AHQ-AGENCY Cybersecurity News

Noticias Destacadas

Latest News

Survey: Widespread Adoption of AI Hasn’t Yet Reduced Cybersecurity Burnout

A global survey of 1,813 IT and cybersecurity professionals finds that despite the rise of artificial intelligence (AI) and automation, cybersecurity ...

2026-02-11 - Security Boulevard

AWS penetration testing: Definition, Policy Tools, and process

Amazon Web Services (AWS) is a cloud-computing platform offered by Amazon, which provides cloud services such as computing power, storage, databases, ...

2026-02-11 - Security Boulevard

Your AI doctor doesn’t have to follow the same privacy rules as your real one

AI apps are making their way into healthcare. It’s not clear that rigorous data security or privacy practices will be part of the package. The post Yo...

2026-02-11 - CyberScoop

Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack

Officials said data will now be classified as one of four categories: “public,” “sensitive,” “confidential” or “restricted.” The post Nevada Unveils ...

2026-02-11 - SecurityWeek

Crazy ransomware gang abuses employee monitoring tool in attacks

A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistenc...

2026-02-11 - BleepingComputer

Volvo Group hit in massive Conduent data breach

A Conduent breach exposed data of nearly 17,000 Volvo Group North America employees as the total impact rises to 25 million people. A data breach at b...

2026-02-11 - Security Affairs

Police arrest seller of JokerOTP MFA passcode capturing tool

The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can...

2026-02-11 - BleepingComputer

Randall Munroe’s XKCD ’16 Part Epoxy’

via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ’16 Part Epoxy’ appeared f...

2026-02-11 - Security Boulevard

News alert: GitGuardian raises $50M to tackle non-human identities crisis, AI agent security gap

NEW YORK, Feb. 11, 2026, CyberNewswire — GitGuardian, a leading secrets and Non-Human Identity (NHI) security platform and #1 app on GitHub Marketplac...

2026-02-11 - Security Boulevard

Proactive strategies for cyber resilience with Wazuh

Cyber resilience means anticipating threats, detecting them early, and recovering fast when incidents occur. Wazuh shows how its open source SIEM and ...

2026-02-11 - BleepingComputer

Agentic AI Security Starter Kit: Where Autonomous Systems Fail and How to Defend Against It

4 min readMany teams are approaching agentic AI with a mixture of interest and unease. Senior leaders see clear potential for efficiency and scale. Bu...

2026-02-11 - Security Boulevard

LummaStealer infections surge after CastleLoader malware campaigns

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLo...

2026-02-11 - BleepingComputer

The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era

New guide details how a unified, AI ready SIEM platform empowers security leaders to operate at the speed of AI, strengthen resilience, accelerate det...

2026-02-11 - Microsoft Security Blog

North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms

Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware

2026-02-11 - Infosecurity Magazine

Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a dece...

2026-02-11 - Krebs on Security

Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells

A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability, the Sha...

2026-02-11 - Help Net Security

Webinar Today: Identity Under Attack – Strengthen Your Identity Defenses

Gain practical insights on balancing security, user experience, and operational efficiency while staying ahead of increasingly sophisticated threats. ...

2026-02-11 - SecurityWeek

Reynolds ransomware uses BYOVD to disable security before encryption

Researchers discovered Reynolds ransomware, which uses BYOVD technique to disable security tools and evade detection before encryption. Researchers fo...

2026-02-11 - Security Affairs

Microsoft begins Secure Boot certificate update for Windows devices

Microsoft has begun updating Secure Boot certificates originally issued in 2011 to ensure that Windows devices continue to verify boot software as old...

2026-02-11 - Help Net Security

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux ...

2026-02-11 - The Hacker News

CodeHunter expands behavioral intent analysis to secure the software supply chain

CodeHunter is expanding its behavioral intent technology beyond traditional malware analysis to address supply chain risk and security decision-making...

2026-02-11 - Help Net Security

AI Rising: Do We Know Enough About the Data Populating It?

Organizations remain reluctant to address the fact that AI can dangerously expose business operations as well as personal data.

2026-02-11 - Dark Reading

Kong launches Context Mesh to turn enterprise APIs into agent-ready tools

Kong has announced Kong Context Mesh, a product that automatically discovers enterprise APIs, transforms them into agent-consumable tools, and deploys...

2026-02-11 - Help Net Security

GitGuardian Raises $50 Million for Secrets and Non-Human Identity Security

The secrets security company has raised more than $100 million since its creation in 2017. The post GitGuardian Raises $50 Million for Secrets and Non...

