Cybersecurity News - Noticias de Ciberseguridad

CISA flags Wing FTP Server flaw as actively exploited in attacks

CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remo...

Poland Suspects Iranian Actors are Behind Attack on Its Nuclear Power Center

Poland officials say the cyberattack late last week appears to have been launched by an Iranian threat group, though they noted that bad actors not as...

Hacked sites deliver Vidar infostealer to Windows users

We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar infostealer. The post Hacked s...

New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation

As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration. The post New Microsoft Purview ...

UK’s Companies House confirms security flaw exposed business data

Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was...

Zombie ZIP method can fool antivirus during the first scan

Researchers published about the Zombie ZIP vulnerability (or not a vulnerability, that's up for debate) that can bypass a first AV inspection. The pos...

Microsoft Exchange Online outage blocks access to mailboxes

Microsoft is working to address an ongoing Exchange Online outage that is preventing customers from accessing their mailboxes and calendars. [...]

Help on the line: How a Microsoft Teams support call led to compromise

A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to ...

Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact

Broadcom, Bechtel, Estée Lauder, and Abbott Technologies are the only major companies that have yet to issue a public statement.  The post Oracle EBS ...

FBI launches inquiry into Steam games spreading malware

The FBI is asking gamers who installed malware-infected Steam games between May 2024 and January 2026 to come forward as part of an ongoing investigat...

DPRK IT Worker Fraud: Hiring an Insider Threat

Nisos DPRK IT Worker Fraud: Hiring an Insider Threat Here at Nisos, we’ve spent years helping organizations understand and mitigate complex, human ris...

BSidesCache 2025 – KEYNOTE: The AI Cyber War: Inside The AI Race Between Attackers And Hunters

Author, Creator & Presenter: Mike Spicer (@d4rkm4tter) Our thanks to BSidesCache for publishing their Creators, Authors and Presenter’s outstandi...

Security Firm Executive Targeted in Sophisticated Phishing Attack

The attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Cloudflare-protected phishing pages. The po...

Stellar Cyber 6.4.0 reduces alert noise and speeds investigations with Autonomous SOC capabilities

Stellar Cyber has announced he general availability of version 6.4.0 of its platform. With this release, Stellar Cyber delivers new Autonomous SOC cap...

Former Germany’s foreign intelligence VP hit in Signal account takeover campaign

Former BND VP Arndt Freytag von Loringhoven was targeted in a Signal cyberattack, part of a wave hitting officials and politicians in Germany. A cyber...

NinjaOne Vulnerability Management enables real-time detection and autonomous patching

NinjaOne has unveiled NinjaOne Vulnerability Management, a new solution that helps IT teams identify, prioritize, and remediate vulnerabilities faster...

⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More

Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has that ener...

Orca Platform enhancements use AI to cut cloud alert noise

Orca Security has announced major enhancements to the Orca Platform, introducing new AI-powered security agents, real-time detection of AI usage acros...

Attackers Abuse LiveChat to Phish Credit Card, Personal Data

A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.

Shadow AI is everywhere. Here’s how to find and secure it.

Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security tea...

/proxy/ URL scans with IP addresses, (Mon, Mar 16th)

Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or i...

Microsoft pulls Samsung app blocking Windows C: drive from Store

​Microsoft has removed the Samsung Galaxy Connect app from the Microsoft Store because it was causing issues on specific Samsung Galaxy Book 4 and des...

China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation

The state-sponsored hackers deployed custom tools and stayed dormant in the compromised environments for months. The post China-Linked Hackers Hit Asi...

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 is distributing fake VPN clients through SEO poisoning, deploying trojans, and stealing login information. The post Threat Actor Targeting ...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025...

Why Security Validation Is Becoming Agentic

If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pent...

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. The post ForceMemo: Python Repositories Compromi...

Fingerprint’s MCP Server turns device intelligence into real-time AI-powered fraud insights

Fingerprint has announced the launch of its Model Context Protocol (MCP) Server, an open-source MCP implementation for the fraud prevention space. The...

Meta ditches end-to-end encrypted messaging on Instagram

End-to-end encrypted messaging on Instagram will no longer be supported after May 8, 2026. Meta justified the move by saying the feature was rarely us...

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unli...

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are abusing extension dependency relationships in the Open VSX registry to indirectly deliver malware in a new phase of the GlassWorm su...

Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk

Security researchers at Qualys have disclosed nine vulnerabilities in AppArmor, the Linux Security Module that ships enabled by default across Ubuntu,...

Free real estate: GoPix, the banking Trojan living off your memory

Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) ...

Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services

Android 17 will block non-accessibility apps from using the Accessibility API under Advanced Protection Mode to reduce malware abuse. Android 17 intro...

Washington is right: Cybercrime is organized crime. Now we need to shut down the business model

The executive order finally calls cyber-enabled fraud what it is: transnational organized crime. Now the U.S. has to act like it—and the private secto...

Attackers are exploiting AI faster than defenders can keep up, new report warns

Cybersecurity is entering “a new phase” as artificial intelligence tools have matured and given IT defenders significantly less time to respond to cyb...

