AHQ-AGENCY Cybersecurity News

Noticias Destacadas

Latest News

New tool blocks imposter attacks disguised as safe commands

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed command...

2026-02-08 - BleepingComputer

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newslett...

2026-02-08 - Security Affairs

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email...

2026-02-08 - Security Affairs

DKnife toolkit abuses routers to spy and deliver malware since 2019

DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerfu...

2026-02-08 - Security Affairs

Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational...

2026-02-08 - Help Net Security

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to Cla...

2026-02-08 - The Hacker News

Italian university La Sapienza still offline to mitigate recent cyber attack

Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues. Since February 2, Rome’s La...

2026-02-07 - Security Affairs

State actor targets 155 countries in 'Shadow Campaigns' espionage op

A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the "Shadow Campaigns,"...

2026-02-07 - BleepingComputer

Organizations Urged to Replace Discontinued Edge Devices

Edge devices that are no longer supported have been targeted in attacks by state-sponsored hackers, the US says. The post Organizations Urged to Repla...

2026-02-07 - SecurityWeek

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Securi...

2026-02-07 - The Hacker News

CISA pushes Federal agencies to retire end-of-support edge devices

CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecur...

2026-02-07 - Security Affairs

Payments platform BridgePay confirms ransomware attack behind outage

A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting...

2026-02-07 - BleepingComputer

Analysis of active exploitation of SolarWinds Web Help Desk

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch,...

2026-02-07 - Microsoft Security Blog

DHS privacy probe will focus on biometric tracking by ICE, OBIM

Auditors told CyberScoop the probe could expand to other parts of DHS and will look at the agency’s increasing use of biometric markers in immigration...

2026-02-06 - CyberScoop

Six more vulnerabilities found in n8n automation platform

Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of...

2026-02-06 - CSO Online

Germany warns of Signal account hijacking targeting senior figures

Germany's domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks vi...

2026-02-06 - BleepingComputer

DKnife Linux toolkit hijacks router traffic to spy, deliver malware

A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaign...

2026-02-06 - BleepingComputer

Attackers Used AI to Breach an AWS Environment in 8 Minutes

Threat actors using LLMs needed only eight minutes to move from initial access to full admin privileges in an attack on a company's AWS cloud environm...

2026-02-06 - Security Boulevard

Chinese-Made Malware Kit Targets Chinese-Based Routers and Edge Devices

DKnife is a Chinese made malware framework that targets Chinese-based users

2026-02-06 - Infosecurity Magazine

'Encrypt It Already' Campaign Pushes Big Tech to Prioritize E2E Encryption

The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption (E2E) b...

2026-02-06 - Dark Reading

Microsoft Unveils LiteBox, a Rust-Based Approach to Secure Sandboxing

Microsoft has released LiteBox, an experimental open-source library OS designed to sandbox applications while reducing their exposure to host systems....

2026-02-06 - Security Boulevard

Shai-hulud: The Hidden Cost of Supply Chain Attacks

Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify.

2026-02-06 - Dark Reading

Substack Confirms Data Breach, "Limited User Data" Compromised

Substack did not specify the number of users affected by the data breach

2026-02-06 - Infosecurity Magazine

Claude AI finds 500 high-severity software vulnerabilities

Anthropic only released its latest large language model, Claude Opus 4.6, on Thursday, but it has already been using it behind the scenes to identify ...

2026-02-06 - CSO Online

Fraud Prevention Is a Latency Game

There is a time window for every act of online fraud. When a transaction occurs, a fraud system must review it and decide if it’s legitimate before th...

2026-02-06 - Security Boulevard

OpenClaw's Gregarious Insecurities Make Safe Usage Difficult

Malicious "skills" and persnickety configuration settings are just some of the issues that security researchers have found when installing —...

2026-02-06 - Dark Reading

Pretend Disk Format: PDFs harbor new dangers

A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks. Because w...

2026-02-06 - CSO Online

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by ...