2026-02-11 - SecurityWeek

Top Cyber Industry Defenses Spike CO2 Emissions

Organizations can improve their climate footprints by optimizing two specific cybersecurity protections, without incurring added risks.

2026-02-11 - Dark Reading

Conduent Breach Hits Volvo Group: Nearly 17,000 Employees’ Data Exposed

The Conduent data breach affects at least 25 million individuals, up from 10 million estimated a few months ago. The post Conduent Breach Hits Volvo ...

2026-02-11 - SecurityWeek

Zast.AI Raises $6 Million for AI-Powered Code Security

The startup relies on AI agents to identify software vulnerabilities and validate them before reporting. The post Zast.AI Raises $6 Million for AI-Pow...

2026-02-11 - SecurityWeek

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and s...

2026-02-11 - The Hacker News

GOP Congress moves to shape election law in Trump’s image

The MEGA Act and SAVE Act would dramatically transform U.S. election laws in a quest to curb election fraud. Audits and experts say improprieties are ...

2026-02-11 - CyberScoop

February 2026 Patch Tuesday includes six actively exploited zero-days

Microsoft’s February Patch Tuesday fixes 59 flaws—including six zero-days already under active attack. How bad are they?

2026-02-11 - Malwarebytes Labs

North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

A financially motivated threat actor tracked as UNC1609 is using a ClickFix-style social engineering campaign to deploy multiple macOS malware familie...

2026-02-11 - CSO Online

Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026

Microsoft has plugged 50+ security holes on February 2026 Patch Tuesday, including six zero-day vulnerabilities exploited by attackers in the wild. Th...

2026-02-11 - Help Net Security

US Court Hands Crypto Scammer 20 Years in $73m Case

A federal court has sentenced crypto-scammer Daren Li to 20 years in absentia

2026-02-11 - Infosecurity Magazine

FIRST Forecasts Record-Breaking 50,000+ CVEs in 2026

This year should break all the records in terms of vulnerability disclosed, reaching or even surpassing 50,000 new CVEs disclosed

2026-02-11 - Infosecurity Magazine

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWA...

2026-02-11 - The Hacker News

EU clears Google’s $32B Wiz acquisition, intensifying cloud security competition

Google has secured unconditional EU antitrust approval for its $32 billion acquisition of cloud security firm Wiz, clearing a major regulatory hurdle ...

2026-02-11 - CSO Online

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been ...

2026-02-11 - The Hacker News

Malwarebytes earns PCMag Best Tech Brand spot, scores 100% with MRG Effitas

Malwarebytes is not only one of PCMag's Best Tech Brands for 2026, it also scored 100% on the MRG Effitas consumer security product test.

2026-02-11 - Malwarebytes Labs

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communicatio...

2026-02-11 - The Hacker News

Microsoft Fixes Six Zero Day Vulnerability in February Patch Tuesday

Six actively exploited zero-day bug have been patched by Microsoft

2026-02-11 - Infosecurity Magazine

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

A new Linux botnet, SSHStalker, has infected about 7,000 systems using old 2009-era exploits, IRC bots, and mass-scanning malware. Flare researchers u...

2026-02-11 - Security Affairs

The hard part of purple teaming starts after detection

In my recent articles for CSO, I’ve talked about the limits of current SOC models and the importance of rehearsal. This time, I want to focus on somet...

2026-02-11 - CSO Online

U.S. CISA adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities ...

2026-02-11 - Security Affairs

CISOs must separate signal from noise as CVE volume soars

In 2026, the cybersecurity industry is expected to cross a threshold it has never reached before: More than 50,000 publicly disclosed software vulnera...

2026-02-11 - CSO Online

Vorgetäuschte PDFs bergen neue Gefahren

loading="lazy" width="400px">Cyberkriminelle verschicken ihre Malware als PDF-Dateien getarnt.IDG Der Security-Anbieter Malwarebytes hat kürzlich v...

2026-02-11 - CSO Online

Microsoft releases Windows 11 26H1 for select and upcoming CPUs

Microsoft has announced Windows 11 26H1, but it's not for existing PCs. Instead, it will ship on devices with Snapdragon X2 processors and possibly ot...

2026-02-11 - BleepingComputer

Asia Fumbles With Throttling Back Telnet Traffic in Region

Only Taiwan made the top 10 list of governments, effectively blocking the threat-ridden protocol, but overall, the region lagged in curbing Telnet tra...

2026-02-11 - Dark Reading

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updat...

