Cybersecurity News - Noticias de Ciberseguridad

Latest News

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates...

2026-03-13 - The Hacker News

Federated Governance for AI Identities: Closing the 92% Visibility Gap

Identity is still the only control surface security truly owns—but AI has quietly punched a 92%‑wide hole straight through it. The 92% blind spot AI q...

2026-03-13 - Security Boulevard

Poland's nuclear research centre targeted by cyberattack

Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causi...

2026-03-13 - BleepingComputer

Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026

Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are...

2026-03-13 - The Hacker News

Randall Munroe’s XKCD ‘Installation’

via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Installation’ appeared fi...

2026-03-13 - Security Boulevard

Microsoft investigates classic Outlook sync and connection issues

Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. [...]

2026-03-13 - BleepingComputer

Mapping the Unknown: Introducing Pius for Organizational Asset Discovery

Asset discovery is an essential part of Praetorian’s service delivery process. When we are engaged to carry out continuous external penetration testin...

2026-03-13 - Security Boulevard

Cyber criminals too are working from home… your home

The FBI is so concerned about the threat of residential proxy attacks and the dangers posed by cyber criminals using the technique that it has posted ...

2026-03-13 - CSO Online

Interpol's 'Operation Synergia III' Nets 94 Arrests in Major Cybercrime Sweep

A new law enforcement operation against phishing and ransomware operators led to the takedown of 45,000 malicious IP addresses

2026-03-13 - Infosecurity Magazine

Will AI Save Consumers From Smartphone-Based Phishing Attacks?

Sophisticated phishing attacks are bypassing on-device protections with troubling frequency, making it more critical than ever for users to protect th...

2026-03-13 - Dark Reading

Watch out for fake Malwarebytes renewal notices in your calendar

Scammers are sending fake calendar “renewal” notices impersonating Malwarebytes to trick victims into calling a fake billing number. The post Watch ou...

2026-03-13 - Security Boulevard

Starbucks Data Breach Impacts Employees

Starbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds. The post Starbucks Data Breach Impacts Employe...

2026-03-13 - SecurityWeek

INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime

INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campa...

2026-03-13 - The Hacker News

US and European authorities disrupt socksEscort proxy service tied to AVrecon botnet

Authorities in the US and Europe disrupted the SocksEscort proxy service, which used the AVrecon botnet and infected about 360,000 devices since 2020....

2026-03-13 - Security Affairs

Cyber Resilience Act AI Automated Verification

Ensure EU Cyber Resilience Act compliance without slowing down AI-assisted development. Use SonarQube for automated AI code verification, SAST & S...

2026-03-13 - Security Boulevard

In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown

Other noteworthy stories that might have slipped under the radar: Telus Digital data breach, vulnerabilities in Linux AppArmor allow root privileges, ...

2026-03-13 - SecurityWeek

From VMware to what’s next: Protecting data during hypervisor migration

Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platfor...

2026-03-13 - BleepingComputer

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engi...

2026-03-13 - The Hacker News

Police sinkholes 45,000 IP addresses in cybercrime crackdown

An international law enforcement action codenamed "Operation Synergia III" has sinkholed tens of thousands of IP addresses and seized servers linked t...

2026-03-13 - BleepingComputer

Investigating a New Click-Fix Variant

Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense ca...

2026-03-13 - The Hacker News

Fake enterprise VPN sites used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsusp...

2026-03-13 - BleepingComputer

Most Google Cloud Attacks Start With Bug Exploitation

Forget stolen credentials and misconfigurations; AI means vulnerability exploits that beat patching cycles are the top cause of compromises in the clo...

2026-03-13 - Dark Reading

Real-Time Banking Trojan Strikes Brazil's Pix Users

The latest banking Trojan campaign to hit Brazil combines classic malware with a real-time human operator, waiting for the perfect moment to strike.

2026-03-13 - Dark Reading

Accertify’s Attack State targets credential stuffing and ATO attacks

Accertify has announced the launch of Attack State, a new capability in its Account Protection solution designed to help organizations detect and resp...

2026-03-13 - Help Net Security

Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War

Pro-Iranian hackers are targeting sites in the Middle East and starting to stretch into the United States during the war, raising the risk of American...

2026-03-13 - SecurityWeek

EU Parliament backs extension of CSAM detection rules until 2027

The European Parliament has voted to extend a temporary exemption to EU privacy legislation that allows online platforms to voluntarily detect child s...

