Cybersecurity News - Noticias de Ciberseguridad

Latest News

Are We Ready for Auto Remediation With Agentic AI?

With the rapid innovations in AI, we are entering an exciting era of automated risk remediation. Learn about security team readiness to leverage agent...

2026-03-09 - Dark Reading

Survey: CISOs Continue to Struggle to Strike Right Risk Balance

A survey of 422 CISOs finds that while well over half (61%) believe their organizations are highly competent when it comes to cybersecurity and cyber ...

2026-03-09 - Security Boulevard

Ericsson US discloses data breach after service provider hack

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisc...

2026-03-09 - BleepingComputer

Meta’s AI Safety Chief Couldn’t Stop Her Own Agent. What Makes You Think You Can Stop Yours?

Two incidents from the last two weeks of February need to be read together, because separately they look like cautionary anecdotes and together they l...

2026-03-09 - Security Boulevard

USENIX Security ’25 (Enigma Track) – Securing Meta’s Production PKI Credentials

Author, Creator & Presenter: Ross Smith IV, Meta Platforms Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Crea...

2026-03-09 - Security Boulevard

Sensor-Level Access Control: A Game-Changer for Colocation Providers

Hyperview’s sensor-level access control is revolutionizing the way colocation providers manage shared infrastructure. By enabling granular access to i...

2026-03-09 - Security Boulevard

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and...

2026-03-09 - The Hacker News

Identity Crisis: Global Firms Face Mounting Risks Amid AI Surge and Lack of Recovery Testing

Organizations may be increasingly adopting Identity Threat Detection and Response (ITDR) practices, but a critical gap in disaster recovery readiness ...

2026-03-09 - Security Boulevard

OpenAI to acquire AI security platform Promptfoo

OpenAI are acquiring Promptfoo, an AI security platform that helps enterprises identify and remediate vulnerabilities in AI systems during development...

2026-03-09 - Help Net Security

CVE program funding secured, easing fears of repeat crisis

The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulner...

2026-03-09 - CSO Online

Sean Cairncross lays out what’s coming next for Trump’s cyber strategy

The national cyber director is pitching an approach that blends cyber operations with diplomacy, law enforcement and pressure on CEOs to shore up thei...

2026-03-09 - CyberScoop

Microsoft Teams will tag third-party bots trying to join meetings

Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings. [...]

2026-03-09 - BleepingComputer

ShinyHunters claims ongoing Salesforce Aura data theft attacks

Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more...

2026-03-09 - BleepingComputer

Cybersecurity M&A Roundup: 42 Deals Announced in February 2026

Significant cybersecurity M&A deals announced by Check Point, Booz Allen, Proofpoint, Sophos, Palo Alto Networks, and Zscaler. The post Cybersecu...

2026-03-09 - SecurityWeek

Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data

Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub

2026-03-09 - Infosecurity Magazine

FBI warns of phishing attacks impersonating US city, county officials

The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individua...

2026-03-09 - BleepingComputer

Trump Administration Unveils New Cyber Strategy for America

US national cyber strategy focuses on stronger defenses, countering threats, fostering innovation

2026-03-09 - Infosecurity Magazine

Russian hackers crack into officials’ Signal and WhatsApp accounts

Russian state hackers are trying to break into Signal and WhatsApp accounts used by diplomats, military staff, and government officials worldwide, Dut...

2026-03-09 - Help Net Security

Russia-linked hackers target Signal, WhatsApp of officials globally

Russia-linked hackers are targeting Signal and WhatsApp accounts of government and military officials worldwide, warns Dutch intelligence. Dutch intel...

2026-03-09 - Security Affairs

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organiza...

2026-03-09 - The Hacker News

Why Password Audits Miss the Accounts Attackers Actually Want

Password audits often focus on complexity rules but miss the accounts attackers actually target. Specops Software explains how breached passwords, orp...

2026-03-09 - BleepingComputer

UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source

New UK Online Crime Centre will combine expertise from a range of sources to takedown online channels cyber-scammers rely on

2026-03-09 - Infosecurity Magazine

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a...

2026-03-09 - The Hacker News

AI Security Startups Dominate New Cyber Innovation Awards

Over one in five winners of IT-Harvest’s 2026 Cyber 150 are AI security companies

2026-03-09 - Infosecurity Magazine

Fake Claude Code install pages hit Windows and Mac users with infostealers

Researchers uncovered fake Claude Code install pages spreading infostealers that steal passwords and browser sessions.