The ransomware economy is shifting toward straight-up data extortion

Google’s research report on ransomware activity last year underscores how cybercrime is evolving and clouding a collective understanding of its full i...

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 G...

Models Are Applying to Be the Face of AI Scams

Dozens of Telegram channels reviewed by WIRED include job listings for “AI face models.” The (mostly) women who land these gigs are likely being used ...

Unprivileged users could exploit AppArmor bugs to gain root access

Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken con...

What it takes to win that CSO role

CSO and CISO roles are among the hardest to fill in IT. Which should be good news for cybersecurity professionals that aspire to leadership positions ...

ClickFix techniques evolve in new infostealer campaigns

Cybercriminals are combining compromised websites with increasingly sophisticated ClickFix social engineering lures to deliver new infostealer malware...

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessi...

GenAI-Security als Checkliste

Das Open Web Application Security Project (OWASP) gibt Unternehmen eine Checkliste für (mehr) GenAI-Sicherheit an die Hand. Foto: Gannvector | shutter...

ISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850, (Mon, Mar 16th)

Payload Ransomware claims the hack of Royal Bahrain Hospital

The Payload Ransomware group claims to have breached the Royal Bahrain Hospital (RBH), a leading healthcare facility in Bahrain. The Payload Ransomwar...

A Hacker Accidentally Broke Into the FBI’s Epstein Files

Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal a...

SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)

Introduction

Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos

The excitement around Cisco's latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked potential hazards.

The Data Gap: Why Nonprofit Cyber Incidents Go Underreported

Threat actors target nonprofits due to security gaps and highly coveted information, but a lack of sufficient data makes it difficult to grasp the ent...

Cyberattackers Don't Care About Good Causes

Sightline Security's founder and advisory board discuss how cybersecurity poses significant problems for nonprofits and suggest ways the industry can ...

Will AI Save Consumers From Smartphone-Based Phishing Attacks?

Sophisticated phishing attacks are bypassing on-device protections with troubling frequency, making it more critical than ever for users to protect th...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3909 ...

A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)

On Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite inte...

ISC Stormcast For Friday, March 13th, 2026 https://isc.sans.edu/podcastdetail/9848, (Fri, Mar 13th)

Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict

It’s been difficult early on to separate signal from noise, even if the attack on the medical device maker looks like a qualified success for the atta...

US Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access

A bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahe...

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics t...

Authorities takedown global proxy network SocksEscort

The botnet, which compromised routers and IoT devices in 163 countries, claimed about 369,000 victims and $5.8 million from its cybercriminal customer...

How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks

Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory st...

From transparency to action: What the latest Microsoft email security benchmark reveals

The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors. The post From t...

Detecting and analyzing prompt abuse in AI tools

Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a struct...

Siemens SIDIS Prime

View CSAF Summary SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages ...

Siemens RUGGEDCOM APE1808 Devices

View CSAF Summary Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Sieme...

Siemens SIMATIC

View CSAF Summary SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into impor...

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical te...

Meta Ramps Up Efforts to Disrupt Industrialized Scamming

Meta removed 10.9 million Facebook and Instagram accounts linked to “criminal scam centers” last year, the company announced on Wednesday.

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pre...

BeatBanker: A dual‑mode Android Trojan

Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable...

How AI Assistants are Moving the Security Goalposts

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any ...

Exploits and vulnerabilities in Q4 2025

This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use...

Mobile malware evolution in 2025

Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT...

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's lar...

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by ant...

Arkanix Stealer: a C++ & Python infostealer

Kaspersky researchers analyze a C++ and Python stealer dubbed "Arkanix Stealer", which was active for several months, targeted wide range of data, was...

Pon a prueba la calidad de tu conexión a Internet con Cloudflare

El equipo de Radar en Cloudflare acaba de incorporar el Test de Velocidad para tu conexión a Internet que puedes probar gratuitamente desde las herram...

Destapan una red global de fraude de inversión en Meta

Bitdefender, empresa global de ciberseguridad, ha publicado una nueva investigación que revela la existencia de una red global de fraude de inversión ...

La IA facilita hackear robots, pero una nueva IA de ciberseguridad cambia las reglas

Durante años, la industria de la robótica asumió algo sencillo: hackear robots era extremadamente difícil. Acceder a un dispositivo robótico requería ...

El Ayuntamiento de Galapagar impulsa su ciberseguridad con IA de Hornetsecurity

Hornetsecurity, empresa global en soluciones de ciberseguridad, anuncia que el Ayuntamiento de Galapagar ha apostado por su innovadora tecnología de i...

Alaniz Cipher: Un Cifrado Simétrico Quantum Resistant

En el mundo post-cuántico llevamos años hablando de siempre lo mismo: cifrados basados en retículas, en códigos, en funciones hash gordas y en esquema...

Trinetra: Datos y Conocimiento Sobre el uso de IPv6 en Organizaciones en España

Siempre me ha gustado el dicho de “Dato mata Relato” para entender con precisión el estado del arte y poder extraer conclusiones y acciones fructífera...