2026-03-13 - Help Net Security

Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication

Backup vendor Veeam has released security updates to patch multiple vulnerabilities in its widely used Backup and Replication platform, including thre...

2026-03-13 - CSO Online

Bold Security Emerges From Stealth With $40 Million in Funding

The startup relies on AI to turn devices into active agents that understand users’ actions and provide protection in real time. The post Bold Security...

2026-03-13 - SecurityWeek

AI-assisted Slopoly malware powers Hive0163’s ransomware campaigns

The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that th...

2026-03-13 - Security Affairs

Google Paid Out $17 Million in Bug Bounty Rewards in 2025

Google paid over $3.7 million for Chrome vulnerabilities, and more than $3.5 million for cloud security defects. The post Google Paid Out $17 Million ...

2026-03-13 - SecurityWeek

Google fixed two new actively exploited flaws in the Chrome browser

Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security...

2026-03-13 - Security Affairs

Law Enforcement Dismantles SocksEscort Proxy Network in Operation Lightning

Operation Lightning sees international law enforcement partners shut down ‘SocksEscort,’ a major malicious proxy service used by cybercriminals worldw...

2026-03-13 - Infosecurity Magazine

Authorities dismantle SocksEscort proxy network behind millions in fraud

SocksEscort, a residential proxy network used to exploit thousands of compromised home routers worldwide and facilitate large-scale fraud that cost vi...

2026-03-13 - Help Net Security

Beyond File Servers: Securing Unstructured Data in the Era of AI

File servers still exist for legacy storage and governance, but most modern workflows now happen in collaboration tools, code platforms, chats, and AI...

2026-03-13 - Security Affairs

Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind

I used to think hybrid incidents would get easier once we standardized on “one tool”: one monitoring platform, one ticketing system, one on-call proce...

2026-03-13 - CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Microsoft has warned enterprises that cybercriminal group Storm-2561 is hijacking search engine results to serve trojanized VPN clients, stealing corp...

2026-03-13 - CSO Online

BioCatch DeviceIQ helps banks spot risky devices before login

BioCatch has announced the launch of DeviceIQ, a comprehensive new device identification and intelligence product that transforms how financial instit...

2026-03-13 - Help Net Security

Red Access firewall-native SSE adds GenAI security and browser protection to existing firewalls

Red Access has announced firewall-native SSE, an agentless cloud layer that instantly upgrades any existing firewall with Security Service Edge (SSE),...

2026-03-13 - Help Net Security

The cyber perimeter was never dead. We just abandoned it.

Industry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported ha...

2026-03-13 - CSO Online

Iran MOIS Colludes With Criminals to Boost Cyberattacks

Iranian APTs have long pretended to be cybercriminal groups. Now they're working with actual cybercriminal groups.

2026-03-12 - Dark Reading

Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict

It’s been difficult early on to separate signal from noise, even if the attack on the medical device maker looks like a qualified success for the atta...

2026-03-12 - CyberScoop

Commercial Spyware Opponents Fear US Policy Shifting

Rescinded sanctions and reactivated contracts have created confusion about the Trump administration's spyware policy and where it draws the line.

2026-03-12 - Dark Reading

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics t...

2026-03-12 - Microsoft Security Blog

Authorities takedown global proxy network SocksEscort

The botnet, which compromised routers and IoT devices in 163 countries, claimed about 369,000 victims and $5.8 million from its cybercriminal customer...

2026-03-12 - CyberScoop

From transparency to action: What the latest Microsoft email security benchmark reveals

The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors. The post From t...

2026-03-12 - Microsoft Security Blog

PixRevolution Malware Hijacks Brazil's PIX Transfers in Real Time

PixRevolution Android trojan hijacks Brazil’s PIX payments in real time using accessibility abuse

2026-03-12 - Infosecurity Magazine

Apple issues emergency fixes for Coruna flaws in older iOS versions

Apple released iOS 16.7.15 and 15.8.7 updates for older iPhones and iPads to patch vulnerabilities linked to the Coruna exploits. Apple has released s...

2026-03-12 - Security Affairs

Critical Zero-Click Flaw in n8n Allows Full Server Compromise

The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited

2026-03-12 - Infosecurity Magazine

Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules

Cyber officials lamented Wednesday that its a challenge to make the wider population appreciate the gravity of the threat the hacking group presents. ...