2026-03-09 - Malwarebytes Labs

Secure agentic AI for your Frontier Transformation

Learn how Microsoft Agent 365 and Microsoft 365 E7 can help secure your Frontier Transformation. The post Secure agentic AI for your Frontier Transfor...

2026-03-09 - Microsoft Security Blog

Quiz sites trick users into enabling unwanted browser notifications

The quiz is just bait. The real goal is to win permission to send browser notifications that can later be used for ads, scams, or shady promotions.

2026-03-09 - Malwarebytes Labs

ClickFix Attack Uses Windows Terminal to Evade Detection

Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog. The post ClickFix Attack Uses Windo...

2026-03-09 - SecurityWeek

No more soft play, President Trump warns in new cyber strategy

The White House released “President Trump’s Cyber Strategy for America,” a policy framework outlining the administration’s priorities for maintaining ...

2026-03-09 - Help Net Security

iProov secures hiring, access, and recovery by verifying the human behind every login

iProov the iProov Workforce Solution Suite, designed to protect enterprises from deepfakes and other identity attacks while improving operational effi...

2026-03-09 - Help Net Security

Internet Infrastructure TLD .arpa Abused in Phishing Attacks

Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare. The post Internet Infrastructure TLD ...

2026-03-09 - SecurityWeek

Chinese Cyber Threat Lurks In Critical Asian Sectors for Years

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spyin...

2026-03-09 - Dark Reading

OpenAI says Codex Security found 11,000 high-impact bugs in a month

OpenAI’s new AppSec agent, Codex Security, has already flagged over 11,000 high-severity and critical flaws in real-world codebases during its first 3...

2026-03-09 - CSO Online

Can the Security Platform Finally Deliver for the Mid-Market?

Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply ...

2026-03-09 - The Hacker News

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign

Threat actors replace legitimate commands on the cloned installation webpages with malicious commands. The post Cloned AI Tool Sites Distribute Malwar...

2026-03-09 - SecurityWeek

OpenWrt 25.12.0 ships with new package manager, built-in upgrade tool, support for 2200+ devices

OpenWrt 25.12.0 is now available for download. The release incorporates over 4,700 commits since branching from OpenWrt 24.10. Package manager changes...

2026-03-09 - Help Net Security

Cognizant’s TriZetto Provider Solutions data breach impacted over 3.4 million patients

A breach at Cognizant’s TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cogniz...

2026-03-09 - Security Affairs

TriZetto Provider Solutions Breach Hits 3.4 Million Patients

Billing services provider TriZetto Provider Solutions has begun notifying millions of patients about a data breach

2026-03-09 - Infosecurity Magazine

NIS-2: Tausende reißen BSI-Frist und riskieren Strafen

Das deutsche Gesetz zur Umsetzung der NIS-2-Richtlinie ist am 6. Dezember 2025 in Kraft getreten.konstakorhonen – shutterstock.com Welche Auswirkun...

2026-03-09 - CSO Online

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to ...

2026-03-09 - The Hacker News

We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it.

Hackers have cut their attack timelines from weeks to hours while the government spreads resources too thin. We need to stop pretending we can protect...

2026-03-09 - CyberScoop

Rogues gallery: 15 worst ransomware groups active today

Ransomware-as-a-service (RaaS) models, double extortion tactics, and increasing adoption of AI characterize the evolving ransomware threat landscape. ...

2026-03-09 - CSO Online

A week in security (March 2 – March 8)

A list of topics we covered in the week of March 2 to March 8 of 2026

2026-03-09 - Malwarebytes Labs

Anthropic Claude Opus AI model discovers 22 Firefox bugs

Anthropic used Claude Opus 4.6 to identify 22 Firefox vulnerabilities, most of which were high severity, all of which were fixed in Firefox 148, relea...

2026-03-09 - Security Affairs

4 ways to prepare your SOC for agentic AI

a way to automate alert triage, threat investigation and eventually higher-level functions. According to IDC, agentic AI is on track to become main...

2026-03-09 - CSO Online

How AI Assistants are Moving the Security Goalposts

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any ...

2026-03-08 - Krebs on Security

Ring doorbells: Won’t you see my neighbor? (Lock and Code S07E05)

This week on the Lock and Code podcast, we speak with Matthew Guariglia about Ring smart doorbells and the surveillance network they create.

