Cybersecurity News - Noticias de Ciberseguridad

WorldLeaks ransomware group breached the City of Los Angels

WorldLeaks group hit Los Angeles and its Metro system, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. Wo...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malw...

BSidesSLC 2025 – • Al Red Teaming For Artificial Dummies

Author, Creator & Presenter: Bryson Loughmiller - Principal Platform Security Architect At Entrata Our thanks to BSidesSLC for publishing their C...

Google adds ‘Advanced Flow’ for safe APK sideloading on Android

Google has announced a new mechanism in Android called Advanced Flow that will allow sideloading APKs from unverified developers for power users in a ...

Microsoft Azure Monitor alerts abused for callback phishing attacks

Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unau...

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) l...

Real Attack Alert Analysis: From Hidden Indicators to Actionable Threat Intelligence

Executive Overview Cyber threats are evolving rapidly, becoming more stealthy, automated, and difficult to detect using traditional security approache...

Critical Quest KACE Vulnerability Potentially Exploited in Attacks

The vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector. The post Critical Quest KACE Vu...

MY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is running

SAN FRANCISCO — RSAC 2026 opens here Monday at Moscone Center, with upwards of 40,000 cybersecurity professionals, executives, and policy leaders, mys...

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more.

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited t...

PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS in older versions...

How OTP Authentication Streamlines Service Delivery for HVAC Companies

Use OTP authentication to secure HVAC appointments, payments, and service confirmations while improving customer trust and service efficiency. The pos...

73% of Breaches Happen Due to Weak GRC – Implement It The Right Way

Most organizations assume breaches happen because of sophisticated zero-day exploits or highly advanced attackers. The reality is far less dramatic an...

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to...

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire ...

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

Attackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and G...

Are nations ready to be the cybersecurity insurers of last resort?

A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organ...

7,500+ Magento sites defaced in global hacking campaign

Hackers defaced 7,500 Magento sites since Feb 27, uploading files across 15,000 hostnames, mostly opportunistic attacks. Since February 27, a large-sc...

A Top Democrat Is Urging Colleagues to Support Trump’s Spy Machine

Congressman Jim Himes claims a sweeping surveillance authority should stay intact because he hasn't seen abuses by Kash Patel's FBI, according to inte...

FBI links Signal phishing attacks to Russian intelligence services

The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted mess...

FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps

It echoes earlier alerts from the Netherlands and Germany, and is the latest to warn about targeting of Signal users and others. The post FBI, CISA is...

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.

Navia data breach impacts nearly 2.7 Million people

Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026. Navia Benefit Solutions d...

Oracle pushes emergency fix for critical Identity Manager RCE flaw

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web S...

Trio sentenced for facilitating North Korean IT worker scheme from their homes

The men facilitated about $1.28 million in salary from victim U.S. companies by hosting laptop farms and helping remote IT workers assume fake identit...

Water utilities strengthen cybersecurity through cooperation

Water utilities are finding that letting information flow can flush out cybersecurity problems. The water industry has a security issue: Many utili...

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver ma...

Stop using AI to submit bug reports, says Google

Google will no longer accept AI-generated submissions to a program it funded to find bugs in open-source software. However, it is contributing to a se...

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.

Ubiquiti defect poses account takeover risk for UniFi Networking Application users

The maximum-severity vulnerability, which hasn’t been exploited in the wild yet, affects software customers use to manage networking devices. The post...

CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents

Excerpt: CTI-REALM is Microsoft’s open-source benchmark for evaluating AI agents on real-world detection engineering—turning cyber threat intelligence...

Secure agentic AI end-to-end

In this agentic era, security must be woven into, and around, every layer of the AI estate. At RSAC 2026, we are delivering on that vision with new pu...

In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting

Other noteworthy stories that might have slipped under the radar: vulnerabilities found in KVM devices, Claudy Day Claude vulnerabilities, The Gentlem...

3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China

The men violated U.S. export controls laws by scheming to divert massive quantities of the high-performance servers assembled in the United States to ...

Justice Department disrupts botnet networks that hijacked 3 million devices

The Aisuru, Kimwolf, JackSkid and Mossad botnets enabled cybercriminals to initiate thousands of attacks. A crackdown targeting large-scale botnets co...

Eclypsium Raises $25 Million for Device Supply Chain Security

The company will use the investment to expand its platform’s capabilities and grow channel partnerships. The post Eclypsium Raises $25 Million for Dev...

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)

A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has be...

Interlock Ransomware Targets Cisco Enterprise Firewalls

The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed.

Google slows Android sideloading to trip up scammers

Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feat...

US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites

The US has seized several domains used by Handala in cyber-enabled psychological operations. The post US Confirms Handala Link to Iran Government Amid...

Terminated contract led to $2.5 million cyber extortion scheme

A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-bas...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-3127...

Russian Intelligence Services Target Commercial Messaging Application Accounts

CISA and the Federal Bureau of Investigation released a Public Service Announcement (PSA) warning about ongoing phishing campaigns by cyber actors ass...

