AHQ-AGENCY Cybersecurity News

Noticias Destacadas

Latest News

Predator spyware hooks iOS SpringBoard to hide mic, camera activity

Intellexa's Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. [...]

2026-02-21 - BleepingComputer

NDSS 2025 -DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing

Session 13A: JavaScript Security Authors, Creators & Presenters: Liam Wachter (EPFL), Julian Gremminger (EPFL), Christian Wressnegger (Karlsruhe ...

2026-02-21 - Security Boulevard

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) servic...

2026-02-21 - The Hacker News

Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks

Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate fire...

2026-02-21 - BleepingComputer

Critical Grandstream Phone Vulnerability Exposes Calls to Interception

The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post Critical Grandstre...

2026-02-21 - SecurityWeek

U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cyb...

2026-02-21 - Security Affairs

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase f...

2026-02-21 - The Hacker News

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known ...

2026-02-21 - The Hacker News

Best Cyber Security Consulting Companies

With rapid technological progress, it is estimated that nearly 200 billion connected devices, ranging from medical equipment and industrial machines t...

2026-02-21 - Security Boulevard

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close...

2026-02-21 - The Hacker News

Compromised npm package silently installs OpenClaw on developer machines

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm ...

2026-02-21 - CSO Online

PayPal discloses extended data leak linked to Loan App glitch

PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error. PayPal has disc...

2026-02-20 - Security Affairs

Can Agentic AI improve scalability in secrets management

How Do Non-Human Identities Revolutionize Cloud Security? Maintaining robust cybersecurity measures is crucial. One area rapidly gaining attention is ...

2026-02-20 - Security Boulevard

How assured is your data with NHIs in place

Are You Adequately Protecting Your Organization with NHI Management? Where information is a cornerstone for business operations, safeguarding data has...

2026-02-20 - Security Boulevard

How does Agentic AI enforce cloud compliance in real-time

The Critical Role of Agentic AI in Enhancing Cloud Compliance Monitoring How do organizations ensure their cloud systems remain compliant in real-time...

2026-02-20 - Security Boulevard

Anthropic rolls out embedded security scanning for Claude

The feature, currently limited to a small group of testers, will provide an easy-to-use feature that scans AI-generated code and offers up patching so...

2026-02-20 - CyberScoop

Attackers Use New Tool to Scan for React2Shell Exposure

Researchers say threat actors wielded the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation...

2026-02-20 - Dark Reading

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by ant...

2026-02-20 - Krebs on Security

'God-Like' Attack Machines: AI Agents Ignore Security Policies

Microsoft Copilot recently summarized and leaked user emails; but any AI agent will go above and beyond to complete assigned tasks, even breaking thro...

2026-02-20 - Dark Reading

Japanese tech giant Advantest hit by ransomware attack

Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. ...

2026-02-20 - BleepingComputer

Lessons From AI Hacking: Every Model, Every Layer Is Risky

After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vu...

2026-02-20 - Dark Reading

CISA: BeyondTrust RCE flaw now exploited in ransomware attacks

Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure S...

2026-02-20 - BleepingComputer

Don’t trust TrustConnect: This fake remote support tool only helps hackers

After breaking into a system, crooks often install legitimate remote admin tools to keep a foothold on the network — with the risk that the tool’s ven...

2026-02-20 - CSO Online

Data breach at French bank registry impacts 1.2 million accounts

The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. [...]

2026-02-20 - BleepingComputer

NIST’s Quantum Breakthrough: Single Photons Produced on a Chip

NIST’s single photon chip will likely make QKD an option for a wider range of companies. The post NIST’s Quantum Breakthrough: Single Photons Produce...

2026-02-20 - SecurityWeek

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remot...

2026-02-20 - The Hacker News

In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI

Other noteworthy stories that might have slipped under the radar: Axonius lays off employees, Abu Dhabi conference data leak, HackerOne addresses AI c...

2026-02-20 - SecurityWeek

Latin America's Cyber Maturity Lags Threat Landscape

The slower pace of upgrades has the unintended impact of creating a haven for attackers, especially for initial access brokers and ransomware gangs.

2026-02-20 - Dark Reading

LLMs change their answers based on who’s asking

AI chatbots may deliver unequal answers depending on who is asking the question. A new study from the MIT Center for Constructive Communication finds ...

2026-02-20 - Help Net Security

Criminals create business website to sell RAT disguised as RMM tool

A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers ...

2026-02-20 - Help Net Security

North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.

