Cybersecurity News - Noticias de Ciberseguridad

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection ...

CISA tells agencies to stop using unsupported edge devices

A binding operational directive issued Thursday looks to combat an attack pathway that has been behind some of the biggest attacks and most common exp...

Microsoft to shut down Exchange Online EWS in April 2027

Microsoft announced today that the Exchange Web Services (EWS) API for Exchange Online will be shut down in April 2027, after nearly 20 years. [...]

Threat Group Running Espionage Operations Against Dozens of Governments

Unit 42 researchers say an Asian threat group behind what they call the Shadow Campaigns has targeted government agencies in 37 countries in a wide-ra...

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits pe...

Italian university La Sapienza goes offline after cyberattack

Rome's "La Sapienza" university has been targeted by a cyberattack that impacted its IT systems and caused widespread operational disruptions at the e...

The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD

Most security incidents happen in the gap between knowing what matters and actually implementing security controls consistently. Read how Microsoft is...

Orchid Security Adds Ability to Audit Behaviors by Identity

Orchid Security today added an ability to conduct audits to its platform that enables cybersecurity teams to track behaviors of specific identities. C...

Alleged 764 member arrested, charged with CSAM possession in New York

Authorities have arrested multiple members of 764 during the past year, reflecting heightened law enforcement activity targeting the violent extremist...

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulner...

OpenAI Frontier organizes AI agents under one system

OpenAI introduced Frontier, a platform designed to organize AI agents that perform business tasks within internal systems and workflows. The platform ...

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Italy stopped Russian-linked cyberattacks targeting Foreign Ministry offices and Winter Olympics websites and hotels, Foreign Minister Tajani said. It...

Romanian oil pipeline operator Conpet discloses cyberattack

Conpet, Romania's national oil pipeline operator, has disclosed that a cyberattack disrupted its business systems and took down the company's website ...

Substack Discloses Security Incident After Hacker Leaks Data

The hacker claims to have stolen nearly 700,000 Substack user records, including email addresses and phone numbers. The post Substack Discloses Securi...

When cloud logs fall short, the network tells the truth

Cloud logs can be inconsistent or incomplete, creating blind spots as environments scale and change. Corelight shows how network-level telemetry provi...

Malicious Commands in GitHub Codespaces Enable RCE

Flaws in GitHub Codespaces allow RCE via crafted repositories or pull requests

Operant AI’s Agent Protector Aims to Secure Rising Tide of Autonomous AI

As the enterprise world shifts from chatbots to autonomous systems, Operant AI on Thursday launched Agent Protector, a real-time security solution des...

Cyber Success Trifecta: Education, Certifications & Experience

Colonel Georgeo Xavier Pulikkathara, CISO at iMerit discusses the importance of fundamentals, continuous learning, and human ingenuity in the face of ...

Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign

Criminals are using AI to clone professional websites at an industrial scale. A new report shows how one AI-powered network grew to 150+ domains by hi...

Open the wrong “PDF” and attackers gain remote access to your PC

The DEAD#VAX campaign tricks users into installing AsyncRAT by disguising a virtual hard disk as a PDF attachment.

VS Code Configs Expose GitHub Codespaces to Attacks

VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request. The post VS Code Con...

Smartphones Now Involved in Nearly Every Police Investigation

Cellebrite data confirms digital evidence is now central to almost all cases

Nullify Secures $12.5 Million in Seed Funding for Cybersecurity AI Workforce

This latest infusion, led by SYN Ventures, brings the company’s total funding to $16.9 million. The post Nullify Secures $12.5 Million in Seed Funding...

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers ...

Newsletter platform Substack notifies users of data breach

Newsletter platform Substack is notifying users of a data breach after attackers stole their email addresses and phone numbers in October 2025. [...]

Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says

Italy has foiled a series of cyberattacks targeting some of its foreign ministry offices, including one in Washington. The post Italy Averted Russian-...

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

In a recent incident, attackers abused a legitimate but vulnerable Windows kernel driver to shut down endpoint security tools during an ongoing incide...

Why a decade-old EnCase driver still works as an EDR killer

Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once s...

International sting dismantles illegal streaming empire serving millions

Actions by authorities from Italy, Romania, Spain, the United Kingdom, Canada, Kosovo and South Korea, supported by Eurojust and Europol, led to the s...

New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability

Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation

Ransomware-Attacke auf Buhlmann Group

Die Buhlmann Group wurde von einer Ransomware-Bande angegriffen. Der Hauptsitz in Deutschland ist jedoch verschont geblieben.Buhlmann Group Akira z...

The Buyer’s Guide to AI Usage Control

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, an...

Flock cameras shared license plate data without permission

A California city pulled the plug on its entire ALPR system when it found Flock had shared data with hundreds of agencies without permission.

Asset Intelligence as Context Engineering for Cybersecurity Operations

Action depends on truth. Truth is hard to come by. There’s an old trope: “You can’t protect what you can’t see.” This burning need for total visibilit...