DDoS-Attacken: Schlag gegen internationale Cyberkriminelle

DDos bleibt ein Evergreen unter den Security-Bedrohungen.Karsten Kunert mit ChatGPT In einem großangelegten Schlag gegen ein internationales Hacker...

Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

Apple warns that outdated iPhones are vulnerable to Coruna and DarkSword exploit kits and urges users to update iOS. Apple has warned that iPhones run...

Rapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis

Rapid7 has unveiled new cloud security capabilities within Exposure Command. The introduction of runtime validation and Data Security Posture Manageme...

Authorities disrupt four IoT botnets behind record DDoS attacks

The U.S. Justice Department and international partners have disrupted four IoT botnets linked to DDoS attacks that reached 30 terabits per second, amo...

The Danger Behind Meta Killing End-to-End Encryption for Instagram DMs

Meta blamed users for not opting into the privacy-protecting feature. Experts fear the move could be the first major domino to fall for end-to-end enc...

GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)

Yesterday, I discovered a malicious Bash script that installs a GSocket backdoor on the victim's computer. I don't know the source of the scri...

ISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)

North Carolina tech worker found guilty of insider attack netting $2.5M ransom

Cameron Nicholas Curry, also known as “Loot,” stole a trove of corporate data from a D.C.-based tech company as his six-month contract gig came to a c...

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets th...

US Takes Down Botnets Used in Record-Breaking Cyberattacks

The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Ju...

AI Conundrum: Why MCP Security Can't Be Patched Away

RSAC Conference Preview: MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says.

With Government's Role Uncertain, Businesses Unite to Combat Fraud

Major industry leaders agree to share information and collaborate to boost defenses in the wake of distressing online scams.

New tools and guidance: Announcing Zero Trust for AI

Microsoft introduces Zero Trust for AI, adding a new AI pillar to its workshop, enhanced reference architecture, updated guidance, and a new assessmen...

When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures

During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including refund notices, payroll fo...

Signal’s Creator Is Helping Encrypt Meta AI

Moxie Marlinspike says the technology powering his encrypted AI chatbot, Confer, will be integrated into Meta AI. The move could help protect the AI c...

Schneider Electric EcoStruxure Automation Expert

View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ Automation Expert product. The EcoStruxure™ Automation Expert pro...

Mitsubishi Electric CNC Series

View CSAF Summary Successful exploitation of this vulnerability could allow a remote attacker to cause an out-of-bounds read, resulting in a denial-of...

Schneider Electric Modicon Controllers M241, M251, M258, and LMC058

View CSAF Summary Successful exploitation of this vulnerability may risk a Cross-site Scripting or an open redirect attack which could result in an ac...

ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)

Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)

This activity was found and reported by BACS student Adam Thorman as part of one of his assignments which I posted his final pape...

Observability for AI Systems: Strengthening visibility for proactive risk detection

As AI systems grow more autonomous, observability becomes essential. Learn how visibility into AI behavior helps detect risk and strengthen secure dev...

Scans for "adminer", (Wed, Mar 18th)

A very popular target of attackers scanning our honeypots is "phpmyadmin". phpMyAdmin is a script first released in the late 90s, before many security...

The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico

Kaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt ...

Free real estate: GoPix, the banking Trojan living off your memory

Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) ...

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical te...

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pre...

BeatBanker: A dual‑mode Android Trojan

Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable...

How AI Assistants are Moving the Security Goalposts

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any ...

Exploits and vulnerabilities in Q4 2025

This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use...

Mobile malware evolution in 2025

Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT...

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's lar...

N.O.M.A.D.: la infraestructura offline que querrás tener cuando Internet deje de existir

En un contexto donde la estabilidad geopolítica ya no se da por sentada, donde conflictos híbridos, ciberataques a gran escala y apagones de infraestr...

Mi primer Blog fue de cine: La Colección Pitufo.

Cuando era pequeño, mi conexión a Internet era el quiosco. Supongo que para muchos niños y niñas de mi generación. Yo salía por la puerta con ocho, nu...

Initial Access Brokers (IAB): qué son y cómo operan para obtener y comercializar accesos a redes corporativas

Los Initial Access Brokers obtienen y comercializan accesos iniciales a redes corporativas mediante credenciales comprometidas, malware y explotación ...

Presentación del libro "Todo Llega...cuidado con lo que deseas". Mañana a las 19:00 en Espacio Ronda

Mi compañero y amigo David de Santiago presenta mañana, Sábado 21 de Abril, a las 19:00 horas de la tarde, en el Espacio Ronda - sito en la Ronda Sego...

El 70% de las organizaciones señalan la IA como su principal riesgo para la seguridad de los datos

Thales Cybersecurity Productos, distribuido por Exclusive Networks, analiza la última edición del informe Thales 2026 Data Threat Report, el estudio d...

Telegram no logra frenar la ciberdelincuencia pese a un récord histórico de moderación

Check Point® Software Technologies Ltd., empresa global en soluciones de ciberseguridad, ha publicado un nuevo análisis detallado sobre el estado de l...

Descubren una campaña de malware dirigida a desarrolladores de software

Bitdefender, empresa global de ciberseguridad, acaba de publicar una investigación que alerta de la existencia de una campaña de malware que se lleva ...