2026-02-10 - Security Affairs

SolarWinds WHD Attacks Highlight Risks of Exposed Apps

Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers.

2026-02-10 - Dark Reading

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopp...

2026-02-10 - Krebs on Security

In Bypassing MFA, ZeroDayRAT Is 'Textbook Stalkerware'

With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover or targeted social engineer...

2026-02-10 - Dark Reading

Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday...

2026-02-10 - CyberScoop

80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier

Read Microsoft's new Cyber Pulse report for straightforward, practical insights and guidance on new cybersecurity risks. The post 80% of Fortune 500 u...

2026-02-10 - Microsoft Security Blog

Phorpiex Phishing Delivers Low-Noise Global Group Ransomware

High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files

2026-02-10 - Infosecurity Magazine

After major Poland energy grid cyberattack, CISA issues warning to U.S. audience

The Cybersecurity and Infrastructure Security Agency said the attack highlighted threats from vulnerable edge devices to operational technology and in...

2026-02-10 - CyberScoop

Discord will limit profiles to teen-appropriate mode until you verify your age

Discord will make all profiles teen-appropriate by default until you prove you’re an adult. What you’d “miss” may not be all that terrible.

2026-02-10 - Malwarebytes Labs

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

That helpful “Summarize with AI” button? It might be secretly manipulating what your AI recommends. Microsoft security research...

2026-02-10 - Microsoft Security Blog

How safe are kids using social media? We did the groundwork

Our research found that mainstream platforms often protect children well—until curiosity or the wrong settings get in the way.

2026-02-10 - Malwarebytes Labs

Man tricked hundreds of women into handing over Snapchat security codes

Hacked Snapchat accounts and secret filming with smart glasses, this week served two reminders of how women’s privacy is still being violated.

2026-02-10 - Malwarebytes Labs

Critics warn America’s ‘move fast’ AI strategy could cost it the global market

As the U.S. promises a light-touch approach to AI regulation, businesses and other stakeholders must work out the rules of the road for themselves. Th...

2026-02-10 - CyberScoop

A one-prompt attack that breaks LLM safety alignment

As LLMs and diffusion models power more applications, their safety alignment becomes critical. The post A one-prompt attack that breaks LLM safety ali...

2026-02-09 - Microsoft Security Blog

Analysis of active exploitation of SolarWinds Web Help Desk

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch,...

2026-02-07 - Microsoft Security Blog

Please Don’t Feed the Scattered Lapsus ShinyHunters

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from vic...

2026-02-02 - Krebs on Security

Who Operates the Badbox 2.0 Botnet?

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicati...

2026-01-26 - Krebs on Security

Kimwolf Botnet Lurking in Corporate, Govt. Networks

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distribut...

2026-01-20 - Krebs on Security

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

2022-08-31 - Threatpost

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

2022-08-30 - Threatpost

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

2022-08-29 - Threatpost

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

2022-08-26 - Threatpost

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

2022-08-25 - Threatpost

Noticias en Español

CISA advierte sobre seis nuevos 0-Day críticos en Microsoft tras explotación activa

Seis nuevas vulnerabilidades 0-Day en productos Microsoft han sido añadidas al catálogo KEV de CISA tras pruebas de explotación activa. Esta alerta, d...

2026-02-11 - Una al Día

Cloudflare for Startups: Hasta 250.000 USD en servicios para tu proyecto

No sé si lo conocéis, pero aprovecho hoy para dejaros información del programa de Cloudflare for Startups, que te ayuda para que construyas sobre la p...

2026-02-11 - El Lado del Mal

Spear-phishing y exploits, el cóctel que compromete servidores y bases de datos

Una campaña reciente evidencia cómo el spear-phishing combinado con software vulnerable permite acceder y controlar elementos críticos de la infraestr...

2026-02-10 - Una al Día

Cómo asegurar con WARP & One Agent tu conexión a Internet usando Post Quantum Cryptography para evitar ataques o bloqueos de webs

Los usuarios tenemos derecho de conectarnos libremente a Internet y de hacerlo con seguridad. Este es uno de los motivos por lo que Cloudflare creó el...

2026-02-10 - El Lado del Mal

Crónica de #hc0n2026, la sexta Con de Hackplayers

h-c0n 2026 volvió y lo hizo para ser lo que siempre ha sido: un punto de encuentro real para gente que quiere entender cómo funcionan las cosas, inclu...

2026-02-09 - Hackplayers

OpenClaw integra el escaneo de VirusTotal para detectar skills maliciosas en ClawHub

OpenClaw, el popular asistente de IA de código abierto (anteriormente conocido como Moltbot y Clawdbot), ha anunciado una alianza con VirusTotal para ...