A Ukrainian man was sentenced to five years in the U.S. for helping North Korean IT workers use stolen identities to get hired by U.S. firms. Oleksand...

2026-02-20 - Security Affairs

KI und Komplexität als Brandbeschleuniger für Cyberkriminelle

Cyberangriffe werden immer schneller, wodurch sich die Zeitspanne zwischen der ersten Kompromittierung und den negativen Folgen verkürzt.andrey_l – sh...

2026-02-20 - CSO Online

Dramatic Escalation in Frequency and Power of DDoS Attacks

DDoS attack frequency has risen to ‘alarming levels,’ warns Radware report

2026-02-20 - Infosecurity Magazine

BeyondTrust Vulnerability Exploited in Ransomware Attacks

CISA has updated its KEV entry for CVE-2026-1731 to alert organizations of exploitation in ransomware attacks. The post BeyondTrust Vulnerability Expl...

2026-02-20 - SecurityWeek

Ex-Google engineers charged with orchestrating high-tech secrets extraction

A federal grand jury has indicted three Silicon Valley engineers on charges in a scheme to steal trade secrets from Google and other leading technolog...

2026-02-20 - Help Net Security

Android Malware Hijacks Google Gemini to Stay Hidden

A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET

2026-02-20 - Infosecurity Magazine

FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025

The FBI has confirmed that the Ploutus malware, which has been around for over a decade, is still being used in the wild. The post FBI: $20 Million Lo...

2026-02-20 - SecurityWeek

Google cleans house, bans 80,000 developer accounts from the Play Store

Google prevented more than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts that attem...

2026-02-20 - Help Net Security

Man gets five years for aiding North Korean IT employment scam

Ukrainian national Oleksandr Didenko, 29, was sentenced in U.S. District Court to 5 years in prison for an identity theft scheme that enabled North Ko...

2026-02-20 - Help Net Security

FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025

The FBI warns ATM jackpotting is rising nationwide, with over $20 million lost in 2025 and 1,900 incidents reported since 2020. The FBI has warned of ...

2026-02-20 - Security Affairs

Sonderkommission ermittelt zu Cyberangriff auf Kunstsammlungen Dresden

Die Staatlichen Kunstsammlungen Dresden waren Ziel einer Cyberattacke.Staatliche Kunstsammlungen Dresden Nach dem Cyberangriff auf die Staatlichen ...

2026-02-20 - CSO Online

Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions

INTERPOL’s Operation Red Card 2.0 led to 651 arrests across 16 African countries and recovered over $4.3 million from online scams. INTERPOL’s Operati...

2026-02-20 - Security Affairs

PayPal launches latest struggle to get rid of SMS for MFA

When PayPal started emailing customers this month that it was backing off unencrypted SMS for multifactor authentication (MFA) at login, it came with ...

2026-02-20 - CSO Online

Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges

As scaled-down circuits with limited functions redefine computing for AI systems and autonomous vehicles, their flexibility demands new approaches to ...

2026-02-19 - Dark Reading

Ukrainian sentenced to 5 years in prison for facilitating North Korean remote worker scheme

Oleksandr Didenko ran laptop farms and provided forged or stolen identities to North Korean operatives who gained remote employment at 40 U.S. busines...

2026-02-19 - CyberScoop

State Dept. official says post-quantum transition plans will outlive current leadership

Governments and businesses have a shared interest in seeing post-quantum encryption broadly adopted throughout society. The post State Dept. official...

2026-02-19 - CyberScoop

FBI: Threats from Salt Typhoon are ‘still very much ongoing’

A top FBI cyber official said Salt Typhoon, the Chinese cyber espionage group behind the widespread compromise of U.S. telecommunications infrastructu...

2026-02-19 - CyberScoop

HHS burrows into identifying risks to health sector from third-party vendors

A department official speaking at CyberTalks said HHS is trying to help the sector on finding where those risks are. The post HHS burrows into identif...

2026-02-19 - CyberScoop

New e-book: Establishing a proactive defense with Microsoft Security Exposure Management

Read the new maturity-based guide that helps organizations move from fragmented, reactive security practices to a unified exposure management approach...

2026-02-19 - Microsoft Security Blog

Remcos RAT Expands Real-Time Surveillance Capabilities

New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows

2026-02-19 - Infosecurity Magazine

Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, where skills and external i...