2026-02-06 - The Hacker News

State-backed phishing attacks targeting military officials and journalists on Signal

German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military...

2026-02-06 - Help Net Security

Apple Pay phish uses fake support calls to steal payment details

This Apple Pay phishing campaign is designed to funnel victims into fake Apple Support calls, where scammers steal payment details.

2026-02-06 - Malwarebytes Labs

Poland’s energy control systems were breached through exposed VPN access

On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The att...

2026-02-06 - Help Net Security

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lif...

2026-02-06 - The Hacker News

CISA orders US federal agencies to replace unsupported edge devices

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive aimed at reducing a long-standing cyber risk...

2026-02-06 - Help Net Security

Ten career-ending mistakes CISOs make and how to avoid them

The Chief Information Security Officer role has become one of the most precarious positions in the C-suite. According to a Hitch Partners study, the a...

2026-02-06 - CSO Online

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure orga...

2026-02-06 - The Hacker News

Flickr Security Incident Tied to Third-Party Email System

Potential breach at Flickr exposes usernames, email addresses, IP addresses, and activity data. The post Flickr Security Incident Tied to Third-Party ...

2026-02-06 - SecurityWeek

Living off the AI: The Next Evolution of Attacker Tradecraft

Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agen...

2026-02-06 - SecurityWeek

In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities

Other noteworthy stories that might have slipped under the radar: AT&T and Verizon response to Salt Typhoon, AI agents solve security challenges,...

2026-02-06 - SecurityWeek

CISA gives federal agencies 18 months to purge unsupported edge devices

The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their network...

2026-02-06 - CSO Online

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server ...

2026-02-06 - Help Net Security

Airrived Emerges From Stealth With $6.1 Million in Funding

The startup aims to unify SOC, GRC, IAM, vulnerability management, IT, and business operations through its Agentic OS platform. The post Airrived Emer...

2026-02-06 - SecurityWeek

New Cyber Startup Programme to Debut at Infosecurity Europe 2026

Infosecurity Europe 2026 will debut a new Cyber Startup Programme, featuring a dedicated show-floor zone for early-stage cybersecurity companies to sh...

2026-02-06 - Infosecurity Magazine

Why Attackers no Longer Need to Break in: The Rise of Identity-Based Attacks

In 2026 stolen credentials and unmanaged machine identities drive breaches—small buys, phone scams, and weak IAM make identity the real perimeter; pri...

2026-02-06 - Security Boulevard

The Human Layer of Security: Why People are Still the Weakest Link in 2026

By 2026 humans remain cybersecurity’s weakest—and most vital—link as AI-enabled social engineering rises; prioritize behavioral design, real‑time inte...

2026-02-06 - Security Boulevard

EnCase Driver Weaponized as EDR Killers Persist

The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed Windows to load it.

2026-02-05 - Dark Reading

Agentic AI Site 'Moltbook' Is Riddled With Security Risks

Someone used AI to build an entire Web platform, which then did something predictable and preventable: It exposed all its data through a publicly acce...

2026-02-05 - Dark Reading

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection ...

2026-02-05 - Microsoft Security Blog

CISA tells agencies to stop using unsupported edge devices

A binding operational directive issued Thursday looks to combat an attack pathway that has been behind some of the biggest attacks and most common exp...

2026-02-05 - CyberScoop

The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD

Most security incidents happen in the gap between knowing what matters and actually implementing security controls consistently. Read how Microsoft is...

2026-02-05 - Microsoft Security Blog

Alleged 764 member arrested, charged with CSAM possession in New York

Authorities have arrested multiple members of 764 during the past year, reflecting heightened law enforcement activity targeting the violent extremist...

2026-02-05 - CyberScoop

Malicious Commands in GitHub Codespaces Enable RCE

Flaws in GitHub Codespaces allow RCE via crafted repositories or pull requests

2026-02-05 - Infosecurity Magazine

Open the wrong “PDF” and attackers gain remote access to your PC

The DEAD#VAX campaign tricks users into installing AsyncRAT by disguising a virtual hard disk as a PDF attachment.