2026-03-12 - CyberScoop

Detecting and analyzing prompt abuse in AI tools

Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a struct...

2026-03-12 - Microsoft Security Blog

Feds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million

Angelo Martino is accused of playing both sides — committing attacks and conducting ransomware negotiations on some of the same cases on behalf of his...

2026-03-12 - CyberScoop

CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws

CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks

2026-03-12 - Infosecurity Magazine

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and d...

2026-03-11 - Microsoft Security Blog

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical te...

2026-03-11 - Krebs on Security

Salesforce issues new security alert tied to third customer attack spree in six months

Researchers said the threat group behind the campaign is associated with ShinyHunters, an outfit that’s previously stolen data from Salesforce instanc...

2026-03-11 - CyberScoop

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pre...

2026-03-11 - Krebs on Security

Secure agentic AI for your Frontier Transformation

Learn how Microsoft Agent 365 and Microsoft 365 E7 can help secure your Frontier Transformation. The post Secure agentic AI for your Frontier Transfor...

2026-03-09 - Microsoft Security Blog

How AI Assistants are Moving the Security Goalposts

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any ...

2026-03-08 - Krebs on Security

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's lar...

2026-02-28 - Krebs on Security

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by ant...

2026-02-20 - Krebs on Security

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

2022-08-31 - Threatpost

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

2022-08-30 - Threatpost

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

2022-08-29 - Threatpost

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

2022-08-26 - Threatpost

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

2022-08-25 - Threatpost

Noticias en Español

Cada vez más empresas pagan rescates tras ciberataques impulsados por IA

Cada vez más empresas están pagando rescates a ciberdelincuentes después de sufrir ciberataques, ya que los atacantes están utilizando inteligencia ar...

2026-03-13 - Segu-Info

Fear of the Dark: Un pequeño estudio de medios y miedos

Con esta entrada, termino el resumen de lo que fue la charla de RootedCON Madrid 2026, aunque tal vez os dejaré en alguna entrada aparte más informaci...

2026-03-13 - El Lado del Mal

¿Está bien permitir que tus hijos publiquen selfies en línea?

Cuando se trata de la vida digital de nuestros hijos, la prohibición rara vez funciona. Es nuestra responsabilidad ayudar a que construyan una relació...

2026-03-12 - WeLiveSecurity

La nueva vigencia de los certificados SSL/TLS exige automatización y gobernanza

Los administradores de certificados digitales enfrentan un cambio estructural: el CA/Browser Forum, mediante el ballot SC095v3, ha aprobado modificaci...

2026-03-12 - Segu-Info

Fear of the Dark: Deep Fakes, Fake News & Primal Fears

Una vez que vimos cómo funciona el Analizador de Retórica IA del que os hablé en el apartado anterior, la siguiente cosa que quisimos analizar fueron ...

2026-03-12 - El Lado del Mal

Zombie ZIP: cómo una simple manipulación del header permite ocultar malware a los antivirus

Los archivos ZIP son uno de los formatos más utilizados para distribuir software, documentos y archivos comprimidos. Precisamente por su ubiquidad, ta...

2026-03-12 - Hackplayers

Cursos para usar ChatGPT en ciberseguridad

ChatGPT es un aliado clave en ciberseguridad: usado estratégicamente, potencia tareas de defensa, análisis y hacking ético. Aquí encontrarás cursos pa...

2026-03-11 - WeLiveSecurity

Cinco de cada 100 créditos en México ya se otorgan con identidad robada

Otorgan cinco de cada 100 créditos digitales en México a identidades robadas, Una proporción detectada en operaciones de instituciones financieras que...

2026-03-11 - Segu-Info

Fear of the Dark: Primal Fears & Retórica IA

Continuando con la presentación de Fear of the Dark en la RootedCON Madrid 2026, el siguiente paso era analizar qué miedos, y de qué forma, se podían ...

2026-03-11 - El Lado del Mal

Sednit recargado: un APT histórico reactiva su arsenal

La actividad reciente revela que Sednit ha retomado operaciones con nuevos implants y tácticas de espionaje de largo plazo.

2026-03-10 - WeLiveSecurity

Panorama infostealer: cambios globales y casos destacados en México y Brasil

El análisis retrospectivo de 2025 revela nuevas familias, mayor sofisticación y dos hitos regionales: la campaña masiva de Lumma Stealer en México y e...

