Cybersecurity News - Noticias de Ciberseguridad

Securden Unveils Unified Identity Security Platform at RSAC 2026, Combining PAM, EPM, IGA, and More

Securden launched what it calls the world’s first truly unified identity security platform at RSA Conference 2026, consolidating privileged acce...

Hyperproof Launches AI Guided Experiences for Compliance Operations at RSAC 2026

Hyperproof announced AI Guided Experiences at RSA Conference 2026, its latest push to use AI to reduce the manual effort at the core of compliance ope...

Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack

Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10...

imper.ai Launches Workforce Identity Security Platform at RSAC 2026

imper.ai made its public debut at RSAC 2026 with the launch of its Workforce Identity Security platform, built to stop impersonation and account takeo...

Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector

The attacks included a destructive infiltration of Poland's energy system in December and was suspected of originating in Russia. The post Poland Face...

Cy4Data Labs Brings Real-Time Insider Threat Detection to RSAC 2026

Cy4Data Labs announced at RSAC 2026 that its flagship platform Cy4Secure now includes a Behavior Engine for insider threat detection, designed to brin...

ProjectDiscovery Launches Neo, an Autonomous Pentesting Platform, at RSAC 2026

ProjectDiscovery launched Neo commercially at RSAC 2026, bringing an autonomous penetration testing platform to market after winning the RSAC Innovati...

Critics call FCC router rule a ‘big swing’ that could create more supply chain uncertainty

The choice to ban all foreign-made routers instead of targeting known risks could create legal and supply chain disruptions with unclear national secu...

Firefox now has a free built-in VPN with 50GB monthly data limit

Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. [...]

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For...

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miner...

RSAC 2026 Conference Announcements Summary (Day 1)

A summary of the announcements made by vendors on the first day of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Day ...

Treasury asks whether terrorism risk insurance program should bolster cyber coverage

A Federal Register notice seeks public comment on how cyber is covered within a 2002 law and program. The post Treasury asks whether terrorism risk in...

Microsoft fixes bug causing Classic Outlook sync issues with Gmail

​Microsoft has fixed a known issue causing Gmail and Yahoo email synchronization and connection problems for classic Outlook users. [...]

QualDerm Partners December 2025 data breach impacts over 3 Million people

Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data. Over 3.1 millio...

Uncle Sam closes the door on all new foreign-made routers

The US Federal Communications Commission (FCC) has imposed a ban on all new routers manufactured overseas being imported into and sold within the Unit...

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game cheats.

The AI safety conversation is focused on the wrong layer

Organizations have spent years accumulating fragmented identity systems: too many roles, too many credentials, too many disconnected tools. For a work...

Russian access broker sentenced to over 6 years in prison for ransomware schemes

A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ran...

Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)

Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers...

Zero Trust: Bridging the Gap Between Authentication and Trust

Passing MFA doesn't mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must veri...

HackerOne discloses employee data breach after Navia hack

Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits adm...

Detecting IP KVMs, (Tue, Mar 24th)

I have written about how to&#;x26;#;xc2;&#;x26;#;xa0;use IP KVMs securely, and recently, resea...

Extortion Group Claims It Hacked AstraZeneca

The Lapsus$ hackers allegedly compromised internal code repositories, credentials, and employee data. The post Extortion Group Claims It Hacked AstraZ...

Mimecast expands Incydr with runtime data security for AI and human risk

Mimecast has announced a major expansion of its Incydr offering with new data security capabilities and a preview of the Agent Risk Center. These enha...

Infinite Campus warns of breach after ShinyHunters claims data theft

Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor...

DDoS-Angriffe haben sich verdoppelt

srcset="https://b2b-contenthub.com/wp-content/uploads/2026/03/DDoS-Attack-COunt_16-9.png?quality=50&strip=all 2200w, https://b2b-contenthub.com/wp...

Chrome 146 Update Patches High-Severity Vulnerabilities

The software refresh fixes eight memory safety bugs affecting seven Chrome components. The post Chrome 146 Update Patches High-Severity Vulnerabilitie...