2026-02-05 - Malwarebytes Labs

Smartphones Now Involved in Nearly Every Police Investigation

Cellebrite data confirms digital evidence is now central to almost all cases

2026-02-05 - Infosecurity Magazine

Flock cameras shared license plate data without permission

A California city pulled the plug on its entire ALPR system when it found Flock had shared data with hundreds of agencies without permission.

2026-02-05 - Malwarebytes Labs

Why boards should be obsessed with their most ‘boring’ systems

Following a series of high-profile cyberattacks, boards of directors are now requiring their organizations to take greater responsibility for the risk...

2026-02-05 - CyberScoop

Detecting backdoored language models at scale

We're releasing new research on detecting backdoors in open-weight language models and highlighting a practical scanner designed to detect backdoored ...

2026-02-04 - Microsoft Security Blog

Grok continues producing sexualized images after promised fixes

Journalists retested Grok and found it still generates offensive images even when told the subjects were vulnerable, non-consenting people.

2026-02-04 - Malwarebytes Labs

Firefox is giving users the AI off switch

Mozilla and other companies are starting to see why giving users a choice over AI features matters.

2026-02-04 - Malwarebytes Labs

Cantwell claims telecoms blocked release of Salt Typhoon report

Senator Maria Cantwell, D-Wash., wants hearings to force AT&T and Verizon to disclose how they’ve responded to the hacks to protect telecom networ...

2026-02-03 - CyberScoop

Microsoft SDL: Evolving security practices for an AI-powered world

Discover Microsoft’s holistic SDL for AI combining policy, research, and enablement to help leaders secure AI systems against evolving cyberthreats. T...

2026-02-03 - Microsoft Security Blog

Please Don’t Feed the Scattered Lapsus ShinyHunters

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from vic...

2026-02-02 - Krebs on Security

Who Operates the Badbox 2.0 Botnet?

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicati...

2026-01-26 - Krebs on Security

Kimwolf Botnet Lurking in Corporate, Govt. Networks

A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distribut...

2026-01-20 - Krebs on Security

Patch Tuesday, January 2026 Edition

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulne...

2026-01-14 - Krebs on Security

Who Benefited from the Aisuru and Kimwolf Botnets?

Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising...

2026-01-08 - Krebs on Security

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

2022-08-31 - Threatpost

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

2022-08-30 - Threatpost

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

2022-08-29 - Threatpost

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

2022-08-26 - Threatpost

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

2022-08-25 - Threatpost

Noticias en Español

TechArena en Stockholm, Immerse en Madrid, Readem en Lisboa para Febrero

Este mes de Febrero, después de pasar por Austria la semana pasada, me lleva la semana que viene al TechArena el día 11 y 12 de Febrero en Stockholm, ...

2026-02-08 - El Lado del Mal

Vienna Airport hace la vida más fácil a los viajeros con "Grab This Display QRCode"

Hace unos meses os hablaba de que no entendía por qué los aeropuertos, o cualquier servicio que exige esperar un dato en un lugar físico, como la puer...

2026-02-07 - El Lado del Mal

Niños, niñas y chatbots: riesgos principales a los que prestar atención

A medida que los niños recurren a los chatbots de inteligencia artificial en busca de respuestas, consejos y compañía, surgen preguntas sobre su segur...

2026-02-06 - WeLiveSecurity

Exposición masiva de datos en clúster de Elasticsearch en China

Recientemente, se descubrió una brecha de datos significativa en un clúster no seguro de Elasticsearch, exponiendo la asombrosa cifra de 8.7 mil ...

2026-02-06 - Una al Día

Smuggling de imágenes Píxel a Píxel en LLMs

Cuando estaba escribiendo este artículo me he acordado de la historia que os conté de una de las pruebas de acceso que hacía a los chavales que quería...

2026-02-06 - El Lado del Mal

Evasión de la autenticación en InetUtils telnetd

Recientemente se ha descubierto una vulnerabilidad de alta criticidad en el paquete GNU Inetutils, que es una colección de herramientas de red y está ...

