Cybersecurity News - Noticias de Ciberseguridad

Latest News

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allow...

2026-02-18 - BleepingComputer

Microsoft Patches Security Flaw That Exposed Confidential Emails to AI

Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’...

2026-02-18 - Security Boulevard

AI platforms can be abused for stealthy malware communication

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) a...

2026-02-18 - BleepingComputer

NDSS 2025 – Try to Poison My Deep Learning Data? Nowhere To Hide Your Trajectory Spectrum!

Session 12D: ML Backdoors Authors, Creators & Presenters: Yansong Gao (The University of Western Australia), Huaibing Peng (Nanjing University of...

2026-02-18 - Security Boulevard

Notepad++ patches flaw used to hijack update system

Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerabili...

2026-02-18 - Security Affairs

A CISO's Playbook for Defending Data Assets Against AI Scraping

Discover a strategic approach to govern scraping risks, balance security with business growth, and safeguard intellectual capital from automated data ...

2026-02-18 - Dark Reading

The Lock, Not the Alarm: How Palo Alto’s Koi Acquisition Rewrites Endpoint Security

The acquisition of Koi Security isn’t just a product play — it’s a declaration that the agentic era has created an entirely new threat sur...

2026-02-18 - Security Boulevard

Randall Munroe’s XKCD ‘Cost Savings’

via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Cost Savings’ appeared fi...

2026-02-18 - Security Boulevard

Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody

New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company C...

2026-02-18 - The Hacker News

Betterment data breach might be worse than we thought

This breach now appears far more serious. The leaked data includes rich personal and financial details that phishers could use. The post Betterment da...

2026-02-18 - Security Boulevard

Betterment data breach might be worse than we thought

This breach now appears far more serious. The leaked data includes rich personal and financial details that phishers could use.

2026-02-18 - Malwarebytes Labs

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to sei...

2026-02-18 - The Hacker News

Telegram channels expose rapid weaponization of SmarterMail flaws

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring th...

2026-02-18 - BleepingComputer

Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages

Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules desi...

2026-02-18 - BleepingComputer

Cryptojacking Campaign Exploits Driver to Boost Monero Mining

Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics

2026-02-18 - Infosecurity Magazine

Fulton County lawsuit claims feds used ‘gross mischaracterizations’ to justify raid

A former federal election official says the FBI's affidavit justifying last month's Fulton County raid misrepresented basic election facts, despite th...

2026-02-18 - CyberScoop

New Keenadu Android Malware Found on Thousands of Devices

The malware has been preinstalled on many devices but it has also been distributed through Google Play and other app stores. The post New Keenadu Andr...

2026-02-18 - SecurityWeek

Millionen Chrome-Erweiterungen geben Browserverlauf preis

width="2489" height="1400" sizes="auto, (max-width: 2489px) 100vw, 2489px">Eine Sicherheitslücke in beliebten Chrome-Erweiterungen führt dazu, dass de...

2026-02-18 - CSO Online

VS Code extensions with 125M+ installs expose users to cyberattacks

Four popular VS Code extensions with 125M+ installs have flaws that could let hackers steal files and run code remotely. OX Security researchers warn ...

2026-02-18 - Security Affairs

AI Assistants Used as Covert Command-and-Control Relays

AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication

2026-02-18 - Infosecurity Magazine

China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769)

A suspected China-linked cyberespionage group has been covertly exploiting a critical zero-day flaw (CVE-2026-22769) in Dell’s RecoverPoint for Virtua...

2026-02-18 - Help Net Security

Cogent Security Raises $42 Million for AI-Driven Vulnerability Management

The Series A funding round, led by Bain Capital, brings the total raised by Cogent to $53 million. The post Cogent Security Raises $42 Million for AI-...

2026-02-18 - SecurityWeek

Brinqa targets manual bottlenecks in exposure management with integrated AI agents

Brinqa has advanced its platform with the introduction of two new AI agents, the AI Attribution Agent and the AI Deduplication Agent, designed to addr...

2026-02-18 - Help Net Security

Microsoft Edge 145 lands with major enterprise security upgrades

Microsoft has begun rolling out Edge 145 to the Stable release channel, adding several enterprise-focused security enhancements. The update is being d...

2026-02-18 - Help Net Security

Securonix shifts security operations to measurable AI-driven productivity

Securonix announced Sam, the AI SOC Analyst, and the Securonix Agentic Mesh, introducing a new operating model for security operations that scales ana...