2026-03-10 - WeLiveSecurity

Un error en el panel de la IA Gemini de Google abre la puerta al secuestro de sesiones

Los atacantes podrían haber explotado esta vulnerabilidad para escalar privilegios, violar la privacidad del usuario durante la navegación y acceder a...

2026-03-10 - Segu-Info

Ericsson en EE. UU. informa de una brecha de datos tras el hackeo de un proveedor externo

Ericsson Inc. (EE. UU.) ha notificado una brecha de datos vinculada al hackeo de un proveedor de servicios que almacenaba información personal. La exp...

2026-03-10 - Una al Día

Fear of the Dark: Detección de Suplantación de Identidad y DeepFakes usando Verificación de Identidad en MyPubicInbox

Continuando la serie de Fear of the Dark, como parte de la presentación de RootedCON, sincronizamos la publicación de un servicio para Perfiles Públic...

2026-03-10 - El Lado del Mal

Qué hace realmente la ciberseguridad por su negocio

La capacidad de seguir operando de manera segura en un entorno inseguro, donde sus competidores no pueden hacerlo, es una ventaja competitiva que rara...

2026-03-09 - WeLiveSecurity

Zero-Day de Qualcomm explotado en ataques dirigidos contra Android

La actividad de explotación contra CVE-2026-21385, un fallo de corrupción de memoria de alta gravedad, podría estar vinculada a spyware comercia...

2026-03-09 - Segu-Info

Dos extensiones de Chrome ‘legítimas’ se vuelven maliciosas tras cambiar de dueño y habilitan inyección de código y robo de datos

Las extensiones QuickLens y ShotBird habrían pasado de ser herramientas aparentemente normales a incluir actualizaciones maliciosas tras un cambio de ...

2026-03-09 - Una al Día

Fear of the Dark: DeepFakes, Sappo & Sentiment Analysis

En la primera parte del artículo os dejé la introducción pre GenAI, que una vez que llegó el mundo de la Inteligencia Artificial Generativa todo ha ca...

2026-03-09 - El Lado del Mal

Fuga masiva expone datos de más de un millón de usuarios en plataforma de IA

La plataforma KomikoAI, especializada en generación de videos e imágenes mediante inteligencia artificial, ha experimentado una filtración que expone ...

2026-03-07 - Una al Día

Europol desmantela LeakBase: cae uno de los mayores mercados de datos robados en Internet

Europol ha liderado el cierre de LeakBase, uno de los mayores mercados ilegales dedicados a la compraventa de datos robados en Internet, en una operac...

2026-03-06 - Una al Día

Un simple typo provoca un 0-day de ejecución remota de código en Firefox

Investigadores de seguridad han revelado recientemente un 0-day en Firefox que demuestra cómo un error aparentemente trivial puede convertirse en una ...

2026-03-06 - Una al Día

Living off the Land 2.5: persistencia que vive dentro de contenedores y casi nadie está mirando

Cuando empecé a investigar intrusiones recientes en infraestructuras Linux modernas, hubo algo que empezó a repetirse: no era malware clásico, no eran...

2026-03-04 - Hackplayers

Living off the Land 2.0 en Linux: Persistencia para pasar desapercibidos al SOC

Hay una regla no escrita en intrusiones modernas: El mejor malware es el que no parece malware. Pero hay una evolución aún más interesante q...

2026-03-02 - Hackplayers

Heretic o cómo eliminar fácilmente la censura en un LLM

Los modelos de lenguaje actuales (los conocidos LLM, Large Language Models) se han convertido en piezas clave de muchas aplicaciones: asistentes, anál...

2026-03-01 - Hackplayers

PentAGI: Automatización avanzada de penetration testing con agentes AI autónomos

En los últimos años, el pentesting ha evolucionado desde procesos manuales altamente especializados hacia flujos híbridos donde la automatización y la...

2026-02-22 - Hackplayers

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

2025-10-27 - Flu Project

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

2025-10-13 - Flu Project

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

2025-10-06 - Flu Project

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

2025-09-29 - Flu Project

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

2025-09-15 - Flu Project

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

2025-07-01 - BlogThinkBig

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

2025-06-17 - BlogThinkBig

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

2025-06-13 - BlogThinkBig

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

2025-06-12 - BlogThinkBig

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

2025-06-06 - BlogThinkBig