Cybersecurity News - Noticias de Ciberseguridad

Latest News

‘The Tidal Wave Coming At Everybody:’ The Issue of Data Sprawl and Identity
‘The Tidal Wave Coming At Everybody:’ The Issue of Data Sprawl and Identity

In the second part of this four-part video series, Decipher editor Lindsey O’Donnell-Welch talks to Merritt Baer, CISO at Reco, Neda Pitt, CISO at Be...

2025-06-10 - Decipher
What Impact Will AI Have on Cybersecurity Risk Management?
What Impact Will AI Have on Cybersecurity Risk Management?

In the third part of this four-part video series, Decipher editor Lindsey O’Donnell-Welch talks to Merritt Baer, CISO at Reco, Neda Pitt, CISO at Be...

2025-06-10 - Decipher
The New Age of Cloud Security and Multi-Cloud Defense
The New Age of Cloud Security and Multi-Cloud Defense

Longtime cloud security educator and researcher Rich Mogull, SVP of cloud security at FireMon, joins Decipher editor Dennis Fisher to dive into the c...

2025-06-10 - Decipher
The ‘Sleeping Time Bomb’ of Third-Party Cybersecurity Risk
The ‘Sleeping Time Bomb’ of Third-Party Cybersecurity Risk

In the final part of this four-part video series, Decipher editor Lindsey O’Donnell-Welch talks to Merritt Baer, CISO at Reco, Neda Pitt, CISO at Bel...

2025-06-10 - Decipher
Wendy Nather on the ‘Topics That Are Distracting CISOs’
Wendy Nather on the ‘Topics That Are Distracting CISOs’

Wendy Nather, distinguished cybersecurity leader and director of strategic engagements at Cisco, talks to Lindsey O’Donnell-Welch, executive editor w...

2025-06-10 - Decipher
Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce

Patch Tuesday: Adobe documents hundreds of bugs across multiple products and warns of code execution, feature bypass risks. The post Code Execution Fl...

2025-06-10 - SecurityWeek
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experien...

2025-06-10 - The Hacker News
Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’

Redmond warns that external control of a file name or path in WebDAV "allows an unauthorized attacker to execute code over a network." The post Micros...

2025-06-10 - SecurityWeek
Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud
Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing...

2025-06-10 - The Hacker News
Windows 10 KB5060533 cumulative update released with 7 changes, fixes

Microsoft has released the KB5060533 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including bringing second...

2025-06-10 - BleepingComputer
House committee sets CISA budget cut at $135M, not Trump’s $495M

The move indicated at least some resistance to the president’s CISA reduction goal, but Democrats still said that was too steep for the agency’s fisca...

2025-06-10 - CyberScoop
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

Today is Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another...

2025-06-10 - BleepingComputer
United Natural Food's Operations Limp Through Cybersecurity Incident
United Natural Food's Operations Limp Through Cybersecurity Incident

It's unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company's operations.

2025-06-10 - Dark Reading
Windows 11 KB5060842 and KB5060999 cumulative updates released

Microsoft has released Windows 11 KB5060842 and KB5060999 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues, in...

2025-06-10 - BleepingComputer
SAP June 2025 Security Patch Day fixed critical NetWeaver bug

SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch released in June 2025 Security Patch. SAP J...

2025-06-10 - Security Affairs
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to d...

2025-06-10 - The Hacker News
Microsoft Outlook to block more risky attachments used in attacks

Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month. [...]

2025-06-10 - BleepingComputer
Texas Dept. of Transportation breached, 300k crash records stolen

The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from it...

2025-06-10 - BleepingComputer
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users

Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via ...

2025-06-10 - The Hacker News
Poisoned npm Packages Disguised as Utilities Aim for System Wipeout
Poisoned npm Packages Disguised as Utilities Aim for System Wipeout

Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to softw...

2025-06-10 - Dark Reading
SSH Keys: The Most Powerful Credential You're Probably Ignoring
SSH Keys: The Most Powerful Credential You're Probably Ignoring

SSH keys enable critical system access but often lack proper management. This security blind spot creates significant risk through untracked, unrotate...

2025-06-10 - Dark Reading
U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vuln...

2025-06-10 - Security Affairs
Hackers Stole 300,000 Crash Reports From Texas Department of Transportation

The Texas Department of Transportation has disclosed a data breach impacting the personal information included in 300,000 crash reports. The post Hack...

2025-06-10 - SecurityWeek
44% of people encounter a mobile scam every single day, Malwarebytes finds

A mobile scam finds most people at least once a week, new Malwarebytes research reveals. The financial and emotional consequences are dire.

2025-06-10 - Malwarebytes Labs
Swimlane Raises $45 Million for Security Automation Platform

Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation. The post Swimlane Raises $45 Mi...

