominado por los troyanos bancarios, pero nuevas familias empiezan a ganar terreno. BTMOB es un ejemplo de ello...

Máster en IA Aplicada & Optimización de Procesos Productivos

El mundo cambió para no volver a lo que era antes. Lo estamos viendo constantemente. Las grandes empresas se están re-estructurando para meter en el c...

Vibe Coding en BASIC para AMSTRAD CPC sale (un poco) más caro

¿Qué otra cosa mejor que estar probando Vibe Coding en un sábado por la tarde en las oficinas de Cloudflare en Lisboa para comprobar cuánto de bueno e...

Fuga de código fuente de Claude Code: los riesgos detrás del error que expuso a Anthropic

Un descuido en el proceso de publicación expuso la arquitectura de la herramienta de Anthropic y habilitó escenarios de jailbreak, clones malicosos y ...

Máquinas virtuales por todas partes y brechas de seguridad muy reales

Las máquinas virtuales en la nube ofrecen una velocidad, una escala y una flexibilidad inigualables, pero todo ello podría no servir de mucho si se ab...

Agentic AI y ciberseguridad: cuando los agentes de IA se convierten en vector de ataque

La evolución de los Large Language Models (LLMs) hacia sistemas agénticos representa un cambio paradigmático en la arquitectura de las aplicaciones em...

N.O.M.A.D.: la infraestructura offline que querrás tener cuando Internet deje de existir

En un contexto donde la estabilidad geopolítica ya no se da por sentada, donde conflictos híbridos, ciberataques a gran escala y apagones de infraestr...

MiroFish: cuando los LLM empiezan a simular el mundo

Durante años hemos hablado de modelos predictivos, de machine learning aplicado a forecasting, de simulaciones multi-agente y de modelos basados en gr...

Zombie ZIP: cómo una simple manipulación del header permite ocultar malware a los antivirus

Los archivos ZIP son uno de los formatos más utilizados para distribuir software, documentos y archivos comprimidos. Precisamente por su ubiquidad, ta...

Living off the Land 2.5: persistencia que vive dentro de contenedores y casi nadie está mirando

Cuando empecé a investigar intrusiones recientes en infraestructuras Linux modernas, hubo algo que empezó a repetirse: no era malware clásico, no eran...

Living off the Land 2.0 en Linux: Persistencia para pasar desapercibidos al SOC

Hay una regla no escrita en intrusiones modernas: El mejor malware es el que no parece malware. Pero hay una evolución aún más interesante q...

Las peores contraseñas de todos los tiempos

Las peores contraseñas de todos los tiempos Las peores contraseñas de todos los tiempos son aquellas que, por pereza o previsibilidad, se repiten mill...

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

Prueba de Penetración en Costa Rica

Prueba de Penetración en Costa Rica Prueba de Penetración en Costa Rica: Un Servicio Esencial para la Seguridad Empresarial Introducción En un mundo c...

Prueba de Penetración en Quito

Prueba de Penetración en Quito La Prueba de Penetración en Quito, también conocida como Pentesting, se ha convertido en una herramienta fundamental pa...

Prueba de Penetración en El Salvador

Prueba de Penetración en El Salvador En la era digital actual, la seguridad informática es un aspecto crucial para cualquier empresa. El Salvador, com...

Prueba de penetración en Barranquilla

Prueba de penetración en Barranquilla La prueba de penetración en Barranquilla es un proceso esencial para garantizar la seguridad informática en cual...

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

Chat Control: el plan europeo para escanear tus mensajes

La Unión Europea está en pleno debate sobre una de las propuestas más polémicas de los últimos años: el Reglamento para prevenir y combatir el abuso s...

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

OpenAI lanza cursos gratuitos sobre IA.

OpenAI ha lanzado su propia academia online gratuita con cursos para aprender inteligencia artificial. Desde productividad con ChatGPT hasta ética de ...

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

CodeStrike, el videojuego gratuito que te enseña Python mientras salvas el mundo

Aprender a programar puede ser entretenido, sobre todo si te conviertes en un héroe del futuro mientras lo haces. Esa es precisamente la propuesta de ...

La Comisión Europea investiga a TikTok en virtud de la Ley de Servicios Digitales

La Comisión Europea inicia procedimiento contra TikTok por posible infracción de la DSA, enfocándose en protección de menores, transparencia publicita...

El Garante dice que ChatGPT viola la normativa de la Unión Europea sobre protección de datos

La autoridad italiana de protección de datos ha notificado a OpenAI sobre una presunta infracción de ChatGPT en relación con el RGPD