2026-02-05 - Una al Día

El Jailbreak del Juego de Rol en DeepSeek para ser un Killer

Como os dije en el artículo "ChatGPT: Safety Policies, Jailbreaks, Guardarraíles y Bug Bounties" de hace tres de días, estuve haciendo pruebas con&nbs...

2026-02-05 - El Lado del Mal

Robo de credenciales: métodos más frecuentes y recomendaciones para reducir el riesgo

El compromiso de contraseñas sigue siendo un problema recurrente en Latinoamérica, impulsado por técnicas de ingeniería social, malware especializado ...

2026-02-04 - WeLiveSecurity

Exploit activo de Metro4Shell: servidores de desarrollo comprometidos vía RCE en React Native

Desarrolladores y equipos DevOps deben extremar las precauciones. El Metro Development Server de React Native está siendo activamente explotado a trav...

2026-02-04 - Una al Día

Cat Attack & Knowledge Return Oriented Prompting en Gemini Nano Banana para tener a Freddie Mercury

Como os dije en el artículo "ChatGPT: Safety Policies, Jailbreaks, Guardarraíles y Bug Bounties" de hace un par de días, estuve haciendo pruebas con C...

2026-02-04 - El Lado del Mal

OpenClaw (antes Clawdbot y Moltbot): qué es el asistente de IA que automatiza tu PC y cuáles son sus riesgos de seguridad

OpenClaw, antes Clawdbot y Moltbot, automatiza tareas mediante IA local. Su popularidad crece, pero también las dudas: repasamos los principales riesg...

2026-02-03 - WeLiveSecurity

Detectada campaña en Windows que combina Pulsar RAT y Stealerv37 con interacción en tiempo real

Se ha detectado recientemente una campaña de malware para Windows que rompe con el esquema tradicional de «infección silenciosa». Se trata de un ataqu...

2026-02-03 - Una al Día

Vulnerabilidad crítica de bypass de autenticación en Fortinet FortiCloud SSO

El CVE-2026-24858 es una vulnerabilidad de bypass de autenticación (SSO) en múltiples productos de Fortinet. Un atacante remoto sin credenciales puede...

2026-02-02 - Una al Día

DynoWiper: actualización, análisis técnico y atribución

Los investigadores de ESET presentan detalles técnicos sobre un reciente incidente de destrucción de datos que afectó a una empresa del sector energét...

2026-01-30 - WeLiveSecurity

¿Cómo utilizan los grupos de ransomware los data leak sites como herramienta de presión?

Conoce cómo los data leak sites encajan en el ecosistema de los grupos de ransomware.

2026-01-29 - WeLiveSecurity

Cinco libros imprescindibles sobre Inteligencia Artificial y Ciberseguridad para aspirantes a hackers éticos

La inteligencia artificial (IA) ya no es solo una moda técnica: es una herramienta clave tanto para defender como para atacar en el terreno de la cibe...

2026-01-24 - Hackplayers

Configuración de seguridad de un endpoint Windows

Configuración de seguridad de un endpoint Windows Autor INCIBE (INCIBE) Vie, 23/01/2026 - 10:00 ...

2026-01-23 - INCIBE-CERT

VoxCPM: cuando el TTS deja de sonar a TTS

Durante años hemos aceptado una idea casi como dogma en text-to-speech: para generar audio hay que discretizarlo. Da igual si hablamos de unidades fon...

2026-01-18 - Hackplayers

NoDPI: cuando “engañar” a la inspección profunda de paquetes se vuelve un arte

No todas las herramientas de evasión y network tampering tienen nombres pegadizos como Obfsproxy o Shadowsocks. A veces basta con un acrónimo directo ...

2026-01-17 - Hackplayers

Lab para jugar con servidores MCP vulnerables

El Model Context Protocol (MCP) es un estándar de protocolo diseñado para permitir que modelos de IA (LLMs) interactúen con herramientas, datos y serv...