Fear of the Dark: Un pequeño estudio de medios y miedos

Con esta entrada, termino el resumen de lo que fue la charla de RootedCON Madrid 2026, aunque tal vez os dejaré en alguna entrada aparte más informaci...

El Grupo APT ToddyCat evoluciona con nuevos métodos para robar correos corporativos

El equipo de investigación de Kaspersky ha identificado una evolución significativa en las técnicas del grupo APT ToddyCat, que ha logrado acceder de ...

Ciberamenazas en la era de la IA: Los agentes autónomos amplificarán los riesgos internos

Pese a que el panorama de amenazas está más fragmentado, las amenazas internas siguen siendo una de las principales preocupaciones de los responsables...

¿Está bien permitir que tus hijos publiquen selfies en línea?

Cuando se trata de la vida digital de nuestros hijos, la prohibición rara vez funciona. Es nuestra responsabilidad ayudar a que construyan una relació...

Fear of the Dark: Deep Fakes, Fake News & Primal Fears

Una vez que vimos cómo funciona el Analizador de Retórica IA del que os hablé en el apartado anterior, la siguiente cosa que quisimos analizar fueron ...

Zombie ZIP: cómo una simple manipulación del header permite ocultar malware a los antivirus

Los archivos ZIP son uno de los formatos más utilizados para distribuir software, documentos y archivos comprimidos. Precisamente por su ubiquidad, ta...

Cursos para usar ChatGPT en ciberseguridad

ChatGPT es un aliado clave en ciberseguridad: usado estratégicamente, potencia tareas de defensa, análisis y hacking ético. Aquí encontrarás cursos pa...

Sednit recargado: un APT histórico reactiva su arsenal

La actividad reciente revela que Sednit ha retomado operaciones con nuevos implants y tácticas de espionaje de largo plazo.

Panorama infostealer: cambios globales y casos destacados en México y Brasil

El análisis retrospectivo de 2025 revela nuevas familias, mayor sofisticación y dos hitos regionales: la campaña masiva de Lumma Stealer en México y e...

Qué hace realmente la ciberseguridad por su negocio

La capacidad de seguir operando de manera segura en un entorno inseguro, donde sus competidores no pueden hacerlo, es una ventaja competitiva que rara...

Living off the Land 2.5: persistencia que vive dentro de contenedores y casi nadie está mirando

Cuando empecé a investigar intrusiones recientes en infraestructuras Linux modernas, hubo algo que empezó a repetirse: no era malware clásico, no eran...

Living off the Land 2.0 en Linux: Persistencia para pasar desapercibidos al SOC

Hay una regla no escrita en intrusiones modernas: El mejor malware es el que no parece malware. Pero hay una evolución aún más interesante q...

Heretic o cómo eliminar fácilmente la censura en un LLM

Los modelos de lenguaje actuales (los conocidos LLM, Large Language Models) se han convertido en piezas clave de muchas aplicaciones: asistentes, anál...

PentAGI: Automatización avanzada de penetration testing con agentes AI autónomos

En los últimos años, el pentesting ha evolucionado desde procesos manuales altamente especializados hacia flujos híbridos donde la automatización y la...

Las peores contraseñas de todos los tiempos

Las peores contraseñas de todos los tiempos Las peores contraseñas de todos los tiempos son aquellas que, por pereza o previsibilidad, se repiten mill...

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

Prueba de Penetración en Costa Rica

Prueba de Penetración en Costa Rica Prueba de Penetración en Costa Rica: Un Servicio Esencial para la Seguridad Empresarial Introducción En un mundo c...

Prueba de Penetración en Quito

Prueba de Penetración en Quito La Prueba de Penetración en Quito, también conocida como Pentesting, se ha convertido en una herramienta fundamental pa...

Prueba de Penetración en El Salvador

Prueba de Penetración en El Salvador En la era digital actual, la seguridad informática es un aspecto crucial para cualquier empresa. El Salvador, com...

Prueba de penetración en Barranquilla

Prueba de penetración en Barranquilla La prueba de penetración en Barranquilla es un proceso esencial para garantizar la seguridad informática en cual...

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

Chat Control: el plan europeo para escanear tus mensajes

La Unión Europea está en pleno debate sobre una de las propuestas más polémicas de los últimos años: el Reglamento para prevenir y combatir el abuso s...

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

OpenAI lanza cursos gratuitos sobre IA.

OpenAI ha lanzado su propia academia online gratuita con cursos para aprender inteligencia artificial. Desde productividad con ChatGPT hasta ética de ...

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

CodeStrike, el videojuego gratuito que te enseña Python mientras salvas el mundo

Aprender a programar puede ser entretenido, sobre todo si te conviertes en un héroe del futuro mientras lo haces. Esa es precisamente la propuesta de ...

La Comisión Europea investiga a TikTok en virtud de la Ley de Servicios Digitales

La Comisión Europea inicia procedimiento contra TikTok por posible infracción de la DSA, enfocándose en protección de menores, transparencia publicita...

El Garante dice que ChatGPT viola la normativa de la Unión Europea sobre protección de datos

La autoridad italiana de protección de datos ha notificado a OpenAI sobre una presunta infracción de ChatGPT en relación con el RGPD