2026-03-08 - Malwarebytes Labs

Critical Nginx UI flaw CVE-2026-27944 exposes server backups

Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management i...

2026-03-08 - Security Affairs

Massive GitHub malware operation spreads BoryptGrab stealer

Trend Micro found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data, crypto wallets, system information, and user f...

2026-03-08 - Security Affairs

Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited

WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses. The post Recent Cisco Catalyst SD-WAN Vulnerabili...

2026-03-08 - SecurityWeek

The long-awaited Trump cyber strategy has arrived

The administration also released an executive order on cybercrime and fraud. The post The long-awaited Trump cyber strategy has arrived appeared first...

2026-03-06 - CyberScoop

One click on this fake Google Meet update can give attackers control of your PC

We found a fake Google Meet update that enrolls the victim's Windows PC in an attacker's device management system.

2026-03-06 - Malwarebytes Labs

Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI

Attackers have turned AI into a “force multiplier” for the country’s expansive scheme to get and keep operatives hired at global companies, researcher...

2026-03-06 - CyberScoop

Cylake Offers AI-Native Security Without Relying on Cloud Services

Cylake's platform will analyze security data locally and identify potential attacks for organizations concerned about data sovereignty.

2026-03-06 - Dark Reading

DHS CISO, deputy CISO exit amid reported IT leadership overhaul

Two sources tell FedScoop the personnel changes are part of a broader effort to consolidate IT and cybersecurity functions at DHS headquarters. The po...

2026-03-06 - CyberScoop

North Korean APTs Use AI to Enhance IT Worker Scams

DPRK worker scams are old hat, but they're still working, thanks to AI tools that help with everything from face swapping to daily emails.

2026-03-06 - Dark Reading

AI as tradecraft: How threat actors operationalize AI

Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrat...

2026-03-06 - Microsoft Security Blog

EU Auto Rules Shift Gears on Cybersecurity Standards

The European Union is taking new precautions as climate change and cybersecurity threats rise across the automotive industry.

2026-03-06 - Dark Reading

Women’s History Month: Encouraging women in cybersecurity at every career stage

This Women’s History Month, we explore ways to support the next generation of female defenders at every career stage. The post Women’s History Month: ...

2026-03-05 - Microsoft Security Blog

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 instal...

2026-03-05 - Microsoft Security Blog

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Mi...

2026-03-04 - Microsoft Security Blog

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's lar...

2026-02-28 - Krebs on Security

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by ant...

2026-02-20 - Krebs on Security

Kimwolf Botnet Swamps Anonymity Network I2P

For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a dece...

2026-02-11 - Krebs on Security

Patch Tuesday, February 2026 Edition

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopp...

2026-02-10 - Krebs on Security

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

2022-08-31 - Threatpost

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

2022-08-30 - Threatpost

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

2022-08-29 - Threatpost

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

2022-08-26 - Threatpost

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

2022-08-25 - Threatpost

Noticias en Español

Dos extensiones de Chrome ‘legítimas’ se vuelven maliciosas tras cambiar de dueño y habilitan inyección de código y robo de datos

Las extensiones QuickLens y ShotBird habrían pasado de ser herramientas aparentemente normales a incluir actualizaciones maliciosas tras un cambio de ...

2026-03-09 - Una al Día

Fear of the Dark: DeepFakes, Sappo & Sentiment Analysis

En la primera parte del artículo os dejé la introducción pre GenAI, que una vez que llegó el mundo de la Inteligencia Artificial Generativa todo ha ca...

2026-03-09 - El Lado del Mal

Fear of the Dark: Fear, Data & Fake News

Este año la charla de RooteddCON Madrid 2026 fue sobre el miedo, la explotación del miedo, y el uso de la tecnología para detectar qué miedos quieren ...

2026-03-08 - El Lado del Mal

RootedCON Madrid: Una vez más

Un evento de más de 5.000 personas del mundo de la ciberseguridad y el hacking, hacen de RootedCON Madrid sea el corazón de la comunidad más grande de...

2026-03-07 - El Lado del Mal

Fuga masiva expone datos de más de un millón de usuarios en plataforma de IA

La plataforma KomikoAI, especializada en generación de videos e imágenes mediante inteligencia artificial, ha experimentado una filtración que expone ...

2026-03-07 - Una al Día

Podcast | Estafas digitales: el hackeo de las emociones

En este episodio, especialistas en ciberseguridad y salud mental revelan cómo las emociones pueden exponernos a estafas digitales y qué hacer para rec...