2025-06-10 - SecurityWeek
Google bug allowed phone number of almost any user to be discovered

Google has fixed a vulnerability in its account recovery flow which could have allowed attackers to find linked phone numbers.

2025-06-10 - Malwarebytes Labs
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud

Security researchers uncover critical flaws and widespread misconfigurations in Salesforce’s industry-specific CRM solutions. The post Five Zero-Days,...

2025-06-10 - SecurityWeek
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier

Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact s...

2025-06-10 - The Hacker News
Mirai botnets exploit Wazuh RCE, Akamai warned

Mirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai warned. Akamai researchers warn that multi...

2025-06-10 - Security Affairs
China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns
China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns

China-linked threat actor targeted over 70 global organizations, including governments and media, in cyber-espionage attacks from July 2024 to March 2...

2025-06-10 - Security Affairs
United Natural Foods, distributor for Whole Foods Market, hit by cyberattack

The incident follows a spree of ransomware and extortion attacks targeting multiple U.S.- and U.K.-based retailers, including grocery stores. The logi...

2025-06-09 - CyberScoop
New Trump Cybersecurity Order Reverses Biden, Obama Priorities
New Trump Cybersecurity Order Reverses Biden, Obama Priorities

The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government's cyber activities to enabling AI, rolling ...

2025-06-09 - Dark Reading
OpenAI Bans ChatGPT Accounts Linked to Nation-State Threat Actors
OpenAI Bans ChatGPT Accounts Linked to Nation-State Threat Actors

The AI company's investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employme...

2025-06-09 - Dark Reading
How and where to report an online scam

Find out where and how victims can report online scams to prevent more victims and possibly recover funds.

2025-06-09 - Malwarebytes Labs
Been scammed online? Here’s what to do

Have you been scammed online? Here are some tips to limit the damage and follow up steps you may find useful

2025-06-09 - Malwarebytes Labs
DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam

US seeks to seize $7.74M in crypto linked to North Korean fake IT worker schemes, per a new DOJ forfeiture complaint. The DOJ filed a civil forfeiture...

2025-06-09 - Security Affairs
FBI veteran Brett Leatherman to lead Cyber division

Leatherman, a 22-year FBI veteran, has been heavily involved in cyber investigations as section chief and deputy assistant director over the past thre...

2025-06-09 - CyberScoop
Internet infamy drives The Com’s crime sprees

Unit 221B’s Allison Nixon said crackdowns have effectively shown the group that their actions carry real consequences. The post Internet infamy drives...

2025-06-09 - CyberScoop
Unverified code is the next national security threat

Congress and federal agencies can take some simple steps to better protect open-source software. The post Unverified code is the next national securit...

2025-06-09 - CyberScoop
A week in security (June 1 – June 7)

A list of topics we covered in the week of June 1 to June 7 of 2025

2025-06-09 - Malwarebytes Labs
Proxy Services Feast on Ukraine’s IP Address Exodus
Proxy Services Feast on Ukraine’s IP Address Exodus

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new stud...

2025-06-05 - Krebs on Security
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for...

2025-05-30 - Krebs on Security
Pakistan Arrests 21 in ‘Heartsender’ Malware Service
Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that op...

2025-05-28 - Krebs on Security
Oops: DanaBot Malware Devs Infected Their Own PCs
Oops: DanaBot Malware Devs Infected Their Own PCs

The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-...

2025-05-22 - Krebs on Security
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per s...

2025-05-20 - Krebs on Security
Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

2022-08-31 - Threatpost
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

2022-08-30 - Threatpost
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

2022-08-29 - Threatpost
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

2022-08-26 - Threatpost
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

2022-08-25 - Threatpost

Noticias en Español

Ataque a la cadena de suministro de paquetes NPM de React-Native
Ataque a la cadena de suministro de paquetes NPM de React-Native

Un importante ataque a la cadena de suministro afectó a NPM (Javascript) después de que 17 paquetes populares de Gluestack '@react-native-aria', ...

2025-06-10 - Segu-Info
Script de PowerShell para restaurar la carpeta "inetpub" vacía de Windows
Script de PowerShell para restaurar la carpeta "inetpub" vacía de Windows

Microsoft ha publicado un script de PowerShell para restaurar la carpeta "inetpub" vacía, creada por las actualizaciones de seguridad de Window...

2025-06-08 - Segu-Info
Vulnerabilidades en Fortinet explotadas para infectar con ransomware a empresas de América Latina
Vulnerabilidades en Fortinet explotadas para infectar con ransomware a empresas de América Latina

La operación de ransomware Qilin / Agenda se ha unido recientemente a ataques que explotan dos vulnerabilidades de Fortinet que permiten el...