Russian initial access broker helped ransomware gangs extort millions, sentenced to 81 months

A Russian citizen, Aleksei Volkov, was sentenced to 81 months in prison for helping ransomware groups carry out attacks causing over $9 million in act...

HP launches TPM Guard to help defeat physical TPM attacks

The Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 1...

How a Large Bank Uses AI Digital Twins for Threat Hunting

JPMorgan Chase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts.

Citrix NetScaler critical flaw could leak data, update now

Citrix warns of a critical NetScaler flaw (CVE-2026-3055) that could leak sensitive data; users are urged to apply security updates immediately. Citri...

Webinar Today: Putting CIS Controls and Benchmarks into Practice

Learn how the CIS Critical Security Controls and the CIS Benchmarks can be used together to support secure configuration at scale. The post Webinar T...

Microsoft Proposes Better Identity, Guardrails for AI Agents

Companies need better controls to manage key threats rising from the growth of agentic AI. These new features provide a starting point.

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. B...

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The...

Pharos Controls Mosaic Show Controller

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privil...

Schneider Electric Plant iT/Brewmaxx

View CSAF Summary Successful exploitation of these vulnerabilities could risk privilege escalation, which could result in remote code execution. The f...

Schneider Electric EcoStruxure Foxboro DCS

View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure Foxboro DCS Control Software on Foxboro DCS workstations and serve...

Grassroots DICOM (GDCM)

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could resul...

New ‘StoatWaffle’ malware auto‑executes attacks on developers

A newly disclosed malware strain dubbed “StoatWaffle” is giving fresh teeth to the notorious, developer-targeting “Contagious Interview” threat campai...

81-month sentence for Russian hacker behind major ransomware campaigns

U.S. sentences Russian hacker Aleksei Volkov to 81 months in prison for aiding ransomware attacks, causing over $9M in damages. A U.S. court sentenced...

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the clou...

Your Body Is Betraying Your Right to Privacy

Attachment to smart devices and biometric surveillance leaves Americans more vulnerable to police searches than ever. Left unchecked it will only get ...

‘Get Down! Get Down! They’re Gonna See Us!’: Six Months of Hiding From ICE

A family in Chicago has been terrified to leave their apartment. Agents could be anywhere.

Autonomous AI adoption is on the rise, but it’s risky

Two AI releases early this year are prompting users to give up control and let autonomous agentic tools complete tasks on their behalf. IT leaders sho...

ICE Paid the Salaries of This Town’s Entire Police Force

Under a Homeland Security program, police departments around the US are signing up to assist in immigration enforcement. The cops of Carroll, New Hamp...

Streamline physical security to enable data center growth in the era of AI

AI is the new space race for data centers, and consistency at speed is the rocket fuel that colocation and hyperscale providers need to reach orbit. E...

North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Ko...

ISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862, (Tue, Mar 24th)

AI in the SOC: What Could Go Wrong?

Two cybersecurity leaders tested out AI in their respective SOCs for six months — and here's what they learned.

Trivy Supply Chain Attack Targets CI/CD Secrets

A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and oth...

Experts insist Trump administration’s cyber strategy is already paying off

Leaders from various cybersecurity institutions were quick to defend and evangelize the administration’s strategic pivots in cyberspace. The post Expe...

QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025

QNAP fixed four vulnerabilities shown at Pwn2Own 2025 that could enable code execution, data access, or system disruption. Taiwanese vendor QNAP has a...

Tool updates: lots of security and logic fixes, (Mon, Mar 23rd)

So, I&#;x26;#;39;ve been slow to get on the Claude Code/OpenCode/Codex/OpenClaw bandwagon, but I had some time last week s...

A Mysterious Numbers Station Is Broadcasting Through the Iran War

First heard as US and Israeli strikes on Iran began, the shortwave broadcast has since been traced to a US military base in Germany—but its purpose an...

Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started

Microsoft Defender stopped a human-operated ransomware attack that abused Group Policy Objects (GPOs) to disable defenses and push encryption at scale...

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly...