2026-02-09 - Una al Día

Me hackearon la cuenta: ¿qué hacer en los primeros 15 minutos?

Cuando una de nuestras cuentas es vulnerada, saber qué hacer de manera rápida es vital para mitigar el impacto. Conoce las acciones clave para que un ...

2026-02-09 - WeLiveSecurity

LLM-Guardian: Sistema Multi-Agente de Defensa LLM con Red Team Adversarial Inteligente

Hace unos días me hice una pregunta que parecía sencilla tras leer el artículo de Chema Alonso ‘ChatGPT: Safety Policies Jailbreaks, Guardarraíles y B...

2026-02-09 - El Lado del Mal

TechArena en Stockholm, Immerse en Madrid, Readem en Lisboa para Febrero

Este mes de Febrero, después de pasar por Austria la semana pasada, me lleva la semana que viene al TechArena el día 11 y 12 de Febrero en Stockholm, ...

2026-02-08 - El Lado del Mal

Vienna Airport hace la vida más fácil a los viajeros con "Grab This Display QRCode"

Hace unos meses os hablaba de que no entendía por qué los aeropuertos, o cualquier servicio que exige esperar un dato en un lugar físico, como la puer...

2026-02-07 - El Lado del Mal

Niños, niñas y chatbots: riesgos principales a los que prestar atención

A medida que los niños recurren a los chatbots de inteligencia artificial en busca de respuestas, consejos y compañía, surgen preguntas sobre su segur...

2026-02-06 - WeLiveSecurity

Exposición masiva de datos en clúster de Elasticsearch en China

Recientemente, se descubrió una brecha de datos significativa en un clúster no seguro de Elasticsearch, exponiendo la asombrosa cifra de 8.7 mil ...

2026-02-06 - Una al Día

Evasión de la autenticación en InetUtils telnetd

Recientemente se ha descubierto una vulnerabilidad de alta criticidad en el paquete GNU Inetutils, que es una colección de herramientas de red y está ...

2026-02-05 - Una al Día

Robo de credenciales: métodos más frecuentes y recomendaciones para reducir el riesgo

El compromiso de contraseñas sigue siendo un problema recurrente en Latinoamérica, impulsado por técnicas de ingeniería social, malware especializado ...

2026-02-04 - WeLiveSecurity

OpenClaw (antes Clawdbot y Moltbot): qué es el asistente de IA que automatiza tu PC y cuáles son sus riesgos de seguridad

OpenClaw, antes Clawdbot y Moltbot, automatiza tareas mediante IA local. Su popularidad crece, pero también las dudas: repasamos los principales riesg...

2026-02-03 - WeLiveSecurity

DynoWiper: actualización, análisis técnico y atribución

Los investigadores de ESET presentan detalles técnicos sobre un reciente incidente de destrucción de datos que afectó a una empresa del sector energét...

2026-01-30 - WeLiveSecurity

Cinco libros imprescindibles sobre Inteligencia Artificial y Ciberseguridad para aspirantes a hackers éticos

La inteligencia artificial (IA) ya no es solo una moda técnica: es una herramienta clave tanto para defender como para atacar en el terreno de la cibe...

2026-01-24 - Hackplayers

VoxCPM: cuando el TTS deja de sonar a TTS

Durante años hemos aceptado una idea casi como dogma en text-to-speech: para generar audio hay que discretizarlo. Da igual si hablamos de unidades fon...

2026-01-18 - Hackplayers

NoDPI: cuando “engañar” a la inspección profunda de paquetes se vuelve un arte

No todas las herramientas de evasión y network tampering tienen nombres pegadizos como Obfsproxy o Shadowsocks. A veces basta con un acrónimo directo ...

2026-01-17 - Hackplayers

Lab para jugar con servidores MCP vulnerables

El Model Context Protocol (MCP) es un estándar de protocolo diseñado para permitir que modelos de IA (LLMs) interactúen con herramientas, datos y serv...

2026-01-09 - Hackplayers

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

2025-10-27 - Flu Project

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

2025-10-13 - Flu Project

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

2025-10-06 - Flu Project

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

2025-09-29 - Flu Project

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

2025-09-15 - Flu Project

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

2025-07-01 - BlogThinkBig

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

2025-06-17 - BlogThinkBig

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

2025-06-13 - BlogThinkBig

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

2025-06-12 - BlogThinkBig

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

2025-06-06 - BlogThinkBig