2025-06-07 - Segu-Info
Cisco corrige vulnerabilidad crítica en ISE con PoC pública
Cisco corrige vulnerabilidad crítica en ISE con PoC pública

Cisco ha publicado hotfixes para su Identity Services Engine (ISE) tras revelarse CVE-2025-20286, una vulnerabilidad de credenciales estáticas que afe...

2025-06-07 - Una al Día
Botnet BADBOX 2.0 infecta millones de dispositivos en América Latina
Botnet BADBOX 2.0 infecta millones de dispositivos en América Latina

El FBI advierte que la campaña de malware BADBOX 2.0 ha infectado más de un millón de dispositivos domésticos conectados a Internet, ...

2025-06-06 - Segu-Info
Google corrige (nuevo) error Zero-Day en Chrome explotado activamente
Google corrige (nuevo) error Zero-Day en Chrome explotado activamente

Google ha lanzado una actualización de seguridad de emergencia para corregir la tercera vulnerabilidad Zero-Day de Chrome explotada en ataques des...

2025-06-06 - Segu-Info
Extensiones de Chrome filtran API keys y datos en texto plano
Extensiones de Chrome filtran API keys y datos en texto plano

Varios complementos muy populares de Google Chrome ‒entre ellos SEMRush Rank, Browsec VPN, MSN New Tab, DualSafe Password Manager, AVG Online Security...

2025-06-06 - Una al Día
¡Diez años a la sombra! Una vieja vulnerabilidad crítica en Roundcube permite ejecutar código tras autenticarse
¡Diez años a la sombra! Una vieja vulnerabilidad crítica en Roundcube permite ejecutar código tras autenticarse

Un investigador ha destapado un bug que llevaba una década escondido en Roundcube Webmail. El fallo (CVE-2025-49113, CVSS 9.9) permite que cualquier u...

2025-06-04 - Una al Día
Microsoft, CrowdStrike, Google y Palo Alto presentan la “Piedra Rosetta” del ciberespionaje: un glosario para descifrar los alias de los grupos APT
Microsoft, CrowdStrike, Google y Palo Alto presentan la “Piedra Rosetta” del ciberespionaje: un glosario para descifrar los alias de los grupos APT

En un movimiento inusual de colaboración, Microsoft, CrowdStrike, Palo Alto Networks y Google han anunciado la creación de un glosario público para po...

2025-06-03 - Una al Día
Nuevas vulnerabilidades en Linux permiten robar el hash de contraseñas desde core dumps
Nuevas vulnerabilidades en Linux permiten robar el hash de contraseñas desde core dumps

Dos fallos de condición de carrera descubiertos por Qualys en los manejadores de core dumps de Linux —apport en Ubuntu y systemd-coredump en Red Hat E...

2025-06-02 - Una al Día
Acceso inicial no autorizado a equipos SCI - Parte 2
Acceso inicial no autorizado a equipos SCI - Parte 2

Acceso inicial no autorizado a equipos SCI - Parte 2 Autor INCIBE (INCIBE) Vie, 16/05/2025 - 10:45 En nuestro anterior artículo dedicado a esta ...

2025-05-16 - INCIBE-CERT
Acceso inicial no autorizado a equipos SCI - Parte 1
Acceso inicial no autorizado a equipos SCI - Parte 1

Acceso inicial no autorizado a equipos SCI - Parte 1 Autor INCIBE (INCIBE) Jue, 24/04/2025 - 10:54 ¿Qué es la táctica Initial Access?La táctica ...

2025-04-24 - INCIBE-CERT
Claves forenses en Windows: artefactos esenciales para la investigación digital
Claves forenses en Windows: artefactos esenciales para la investigación digital

Claves forenses en Windows: artefactos esenciales para la investigación digital Autor INCIBE (INCIBE) Jue, 20/03/2025 - 11:01 La ciencia forense...

2025-03-20 - INCIBE-CERT
Explorando el módulo de scripts de Nmap
Explorando el módulo de scripts de Nmap

Explorando el módulo de scripts de Nmap Autor INCIBE (INCIBE) Jue, 20/02/2025 - 10:27 Una de las innovaciones más significativas en Nmap es el N...

2025-02-20 - INCIBE-CERT
ASLR: la protección esencial contra la explotación de memoria
ASLR: la protección esencial contra la explotación de memoria

ASLR: la protección esencial contra la explotación de memoria Autor INCIBE (INCIBE) Lun, 13/01/2025 - 13:32 A pesar de los significativos esfuer...

2025-01-13 - INCIBE-CERT

Licencia

Este proyecto se publica bajo la licencia MIT. Eres libre de usar el código con la debida atribución.

Política de Privacidad

No recopilamos datos personales. Solo se registran métricas anónimas del servidor.