The silent security gap in enterprise AI adoption

Most security leaders believe they know where their sensitive data lives and how it is protected. That confidence is increasingly misplaced. As ent...

Why boards should be obsessed with their most ‘boring’ systems

Following a series of high-profile cyberattacks, boards of directors are now requiring their organizations to take greater responsibility for the risk...

GitHub enables multi-agent AI coding inside repository workflows

GitHub has expanded Agents HQ, enabling AI coding agents such as GitHub Copilot, Claude by Anthropic, and OpenAI Codex to execute development tasks di...

The Compliance Convergence Challenge: Permission Sprawl and AI Regulations in Hybrid Environments

Permission sprawl is colliding with AI regulations, creating new compliance risks across hybrid and multi-cloud environments. The post The Compliance ...

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readie...

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-...

AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+

Pindrop warns of 1210% increase in AI-powered fraud last year

Microsoft develops a new scanner to detect hidden backdoors in LLMs

Microsoft has developed a scanner designed to detect backdoors in open-weight AI models, addressing a critical blind spot for enterprises increasingly...

Im Fokus: Emerging Technologies

Protests Don't Impede Iranian Spying on Expats, Syrians, Israelis

Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering.

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the...

Ransomware Gang Goes Full 'Godfather' With Cartel

DragonForce is taking cues from organized crime, emphasizing cooperation and coordination among ransomware gangs.

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

Ransomware groups now exploit VMware ESXi vulnerability CVE-2025-22225, patched by Broadcom in March 2025. The U.S. Cybersecurity and Infrastructure S...

CISA Makes Unpublicized Ransomware Updates to KEV Catalog

A third of the "flipped" CVEs affected network edge devices, leading one researcher to conclude, "Ransomware operators are building pla...

Attackers Use Windows Screensavers to Drop Malware, RMM Tools

By tapping the unusual .scr file type, attackers leverage "executables that don't always receive executable-level controls," one researcher ...

Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring

A Taiwanese man was sentenced to 30 years for running Incognito Market, a major darknet drug site that sold over $105 million in illegal drugs. Rui-Si...

Detecting backdoored language models at scale

We're releasing new research on detecting backdoors in open-weight language models and highlighting a practical scanner designed to detect backdoored ...

Global SystemBC Botnet Found Active Across 10,000 Infected Systems

SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure

Paris raid on X focuses on child abuse material allegations

French prosecutors raided X offices in Paris over illegal content; Elon Musk and CEO summoned for voluntary interviews in April. French prosecutors, w...

Grok continues producing sexualized images after promised fixes

Journalists retested Grok and found it still generates offensive images even when told the subjects were vulnerable, non-consenting people.

Firefox is giving users the AI off switch

Mozilla and other companies are starting to see why giving users a choice over AI features matters.

Cantwell claims telecoms blocked release of Salt Typhoon report 

Senator Maria Cantwell, D-Wash., wants hearings to force AT&T and Verizon to disclose how they’ve responded to the hacks to protect telecom networ...

What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing

Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC. The post What’s next for DHS’s forthcoming replacem...

Microsoft SDL: Evolving security practices for an AI-powered world

Discover Microsoft’s holistic SDL for AI combining policy, research, and enablement to help leaders secure AI systems against evolving cyberthreats. T...

An AI plush toy exposed thousands of private chats with children

Around 50,000 chat transcripts between children and Bondu’s AI dinosaur plushie were accessible to anyone with a Google account.

Infostealers without borders: macOS, Python stealers, and platform abuse

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to distribute credential‑steal...

Kimwolf Botnet Lurking in Corporate, Govt. Networks

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distribut...

Patch Tuesday, January 2026 Edition

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulne...

Who Benefited from the Aisuru and Kimwolf Botnets?

Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising...

The Kimwolf Botnet is Stalking Your Local Network

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been ...

Happy 16th Birthday, KrebsOnSecurity.com!

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics ali...

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Evasión de la autenticación en InetUtils telnetd

Recientemente se ha descubierto una vulnerabilidad de alta criticidad en el paquete GNU Inetutils, que es una colección de herramientas de red y está ...

Predicciones sobre la Identidad para 2026

El mundo de la seguridad de la identidad está en constante evolución. Lo que antes era una cuestión sencilla de nombres de usuario y contraseñas ...

Actualización urgente de Django: corrige tres inyecciones SQL críticas y riesgos de denegación de servicio (DoS)

Los responsables del popular framework web de Python, Django, han publicado una actualización de seguridad urgente para solucionar un conjunto de ...

El Jailbreak del Juego de Rol en DeepSeek para ser un Killer

Como os dije en el artículo "ChatGPT: Safety Policies, Jailbreaks, Guardarraíles y Bug Bounties" de hace tres de días, estuve haciendo pruebas con&nbs...

Robo de credenciales: métodos más frecuentes y recomendaciones para reducir el riesgo

El compromiso de contraseñas sigue siendo un problema recurrente en Latinoamérica, impulsado por técnicas de ingeniería social, malware especializado ...