2026-03-06 - WeLiveSecurity

Europol desmantela LeakBase: cae uno de los mayores mercados de datos robados en Internet

Europol ha liderado el cierre de LeakBase, uno de los mayores mercados ilegales dedicados a la compraventa de datos robados en Internet, en una operac...

2026-03-06 - Una al Día

Un simple typo provoca un 0-day de ejecución remota de código en Firefox

Investigadores de seguridad han revelado recientemente un 0-day en Firefox que demuestra cómo un error aparentemente trivial puede convertirse en una ...

2026-03-06 - Una al Día

RootedCON Madrid 2026: Firma de libros, Podcast, Charla y más

Hoy os dejo un post muy rápido, sólo por si vas a estar en RootedCON hoy. Voy a intentar hacer varias cosas, a ver si soy capaz, que la mañana la teng...

2026-03-06 - El Lado del Mal

Cómo las PyMEs utilizan la investigación de amenazas y los servicios MDR para fortalecer su ciberdefensa

Hablamos con Jean‑Ian Boutin, director de ESET Threat Research, sobre cómo las soluciones de ciberseguridad que combinan tecnología avanzada y experie...

2026-03-05 - WeLiveSecurity

Hugging Face: qué es y cómo el cibercrimen explota la cadena de suministro de IA

Descubre cómo funcionan los ataques a través de Hugging Face, los riesgos asociados a la deserialización de modelos y las estrategias de gobernanza ne...

2026-03-05 - WeLiveSecurity

CyberStrikeAI desata una ola de ciberataques automatizados contra firewalls Fortinet mediante inteligencia artificial

La automatización de ciberataques alcanza un nuevo nivel: CyberStrikeAI, una plataforma de código abierto impulsada por inteligencia artificial, ha si...

2026-03-05 - Una al Día

Cloudforce ONE: Cloudflare Threat Report 2026

Cloudflare tiene una visibilidad de lo que está sucediendo en Internet muy especial. El 20% del tráfico mundial HTTP pasa por el Edge de Cloudflare, l...

2026-03-05 - El Lado del Mal

Living off the Land 2.5: persistencia que vive dentro de contenedores y casi nadie está mirando

Cuando empecé a investigar intrusiones recientes en infraestructuras Linux modernas, hubo algo que empezó a repetirse: no era malware clásico, no eran...

2026-03-04 - Hackplayers

Estafas por WhatsApp: 5 errores de seguridad que facilitan el robo de cuentas

¿Por qué la seguridad de las aplicaciones no es suficiente? Descubre cómo los ciberdelincuentes aprovechan simples fallos de privacidad para clonar cu...

2026-03-04 - WeLiveSecurity

7 tips para detectar apps móviles falsas

Estos son los 7 consejos que debes tener en cuenta para mantenerte alejado de amenazas para dispositivos móviles: cómo identificar una app maliciosa y...

2026-03-03 - WeLiveSecurity

Living off the Land 2.0 en Linux: Persistencia para pasar desapercibidos al SOC

Hay una regla no escrita en intrusiones modernas: El mejor malware es el que no parece malware. Pero hay una evolución aún más interesante q...

2026-03-02 - Hackplayers

Heretic o cómo eliminar fácilmente la censura en un LLM

Los modelos de lenguaje actuales (los conocidos LLM, Large Language Models) se han convertido en piezas clave de muchas aplicaciones: asistentes, anál...

2026-03-01 - Hackplayers

PentAGI: Automatización avanzada de penetration testing con agentes AI autónomos

En los últimos años, el pentesting ha evolucionado desde procesos manuales altamente especializados hacia flujos híbridos donde la automatización y la...

2026-02-22 - Hackplayers

Writeups CTF Hardware Hacking h-c0n 2026

Desde que fundamos la conferencia h-c0n uno de nuestros “sueños” era tener nuestro propio badge electrónico, al más puro estilo DEF CON. No ha sido ha...

2026-02-17 - Hackplayers

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

2025-10-27 - Flu Project

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

2025-10-13 - Flu Project

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

2025-10-06 - Flu Project

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

2025-09-29 - Flu Project

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

2025-09-15 - Flu Project

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

2025-07-01 - BlogThinkBig

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

2025-06-17 - BlogThinkBig

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

2025-06-13 - BlogThinkBig

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

2025-06-12 - BlogThinkBig

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

2025-06-06 - BlogThinkBig