2026-02-18 - Help Net Security

Data breach at fintech firm Figure affects nearly 1 million accounts

Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a se...

2026-02-18 - BleepingComputer

The era of the Digital Parasite: Why stealth has replaced ransomware

For years, ransomware encryption functioned as the industry’s alarm bell. When systems locked up, defenders knew an attack had occurred. Not anymore. ...

2026-02-18 - Help Net Security

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Novee researchers discovered 16 vulnerabilities in Foxit and Apryse PDF tools that could have been exploited via malicious documents or URLs. The post...

2026-02-18 - SecurityWeek

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if ...

2026-02-18 - The Hacker News

Flaws in four popular VS Code extensions left 128 million installs open to attack

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposin...

2026-02-18 - CSO Online

Job scam uses fake Google Forms site to harvest Google logins

Phishers are using fake Google Forms pages hosted on lookalike domains to trick job seekers into handing over their Google credentials.

2026-02-18 - Malwarebytes Labs

China-linked APT weaponized Dell RecoverPoint zero-day since 2024

A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant an...

2026-02-18 - Security Affairs

Keenadu: Android malware that comes preinstalled and can’t be removed by users

There’s too little a user can do when hit with a complex Android malware that comes preinstalled on their new smartphone or tablet. Security resear...

2026-02-18 - CSO Online

Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability

In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to ...

2026-02-18 - The Hacker News

Record Number of Ransomware Victims and Groups in 2025

Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025

2026-02-18 - Infosecurity Magazine

Cyberangriff auf Bahn stört Auskunftssysteme

Der Angriff konnte zurückgeschlagen werden. Trotzdem mussten Reisende mit Einschränkungen leben.Deutsche Bahn AG/Volker Emersleben Die Störungen de...

2026-02-18 - CSO Online

Discipline is the new power move in cybersecurity leadership

For years, I was fortunate to live many years, earning enough budget to deploy cybersecurity programs. I worked the same playbook: run a risk assessme...

2026-02-18 - CSO Online

U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimb...

2026-02-18 - Security Affairs

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat...

2026-02-18 - The Hacker News

CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5

The vulnerability added to CISA’s KEV catalog affects ThreatSonar Anti-Ransomware and it was patched in 2024. The post CISA: Hackers Exploiting Vulner...

2026-02-18 - SecurityWeek

Scammers use fake “Gemini” AI chatbot to sell fake “Google Coin”

An AI chatbot posing as Google’s Gemini is being used to pitch fake “Google Coin,” promising 7x returns.

2026-02-18 - Malwarebytes Labs

Chinese APT Group Exploits Dell Zero-Day for Two Years

Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines

2026-02-18 - Infosecurity Magazine

Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign

Kaspersky uncovered Keenadu, an Android backdoor used for ad fraud that can even take full control of devices. Kaspersky has identified a new Android ...

2026-02-18 - Security Affairs

Palo Alto Networks to Acquire Koi in Reported $400 Million Transaction

Koi has developed an endpoint security solution that Palo Alto will use to enhance its products. The post Palo Alto Networks to Acquire Koi in Reporte...

2026-02-18 - SecurityWeek

Singapore & Its 4 Major Telcos Fend Off Chinese Hackers

After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private indust...

2026-02-18 - Dark Reading

Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed

Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstor...

2026-02-18 - CyberScoop

Supply Chain Attack Embeds Malware in Android Devices

Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.

2026-02-17 - Dark Reading

Poland Energy Survives Attack on Wind, Solar Infrastructure

Russia-aligned groups are probable culprits behind the wiper attacks against renewable energy farms, a manufacturer, and a heating and power plant.

2026-02-17 - Dark Reading

RMM Abuse Explodes as Hackers Ditch Malware

Remote monitoring and management (RMM) software offers hackers multiple benefits, including stealth, persistence, and operational efficiency.

2026-02-17 - Dark Reading

Chrome “preloading” could be leaking your data and causing problems in Browser Guard

This article explains why Chrome’s “preloading” can cause scary-looking blocks in Malwarebytes Browser Guard.

2026-02-17 - Malwarebytes Labs

Polish authorities arrest alleged Phobos ransomware affiliate

The 47-year-old man, who was not identified, faces up to five years in prison for producing, obtaining and sharing computer programs used to conduct c...