Hassan Took a Bike Ride. Now He's One of the Thousands Missing in Gaza

In a place denied access to basic forensic technology—and where people disappear into Israeli detention—the fate of thousands remains unknown. One of ...

ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd)

CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents

Excerpt: CTI-REALM is Microsoft’s open-source benchmark for evaluating AI agents on real-world detection engineering—turning cyber threat intelligence...

Secure agentic AI end-to-end

In this agentic era, security must be woven into, and around, every layer of the AI estate. At RSAC 2026, we are delivering on that vision with new pu...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-3127...

GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)

Yesterday, I discovered a malicious Bash script that installs a GSocket backdoor on the victim's computer. I don't know the source of the scri...

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets th...

New tools and guidance: Announcing Zero Trust for AI

Microsoft introduces Zero Trust for AI, adding a new AI pillar to its workshop, enhanced reference architecture, updated guidance, and a new assessmen...

When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures

During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including refund notices, payroll fo...

The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico

Kaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt ...

Free real estate: GoPix, the banking Trojan living off your memory

Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) ...

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical te...

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pre...

BeatBanker: A dual‑mode Android Trojan

Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable...

How AI Assistants are Moving the Security Goalposts

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any ...

Exploits and vulnerabilities in Q4 2025

This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use...

Mobile malware evolution in 2025

Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT...

La gestión de la "Deuda Cognitiva" en servicios programados con Inteligencia Artificial

El mundo del programación con Inteligencia Artificial ha entrado en una nueva fase desde finales del año pasado cuando comenzamos a ver que programar ...

Estas son las capas de seguridad para la IA generativa con las que proteger a las empresas

La adopción de la IA generativa se da en las organizaciones con demasiada urgencia, impulsada por la presión competitiva, así como el potencial de aut...

Una foto da paso al ataque: el fallo en ExifTool que afecta a macOS

El equipo Global Research and Analysis Team de Kaspersky, GReAT, ha identificado una vulnerabilidad de inyección de comandos, registrada como CVE-2026...

Hackén 2026: La CON de hacking en Jaén el 17 y 18 de abril del 2026

Los días 17 y 18 de Abril tenéis también una cita con la ciberseguridad y el hacking en la CON Hackén, una conferencia de dos días...

El 95% de empresas prioriza pentesting, pero solo evalúa el 32% del riesgo

Synack, empresa especializada en pruebas de penetración dirigidas por personas y potenciadas por IA, y Omdia, una empresa de investigación tecnológica...

La IA agentiva permite a un solo ciberdelincuente crear malware avanzado en días

Check Point® Software Technologies Ltd., empresa global en soluciones de ciberseguridad, ha destacado que la llegada de la era agentiva está transform...

Cuando mecanografiaba mis artículos de cine

Ayer os compartí cómo son los mini-libros que yo hacía de niño sobre las películas que iba viendo, como forma de conservarlas y hacerlas mías. Pero un...

N.O.M.A.D.: la infraestructura offline que querrás tener cuando Internet deje de existir

En un contexto donde la estabilidad geopolítica ya no se da por sentada, donde conflictos híbridos, ciberataques a gran escala y apagones de infraestr...

Mi primer Blog fue de cine: La Colección Pitufo.

Cuando era pequeño, mi conexión a Internet era el quiosco. Supongo que para muchos niños y niñas de mi generación. Yo salía por la puerta con ocho, nu...

Initial Access Brokers (IAB): qué son y cómo operan para obtener y comercializar accesos a redes corporativas

Los Initial Access Brokers obtienen y comercializan accesos iniciales a redes corporativas mediante credenciales comprometidas, malware y explotación ...

Presentación del libro "Todo Llega...cuidado con lo que deseas". Mañana a las 19:00 en Espacio Ronda

Mi compañero y amigo David de Santiago presenta mañana, Sábado 21 de Abril, a las 19:00 horas de la tarde, en el Espacio Ronda - sito en la Ronda Sego...