Exploit activo de Metro4Shell: servidores de desarrollo comprometidos vía RCE en React Native

Desarrolladores y equipos DevOps deben extremar las precauciones. El Metro Development Server de React Native está siendo activamente explotado a trav...

La NSA publica directrices de implementación de Zero-Trust

La Agencia de Seguridad Nacional de EE.UU. (NSA) ha publicado un nuevo conjunto de Directrices de Implementación de Confianza Cero (Zero Trust Imp...

Cat Attack & Knowledge Return Oriented Prompting en Gemini Nano Banana para tener a Freddie Mercury

Como os dije en el artículo "ChatGPT: Safety Policies, Jailbreaks, Guardarraíles y Bug Bounties" de hace un par de días, estuve haciendo pruebas con C...

Vulnerabilidades, errores y ataques varios a la (porquería) de OpenClaw (ex Clawdbot / Moltbot)

Se han revelado distintas fallas de seguridad de alta gravedad en OpenClaw (anteriormente Clawdbot y Moltbot) que podría permitir la ejecución rem...

OpenClaw (antes Clawdbot y Moltbot): qué es el asistente de IA que automatiza tu PC y cuáles son sus riesgos de seguridad

OpenClaw, antes Clawdbot y Moltbot, automatiza tareas mediante IA local. Su popularidad crece, pero también las dudas: repasamos los principales riesg...

Notepad++ "secuestrado" por actores patrocinados por el Estado

Atacantes estatales interceptaron el tráfico de actualización de Notepad++ a través de una brecha de seguridad del proveedor de alojamiento, redir...

Detectada campaña en Windows que combina Pulsar RAT y Stealerv37 con interacción en tiempo real

Se ha detectado recientemente una campaña de malware para Windows que rompe con el esquema tradicional de «infección silenciosa». Se trata de un ataqu...

Quantum GPS: Navegación con GPS cuánticos para evitar ataques de Jamming & Spoofing

Todos damos por hecho el punto azul en el mapa de nuestro móvil. Desde pedir un taxi hasta guiar un misil, la civilización en nuestro tiempo ha delega...

Vulnerabilidad crítica de bypass de autenticación en Fortinet FortiCloud SSO

El CVE-2026-24858 es una vulnerabilidad de bypass de autenticación (SSO) en múltiples productos de Fortinet. Un atacante remoto sin credenciales puede...

ChatGPT: Safety Policies, Jailbreaks, Guardarraíles y Bug Bounties

Dentro de los problemas de ciberseguridad de los LLMs se encuentra, como uno de los cuatro grandes, la técnica de Jailbreak, o lo que es lo mismo, est...

Cyphering Prompts & Answers para evadir Guardarraíles

Los guardarraíles de los servicios digitales basados en MM-LLMs buscan proteger al modelo LLM de todos los Prompts Maliciosos que puedan llegar, todas...

DynoWiper: actualización, análisis técnico y atribución

Los investigadores de ESET presentan detalles técnicos sobre un reciente incidente de destrucción de datos que afectó a una empresa del sector energét...

Un ciberataque masivo sacude al sector financiero tras una brecha en MySonicWall

Marquis Software Solutions, proveedor estadounidense de servicios tecnológicos para el sector financiero, ha sido víctima de un grave ataque de ransom...

¿Cómo utilizan los grupos de ransomware los data leak sites como herramienta de presión?

Conoce cómo los data leak sites encajan en el ecosistema de los grupos de ransomware.

¿Es realmente amor? Una campaña de espionaje utiliza una aplicación de citas falsa como señuelo

Investigadores de ESET descubrieron una campaña de spyware para Android que apunta a usuarios en Pakistán y forma parte de una operación de espionaje ...

Cinco libros imprescindibles sobre Inteligencia Artificial y Ciberseguridad para aspirantes a hackers éticos

La inteligencia artificial (IA) ya no es solo una moda técnica: es una herramienta clave tanto para defender como para atacar en el terreno de la cibe...

VoxCPM: cuando el TTS deja de sonar a TTS

Durante años hemos aceptado una idea casi como dogma en text-to-speech: para generar audio hay que discretizarlo. Da igual si hablamos de unidades fon...

NoDPI: cuando “engañar” a la inspección profunda de paquetes se vuelve un arte

No todas las herramientas de evasión y network tampering tienen nombres pegadizos como Obfsproxy o Shadowsocks. A veces basta con un acrónimo directo ...

Lab para jugar con servidores MCP vulnerables

El Model Context Protocol (MCP) es un estándar de protocolo diseñado para permitir que modelos de IA (LLMs) interactúen con herramientas, datos y serv...

40 años del Manifiesto Hacker: un clásico que aún late en la cultura digital

Hoy se cumplen 40 años desde que un pequeño texto publicado en la ezine Phrack encendió una chispa que sigue viva en toda la comunidad tecnológica. El...

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...