2026-02-19 - Microsoft Security Blog

Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia

Fraud campaign exploiting Indonesia’s Coretax resulted in $1.5m to $2m in losses via malicious apps

2026-02-19 - Infosecurity Magazine

Industrial Control System Vulnerabilities Hit Record Highs

Forescout paper reveals ICS advisories hit a record 508 in 2025

2026-02-19 - Infosecurity Magazine

Unify now or pay later: New research exposes the operational cost of a fragmented SOC

New research from Microsoft and Omdia reveals how fragmented tools, manual workflows, and alert overload are pushing SOCs to a breaking point. The pos...

2026-02-17 - Microsoft Security Blog

Top 10 actions to build agents securely with Microsoft Copilot Studio

Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and ...

2026-02-12 - Microsoft Security Blog

Your complete guide to Microsoft experiences at RSAC™ 2026 Conference

Microsoft Security returns to RSAC Conference to show how Frontier Firms—organizations that are human-led and agent-operated—can stay ahead. The post ...

2026-02-12 - Microsoft Security Blog

Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a dece...

2026-02-11 - Krebs on Security

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopp...

2026-02-10 - Krebs on Security

Please Don’t Feed the Scattered Lapsus ShinyHunters

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from vic...

2026-02-02 - Krebs on Security

Who Operates the Badbox 2.0 Botnet?

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicati...

2026-01-26 - Krebs on Security

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

2022-08-31 - Threatpost

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

2022-08-30 - Threatpost

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

2022-08-29 - Threatpost

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

2022-08-26 - Threatpost

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

2022-08-25 - Threatpost

Noticias en Español

La Psicohistoria, la Ley Cero de las Leyes de la Robótica, el Imperio Galáctico & R. Daneel Olivaw

El año pasado me leí por fin la Trilogía de la Fundación de Isaac Asimov gracias a un regalo que me había hecho mi amigo Arturo González-Campos, ...

2026-02-21 - El Lado del Mal

Advantest Corporation confirma sufrir un ataque de ransomware

Advantest, líder mundial en equipos de prueba para semiconductores, informa un ataque de ransomware en su red corporativa. Aunque la investigación est...

2026-02-21 - Una al Día

Cisco publica una actualización que corrige un fallo crítico de ejecución remota en sus productos Unified Communications

Cisco ha publicado recientemente un aviso de seguridad y actualizaciones de software para corregir una vulnerabilidad crítica en varios productos de U...

2026-02-20 - Una al Día

La formación para el nuevo "emperador" y la nueva "emperatriz"

"¿Qué carrera les recomiendo a mis hijos que estudien? ¿Ciencias? ¿Humanidades? ¿Tecnología?" Me preguntaban hace muy poco. Y no es una pregunta fácil...

2026-02-19 - El Lado del Mal

PromptSpy: novedoso malware para Android que usa IA generativa apunta a Argentina

Investigadores del equipo de ESET Research descubren PromptSpy: un malware para Android que es el primero conocido en abusar de la IA generativa como ...

2026-02-19 - WeLiveSecurity

Estudio sobre las infraestructuras cloud en SCI

Estudio sobre las infraestructuras cloud en SCI Autor INCIBE (INCIBE) Jue, 19/02/2026 - 13:08 ...

2026-02-19 - INCIBE-CERT

Explotación activa de un 0-day crítico en Dell RecoverPoint for VMs por credenciales hardcodeadas

La vulnerabilidad CVE-2026-22769 (CVSS 10.0) en Dell RecoverPoint for Virtual Machines se ha explotado como zero-day desde mediados de 2024, según el ...

2026-02-19 - Una al Día

Grok & Gore (G´NG) es puro Rock & Roll (R´NR).

Preparando las charlas, unos artículos, y revisando técnicas de Jailbreak, ya sabéis que estuve probando recientemente el Cat Attack & Knowledge R...

2026-02-19 - El Lado del Mal

Google corrige un zero-day de Chrome (CVE-2026-2441) ya explotado en ataques

Google ha publicado una actualización de emergencia para Chrome que corrige el CVE-2026-2441, un zero-day de alta severidad con explotación confirmada...

2026-02-18 - Una al Día

TechArena - Life of a Hacker in the age of AI

La semana pasada subí a Suecia, a Estocolmo, a dar una pequeña charla en TechArena 2026 sobre "Life of a Hacker in the age of AI" donde en 30 minutos,...