EDR killers explicados: Más allá de los drivers

Los investigadores de ESET profundizan en el ecosistema de los EDR killer y revelan cómo los atacantes abusan de los controladores vulnerables

Quantum y Post-Quantum Computing para Ciberseguridad: Últimas plazas. Comienzo 14 de Abril (Online)

Ya os había contando que el año pasado ya os anuncié que comenzamos con la idea  Pablo García Bringas y yo nos metimos en un nuevo proy...

Proofpoint lanza AI Security para proteger agentes de IA

Proofpoint, Inc., empresa de ciberseguridad y cumplimiento normativo, ha anunciado Proofpoint AI Security, la solución de seguridad más reciente de la...

Aumentan un 81% las filtraciones de IA: 29 millones de credenciales expuestas

GitGuardian, empresa seguridad y app nº1 en GitHub Marketplace, ha publicado hoy la quinta edición de su informe “State of Secrets Sprawl” (“Estado de...

The Show Must Go On: MyPublicInbox adquiere la plataforma Linkmusic (LnkMsc.com)

Hace tiempo que MyPublicInbox crece a buen ritmo, expandiendo el número de usuarios, el número de servicios y, sobre todo, las interacciones...

El impacto en la ciberseguridad de la guerra en Irán: riesgos clave que debe monitorear

Aunque el conflicto se desarrolla en Medio Oriente, las repercusiones en la ciberseguridad pueden afectar a organizaciones de todo el mundo. Estos son...

Mapa de actividad de malware en América Latina

Un análisis basado en telemetría ESET muestra cómo se distribuyen las amenazas en cinco de los países de la región y revela similitudes en las campaña...

Alcolea Party 10 a 12 de Abril en Alcolea del Río

Una vez el gran Sorian se embarca en mantener vivo el sueño de tener en Alcolea del Río (Sevilla), la Alcolea Party, donde comencé a ir hace ya muchos...

MiroFish: cuando los LLM empiezan a simular el mundo

Durante años hemos hablado de modelos predictivos, de machine learning aplicado a forecasting, de simulaciones multi-agente y de modelos basados en gr...

¿Está bien permitir que tus hijos publiquen selfies en línea?

Cuando se trata de la vida digital de nuestros hijos, la prohibición rara vez funciona. Es nuestra responsabilidad ayudar a que construyan una relació...

Zombie ZIP: cómo una simple manipulación del header permite ocultar malware a los antivirus

Los archivos ZIP son uno de los formatos más utilizados para distribuir software, documentos y archivos comprimidos. Precisamente por su ubiquidad, ta...

Living off the Land 2.5: persistencia que vive dentro de contenedores y casi nadie está mirando

Cuando empecé a investigar intrusiones recientes en infraestructuras Linux modernas, hubo algo que empezó a repetirse: no era malware clásico, no eran...

Living off the Land 2.0 en Linux: Persistencia para pasar desapercibidos al SOC

Hay una regla no escrita en intrusiones modernas: El mejor malware es el que no parece malware. Pero hay una evolución aún más interesante q...

Las peores contraseñas de todos los tiempos

Las peores contraseñas de todos los tiempos Las peores contraseñas de todos los tiempos son aquellas que, por pereza o previsibilidad, se repiten mill...

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

Prueba de Penetración en Costa Rica

Prueba de Penetración en Costa Rica Prueba de Penetración en Costa Rica: Un Servicio Esencial para la Seguridad Empresarial Introducción En un mundo c...

Prueba de Penetración en Quito

Prueba de Penetración en Quito La Prueba de Penetración en Quito, también conocida como Pentesting, se ha convertido en una herramienta fundamental pa...

Prueba de Penetración en El Salvador

Prueba de Penetración en El Salvador En la era digital actual, la seguridad informática es un aspecto crucial para cualquier empresa. El Salvador, com...

Prueba de penetración en Barranquilla

Prueba de penetración en Barranquilla La prueba de penetración en Barranquilla es un proceso esencial para garantizar la seguridad informática en cual...

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

Chat Control: el plan europeo para escanear tus mensajes

La Unión Europea está en pleno debate sobre una de las propuestas más polémicas de los últimos años: el Reglamento para prevenir y combatir el abuso s...

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

OpenAI lanza cursos gratuitos sobre IA.

OpenAI ha lanzado su propia academia online gratuita con cursos para aprender inteligencia artificial. Desde productividad con ChatGPT hasta ética de ...

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

CodeStrike, el videojuego gratuito que te enseña Python mientras salvas el mundo

Aprender a programar puede ser entretenido, sobre todo si te conviertes en un héroe del futuro mientras lo haces. Esa es precisamente la propuesta de ...

La Comisión Europea investiga a TikTok en virtud de la Ley de Servicios Digitales

La Comisión Europea inicia procedimiento contra TikTok por posible infracción de la DSA, enfocándose en protección de menores, transparencia publicita...

El Garante dice que ChatGPT viola la normativa de la Unión Europea sobre protección de datos

La autoridad italiana de protección de datos ha notificado a OpenAI sobre una presunta infracción de ChatGPT en relación con el RGPD