2026-02-17 - CyberScoop

Unify now or pay later: New research exposes the operational cost of a fragmented SOC

New research from Microsoft and Omdia reveals how fragmented tools, manual workflows, and alert overload are pushing SOCs to a breaking point. The pos...

2026-02-17 - Microsoft Security Blog

Palo Alto Networks’ Koi acquisition is all about keeping AI agents in check

The company says it will integrate Koi’s technology into its security offerings to improve visibility into AI-driven activity on workplace devices. T...

2026-02-17 - CyberScoop

Android 17 Beta Introduces Secure-By-Default Architecture

Android 17 Beta introduces privacy, security updates and a new Canary channel for improved development

2026-02-17 - Infosecurity Magazine

Scam Guard for desktop: A second set of eyes for suspicious moments

Malwarebytes Scam Guard is now on Windows and Mac, bringing AI-powered scam detection to your desktop.

2026-02-17 - Malwarebytes Labs

Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone

The research lab says forensic evidence suggests the phone-cracking technology was used against Boniface Mwangi after his July arrest. The post Citize...

2026-02-17 - CyberScoop

Top 10 actions to build agents securely with Microsoft Copilot Studio

Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and ...

2026-02-12 - Microsoft Security Blog

Your complete guide to Microsoft experiences at RSAC™ 2026 Conference

Microsoft Security returns to RSAC Conference to show how Frontier Firms—organizations that are human-led and agent-operated—can stay ahead. The post ...

2026-02-12 - Microsoft Security Blog

The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era

New guide details how a unified, AI ready SIEM platform empowers security leaders to operate at the speed of AI, strengthen resilience, accelerate det...

2026-02-11 - Microsoft Security Blog

Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a dece...

2026-02-11 - Krebs on Security

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopp...

2026-02-10 - Krebs on Security

80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier

Read Microsoft's new Cyber Pulse report for straightforward, practical insights and guidance on new cybersecurity risks. The post 80% of Fortune 500 u...

2026-02-10 - Microsoft Security Blog

Please Don’t Feed the Scattered Lapsus ShinyHunters

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from vic...

2026-02-02 - Krebs on Security

Who Operates the Badbox 2.0 Botnet?

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicati...

2026-01-26 - Krebs on Security

Kimwolf Botnet Lurking in Corporate, Govt. Networks

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distribut...

2026-01-20 - Krebs on Security

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

2022-08-31 - Threatpost

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

2022-08-30 - Threatpost

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

2022-08-29 - Threatpost

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

2022-08-26 - Threatpost

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

2022-08-25 - Threatpost

Noticias en Español

Google corrige un zero-day de Chrome (CVE-2026-2441) ya explotado en ataques

Google ha publicado una actualización de emergencia para Chrome que corrige el CVE-2026-2441, un zero-day de alta severidad con explotación confirmada...

2026-02-18 - Una al Día

TechArena - Life of a Hacker in the age of AI

La semana pasada subí a Suecia, a Estocolmo, a dar una pequeña charla en TechArena 2026 sobre "Life of a Hacker in the age of AI" donde en 30 minutos,...

2026-02-18 - El Lado del Mal

Ofrecen en foros clandestinos un supuesto 0-day crítico contra OpenSea por 100.000 USD

Un actor de amenazas está promocionando en foros de hacking la venta de una presunta cadena de exploits de 0-day dirigida contra OpenSea, con un preci...

2026-02-17 - Una al Día

Autómatas victorianos, gargantas de cuero y redes neuronales: Anatomía secreta de las máquinas parlantes

¿Has pensado alguna vez que todo lo que decimos, todo lo que hemos escrito como especie, emerge de un conjunto ridículamente pequeño de sonidos? En Es...

2026-02-17 - El Lado del Mal

Writeups CTF Hardware Hacking h-c0n 2026

Desde que fundamos la conferencia h-c0n uno de nuestros “sueños” era tener nuestro propio badge electrónico, al más puro estilo DEF CON. No ha sido ha...

2026-02-17 - Hackplayers

Máster Online en Seguridad Ofensiva del Campus Internacional de Seguridad 2026: Comienzo el 24 de Marzo

Para los que tenéis pasión por ser expertos en la disciplina de "Offensive Security" y poder trabajar profesionalmente en las áreas de ciberseguridad ...

2026-02-16 - El Lado del Mal

Técnicas de evasión de seguridad en endpoints: evolución (2020–2025)

El surcoreano Hyeongkwan Lee aka WindShock analizaba recientemente en un post cómo, entre 2020 y 2025, las técnicas de evasión de EDR y anti...