2026-02-18 - El Lado del Mal

Ofrecen en foros clandestinos un supuesto 0-day crítico contra OpenSea por 100.000 USD

Un actor de amenazas está promocionando en foros de hacking la venta de una presunta cadena de exploits de 0-day dirigida contra OpenSea, con un preci...

2026-02-17 - Una al Día

Autómatas victorianos, gargantas de cuero y redes neuronales: Anatomía secreta de las máquinas parlantes

¿Has pensado alguna vez que todo lo que decimos, todo lo que hemos escrito como especie, emerge de un conjunto ridículamente pequeño de sonidos? En Es...

2026-02-17 - El Lado del Mal

Writeups CTF Hardware Hacking h-c0n 2026

Desde que fundamos la conferencia h-c0n uno de nuestros “sueños” era tener nuestro propio badge electrónico, al más puro estilo DEF CON. No ha sido ha...

2026-02-17 - Hackplayers

Técnicas de evasión de seguridad en endpoints: evolución (2020–2025)

El surcoreano Hyeongkwan Lee aka WindShock analizaba recientemente en un post cómo, entre 2020 y 2025, las técnicas de evasión de EDR y anti...

2026-02-15 - Hackplayers

¿Te llega mucho spam o correos electrónicos fraudulentos? Probablemente sea por esto

Si tu bandeja de entrada está inundada de mensajes no deseados e incluso maliciosos, te contamos 10 razones por las que está ocurriendo y qué medidas ...

2026-02-13 - WeLiveSecurity

Crónica de #hc0n2026, la sexta Con de Hackplayers

h-c0n 2026 volvió y lo hizo para ser lo que siempre ha sido: un punto de encuentro real para gente que quiere entender cómo funcionan las cosas, inclu...

2026-02-09 - Hackplayers

Me hackearon la cuenta: ¿qué hacer en los primeros 15 minutos?

Cuando una de nuestras cuentas es vulnerada, saber qué hacer de manera rápida es vital para mitigar el impacto. Conoce las acciones clave para que un ...

2026-02-09 - WeLiveSecurity

Niños, niñas y chatbots: riesgos principales a los que prestar atención

A medida que los niños recurren a los chatbots de inteligencia artificial en busca de respuestas, consejos y compañía, surgen preguntas sobre su segur...

2026-02-06 - WeLiveSecurity

Robo de credenciales: métodos más frecuentes y recomendaciones para reducir el riesgo

El compromiso de contraseñas sigue siendo un problema recurrente en Latinoamérica, impulsado por técnicas de ingeniería social, malware especializado ...

2026-02-04 - WeLiveSecurity

Cinco libros imprescindibles sobre Inteligencia Artificial y Ciberseguridad para aspirantes a hackers éticos

La inteligencia artificial (IA) ya no es solo una moda técnica: es una herramienta clave tanto para defender como para atacar en el terreno de la cibe...

2026-01-24 - Hackplayers

Configuración de seguridad de un endpoint Windows

Configuración de seguridad de un endpoint Windows Autor INCIBE (INCIBE) Vie, 23/01/2026 - 10:00 ...

2026-01-23 - INCIBE-CERT

VoxCPM: cuando el TTS deja de sonar a TTS

Durante años hemos aceptado una idea casi como dogma en text-to-speech: para generar audio hay que discretizarlo. Da igual si hablamos de unidades fon...

2026-01-18 - Hackplayers

Redes privadas 5G: Guía de buenas prácticas en ciberseguridad

Redes privadas 5G: Guía de buenas prácticas en ciberseguridad Autor INCIBE (INCIBE) Jue, 18/12/2025 - 17:30 ...

2025-12-18 - INCIBE-CERT

Seguridad de las API

Seguridad de las API Autor INCIBE (INCIBE) Lun, 24/11/2025 - 11:06 En sus inici...

2025-11-24 - INCIBE-CERT

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

2025-10-27 - Flu Project

Adoptando DevSecOps: Seguridad integrada desde el código hasta la producción

Adoptando DevSecOps: Seguridad integrada desde el código hasta la producción Autor INCIBE (INCIBE) Lun, 20/10/2025 - ...

2025-10-20 - INCIBE-CERT

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

2025-10-13 - Flu Project

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

2025-10-06 - Flu Project

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

2025-09-29 - Flu Project

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

2025-09-15 - Flu Project

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

2025-07-01 - BlogThinkBig

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

2025-06-17 - BlogThinkBig

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

2025-06-13 - BlogThinkBig

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

2025-06-12 - BlogThinkBig

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

2025-06-06 - BlogThinkBig