El 70% de las organizaciones señalan la IA como su principal riesgo para la seguridad de los datos

Thales Cybersecurity Productos, distribuido por Exclusive Networks, analiza la última edición del informe Thales 2026 Data Threat Report, el estudio d...

EDR killers explicados: Más allá de los drivers

Los investigadores de ESET profundizan en el ecosistema de los EDR killer y revelan cómo los atacantes abusan de los controladores vulnerables

El impacto en la ciberseguridad de la guerra en Irán: riesgos clave que debe monitorear

Aunque el conflicto se desarrolla en Medio Oriente, las repercusiones en la ciberseguridad pueden afectar a organizaciones de todo el mundo. Estos son...

Mapa de actividad de malware en América Latina

Un análisis basado en telemetría ESET muestra cómo se distribuyen las amenazas en cinco de los países de la región y revela similitudes en las campaña...

MiroFish: cuando los LLM empiezan a simular el mundo

Durante años hemos hablado de modelos predictivos, de machine learning aplicado a forecasting, de simulaciones multi-agente y de modelos basados en gr...

¿Está bien permitir que tus hijos publiquen selfies en línea?

Cuando se trata de la vida digital de nuestros hijos, la prohibición rara vez funciona. Es nuestra responsabilidad ayudar a que construyan una relació...

Zombie ZIP: cómo una simple manipulación del header permite ocultar malware a los antivirus

Los archivos ZIP son uno de los formatos más utilizados para distribuir software, documentos y archivos comprimidos. Precisamente por su ubiquidad, ta...

Living off the Land 2.5: persistencia que vive dentro de contenedores y casi nadie está mirando

Cuando empecé a investigar intrusiones recientes en infraestructuras Linux modernas, hubo algo que empezó a repetirse: no era malware clásico, no eran...

Living off the Land 2.0 en Linux: Persistencia para pasar desapercibidos al SOC

Hay una regla no escrita en intrusiones modernas: El mejor malware es el que no parece malware. Pero hay una evolución aún más interesante q...

Las peores contraseñas de todos los tiempos

Las peores contraseñas de todos los tiempos Las peores contraseñas de todos los tiempos son aquellas que, por pereza o previsibilidad, se repiten mill...

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

Prueba de Penetración en Costa Rica

Prueba de Penetración en Costa Rica Prueba de Penetración en Costa Rica: Un Servicio Esencial para la Seguridad Empresarial Introducción En un mundo c...

Prueba de Penetración en Quito

Prueba de Penetración en Quito La Prueba de Penetración en Quito, también conocida como Pentesting, se ha convertido en una herramienta fundamental pa...

Prueba de Penetración en El Salvador

Prueba de Penetración en El Salvador En la era digital actual, la seguridad informática es un aspecto crucial para cualquier empresa. El Salvador, com...

Prueba de penetración en Barranquilla

Prueba de penetración en Barranquilla La prueba de penetración en Barranquilla es un proceso esencial para garantizar la seguridad informática en cual...

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

Chat Control: el plan europeo para escanear tus mensajes

La Unión Europea está en pleno debate sobre una de las propuestas más polémicas de los últimos años: el Reglamento para prevenir y combatir el abuso s...

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

OpenAI lanza cursos gratuitos sobre IA.

OpenAI ha lanzado su propia academia online gratuita con cursos para aprender inteligencia artificial. Desde productividad con ChatGPT hasta ética de ...

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

CodeStrike, el videojuego gratuito que te enseña Python mientras salvas el mundo

Aprender a programar puede ser entretenido, sobre todo si te conviertes en un héroe del futuro mientras lo haces. Esa es precisamente la propuesta de ...

La Comisión Europea investiga a TikTok en virtud de la Ley de Servicios Digitales

La Comisión Europea inicia procedimiento contra TikTok por posible infracción de la DSA, enfocándose en protección de menores, transparencia publicita...

El Garante dice que ChatGPT viola la normativa de la Unión Europea sobre protección de datos

La autoridad italiana de protección de datos ha notificado a OpenAI sobre una presunta infracción de ChatGPT en relación con el RGPD