2026-01-09 - Hackplayers

40 años del Manifiesto Hacker: un clásico que aún late en la cultura digital

Hoy se cumplen 40 años desde que un pequeño texto publicado en la ezine Phrack encendió una chispa que sigue viva en toda la comunidad tecnológica. El...

2026-01-07 - Hackplayers

Redes privadas 5G: Guía de buenas prácticas en ciberseguridad

Redes privadas 5G: Guía de buenas prácticas en ciberseguridad Autor INCIBE (INCIBE) Jue, 18/12/2025 - 17:30 ...

2025-12-18 - INCIBE-CERT

Seguridad de las API

Seguridad de las API Autor INCIBE (INCIBE) Lun, 24/11/2025 - 11:06 En sus inici...

2025-11-24 - INCIBE-CERT

(2/3) Ataques DDoS en capas 3 y 4: vectores, funcionamiento y defensa

Esta es la segunda entrega sobre amenazas DDoS, en esta ocasión nos adentramos en las capas de red y transporte para analizar los vectores más comunes...

2025-10-27 - Flu Project

Adoptando DevSecOps: Seguridad integrada desde el código hasta la producción

Adoptando DevSecOps: Seguridad integrada desde el código hasta la producción Autor INCIBE (INCIBE) Lun, 20/10/2025 - ...

2025-10-20 - INCIBE-CERT

ISO/IEC 42001: el sistema de gestión de IA que probablemente conectemos con nuestra 27001

ISO/IEC 42001 se concibe como el nuevo esqueleto operativo para transformar la inteligencia artificial en un sistema gestionado con disciplina. No es ...

2025-10-13 - Flu Project

MITRE AADAPT: Anatomía ofensiva y defensa en el ecosistema de activos digitales

Cuando uno pasa demasiadas noches frente a un nodo de Ethereum observando tráfico, firmas, anomalías y patrones sospechosos, descubre que el ecosistem...

2025-10-06 - Flu Project

Snapshots en máquinas virtuales: ¿una herramienta útil o un riesgo oculto?

¿Piensas que una instantánea de una máquina virtual es lo mismo que un backup o una copia del disco? Entonces este post es para ti.Antes de nada, vamo...

2025-09-29 - Flu Project

Supercomputación y computación cuántica en ciberseguridad

Supercomputación y computación cuántica en ciberseguridad Autor INCIBE (INCIBE) Jue, 18/09/2025 - 13:02 ...

2025-09-18 - INCIBE-CERT

La importancia del Disaster Recovery Plan (DRP)

A pesar de que los ciberataques, fallos de hardware y software, desastres naturales, o incluso errores humanos son cada vez más frecuentes, muchas emp...

2025-09-15 - Flu Project

Pensar como un atacante: por qué el Red Team es clave para la ciberseguridad moderna

En un entorno digital donde las amenazas evolucionan más rápido que las soluciones, protegerse ya no es suficiente. Hay que anticiparse. Y para eso, e...

2025-07-01 - BlogThinkBig

Cómo saber si una app es falsa: ten siempre en cuenta estas claves

Vivimos constantemente con el móvil en la mano; es un dispositivo que usamos para casi todo. Hoy en día es útil tanto para cosas como pagar el café, c...

2025-06-17 - BlogThinkBig

Cómo proteger el ordenador sin ser un genio tech

Saber cómo proteger el ordenador nunca ha sido tan vital. Imagina perder tu equipo con Windows y no saber si tus datos personales están seguros. El pá...

2025-06-13 - BlogThinkBig

Privacidad en Internet: evita el rastreo y navega con seguridad

La privacidad en Internet se ha convertido en una preocupación constante. Es así como cada clic, búsqueda o interacción en línea puede dejar una huell...

2025-06-12 - BlogThinkBig

Álbum oculto: paso a paso para activarlo en tu teléfono Android

Las fotos y vídeos revelan un montón de información de tu vida personal. No siempre queremos que estén a la vista. Es por eso que en este artículo hab...

2025-06-06 - BlogThinkBig