2026-02-15 - Hackplayers

BuscanHackers cuando quieren CiberCriminales y se transforman en Víctimas, SúperTrolls y Extorsionados.

Hará ya más de quince años que me pasó por primera vez. Entonces me sorprendió, y la verdad es que no supe cómo gestionarlo. Se trataba de una mujer q...

2026-02-15 - El Lado del Mal

El botnet Kimwolf asfixia la red de anonimato I2P con cientos de miles de dispositivos IoT

La red descentralizada y privada I2P se ha visto desbordada esta semana debido al impacto del botnet Kimwolf, que inunda el sistema con cientos de mil...

2026-02-14 - Una al Día

4YFN: Hacked by Design? - 4 de Marzo en MWC Barcelona

Como ya os anuncié, este año estaré en el MWC 2026 en una sesión en el Agentic AI Summit, dentro de los tracks principales, pero también estaré el día...

2026-02-14 - El Lado del Mal

¿Te llega mucho spam o correos electrónicos fraudulentos? Probablemente sea por esto

Si tu bandeja de entrada está inundada de mensajes no deseados e incluso maliciosos, te contamos 10 razones por las que está ocurriendo y qué medidas ...

2026-02-13 - WeLiveSecurity

Ataques masivos explotan la vulnerabilidad crítica CVE-2026-1731 en BeyondTrust Remote Support

Un grave fallo de ejecución remota (RCE) sin autenticar en BeyondTrust Remote Support (CVE-2026-1731) ha sido activamente explotado pocas horas despué...

2026-02-13 - Una al Día

CVE-2026-22906: Vulnerabilidad Crítica en Almacenamiento de Credenciales

CVE-2026-22906 es una vulnerabilidad de alta criticidad (CVSS 9.8/10) que afecta a ciertos productos que almacenan credenciales de usuario utilizando ...

2026-02-12 - Una al Día

Crónica de #hc0n2026, la sexta Con de Hackplayers

h-c0n 2026 volvió y lo hizo para ser lo que siempre ha sido: un punto de encuentro real para gente que quiere entender cómo funcionan las cosas, inclu...

2026-02-09 - Hackplayers

Me hackearon la cuenta: ¿qué hacer en los primeros 15 minutos?

Cuando una de nuestras cuentas es vulnerada, saber qué hacer de manera rápida es vital para mitigar el impacto. Conoce las acciones clave para que un ...

2026-02-09 - WeLiveSecurity

Niños, niñas y chatbots: riesgos principales a los que prestar atención

A medida que los niños recurren a los chatbots de inteligencia artificial en busca de respuestas, consejos y compañía, surgen preguntas sobre su segur...

2026-02-06 - WeLiveSecurity

Robo de credenciales: métodos más frecuentes y recomendaciones para reducir el riesgo

El compromiso de contraseñas sigue siendo un problema recurrente en Latinoamérica, impulsado por técnicas de ingeniería social, malware especializado ...

2026-02-04 - WeLiveSecurity

OpenClaw (antes Clawdbot y Moltbot): qué es el asistente de IA que automatiza tu PC y cuáles son sus riesgos de seguridad

OpenClaw, antes Clawdbot y Moltbot, automatiza tareas mediante IA local. Su popularidad crece, pero también las dudas: repasamos los principales riesg...

2026-02-03 - WeLiveSecurity

Cinco libros imprescindibles sobre Inteligencia Artificial y Ciberseguridad para aspirantes a hackers éticos

La inteligencia artificial (IA) ya no es solo una moda técnica: es una herramienta clave tanto para defender como para atacar en el terreno de la cibe...

2026-01-24 - Hackplayers

VoxCPM: cuando el TTS deja de sonar a TTS

Durante años hemos aceptado una idea casi como dogma en text-to-speech: para generar audio hay que discretizarlo. Da igual si hablamos de unidades fon...

2026-01-18 - Hackplayers

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

2025-10-27 - Flu Project

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

2025-10-13 - Flu Project

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

2025-10-06 - Flu Project

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

2025-09-29 - Flu Project

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

2025-09-15 - Flu Project

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

2025-07-01 - BlogThinkBig

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

2025-06-17 - BlogThinkBig

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

2025-06-13 - BlogThinkBig

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

2025-06-12 - BlogThinkBig

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

2025-06-06 - BlogThinkBig