Category: Software>Security

Iran could be much more active in the hacker sphere than we assumed

A comprehensive analysis of 250,000 active messages among Iranian hacktivist groups during a recent 12-day conflict with Israel has revealed a remarkable level of coordination and agility in their operations. According to the SecurityScorecard report, more than 178 groups encompassing a wide range of tactics, from propaganda to cyberattacks, managed to articulate their efforts quickly and strategically. Israel has taken many things for granted. Analyst Nima Khorrami from NSSG Global highlighted that this conflict marked a turning point in Iran’s cyber strategy, evidencing greater integration of digital tools to […]

A comprehensive analysis of 250,000 active messages among Iranian hacktivist groups during a recent 12-day conflict with Israel has revealed a remarkable level of coordination and agility in their operations. According to the report by SecurityScorecard, more than 178 groups that encompassed a wide range of tactics, from propaganda to cyberattacks, managed to articulate their efforts quickly and strategically.

Israel has taken many things for granted

The analyst Nima Khorrami, from NSSG Global, highlighted that this conflict marked a turning point in Iran’s cyber strategy, showcasing a greater integration of digital tools across military, political, and psychological domains. The harmonized response of these groups not only had offensive purposes but also aimed to shape the informational environment amid the conflict.

Despite this cyber deployment, some experts have questioned the real effectiveness of the operations. Nikita Shah, from the Atlantic Council, argued that cyber activity, while significant, did not generate decisive advantages in the military realm. Instead, the most notable impact of these actions has been on the civilian population, where the collateral effects were more visible than any change in the balance of power in the conflict.

One of the most active groups, known as Imperial Kitten (or Tortoiseshell), adjusted its cyberattack tactics as physical combat intensified, incorporating phishing techniques developed in response to the situation. This indicates that these organizations have planning cycles that quickly adapt to changes on the ground.

As tensions continue, the U.S. government has issued warnings about the possible consequences of these cyber operations, suggesting that espionage and digital attacks could escalate in the future. However, the real effectiveness and impact of these actions remain a subject of debate among analysts.

Avast Free Antivirus DOWNLOAD

Be careful with TikTok links, because they could be used to steal your data

Cybersecurity researchers have discovered a wide-ranging malicious campaign targeting TikTok Shop users worldwide, aimed at stealing credentials and distributing malicious applications. The cybersecurity firm CTM360 has named this operation ClickTok, highlighting how threat actors are exploiting the e-commerce platform through a dual strategy that combines phishing and malware. A not very sophisticated scam, but very effective. More than 15,000 domains that mimic legitimate TikTok URLs have been identified, many of them hosted on top-level domains like .top, .shop, and […]

Cybersecurity researchers have uncovered a widespread malicious campaign targeting TikTok Shop users worldwide, aimed at stealing credentials and distributing malicious applications. The cybersecurity firm CTM360 has named this operation ClickTok, highlighting how threat actors are exploiting the e-commerce platform through a dual strategy that combines phishing and malware.

A not very sophisticated scam, but very effective

More than 15,000 domains that imitate legitimate TikTok URLs have been identified, many of them hosted on top-level domains such as .top, .shop, and .icu. These fake sites are designed to deceive users into believing they are interacting with the official platform or legitimate affiliates. Phishing pages lure users into depositing cryptocurrencies in fraudulent stores by offering discounts and non-existent products.

The heart of this campaign involves the use of a malicious application that contains malware known as SparkKitty. This malware has the ability to collect data from Android and iOS devices, as well as analyze cryptocurrency wallets. Users who download this application are led to enter their login credentials, only to face failures that redirect them to an alternative login through Google.

In addition, another type of phishing targeting users of Meta Business Suite has been identified, through fake emails alerting about policy violations. The U.S. Department of the Treasury’s Financial Crimes Enforcement Network has urged financial institutions to remain vigilant against suspicious activities related to convertible virtual currency kiosks, as criminals continue to exploit innovative technologies to carry out fraud.

TikTok DOWNLOAD

Google Chrome receives a critical update without which you could lose control of your computer

Google has released a critical update for its Chrome browser that fixes several severe vulnerabilities, including one that could allow attackers to manipulate memory and execute arbitrary code on users’ systems. The latest version, Chrome 138.0.7204.183 for Linux and 138.0.7204.183/.184 for Windows and Mac, addresses these urgent security issues and all users are advised to update their browser immediately. Update your browser right now The most significant vulnerability in this update is CVE-2025-8292, a ‘use-after-free’ type flaw found in Chrome’s Media Stream component. This type of vulnerability of […]

Google has released a critical update for its Chrome browser that fixes several severe vulnerabilities, including one that could allow attackers to manipulate memory and execute arbitrary code on users’ systems. The latest version, Chrome 138.0.7204.183 for Linux and 138.0.7204.183/.184 for Windows and Mac, addresses these urgent security issues and all users are advised to update their browser immediately.

Update your browser right now

The most significant vulnerability in this update is CVE-2025-8292, a ‘use-after-free’ type flaw found in the Media Stream component of Chrome. This type of memory corruption vulnerability is particularly dangerous, as a remote attacker can exploit it through a malicious HTML page. If successful, the attacker could crash the browser or execute malicious code, which could result in the installation of unauthorized programs, theft or alteration of data, or the creation of new user accounts with full privileges.

The anonymous security researcher who discovered the vulnerability CVE-2025-8292 reported it to Google on June 19, 2025, and received a reward of $8,000 through the Chrome Vulnerability Reward Program. Google has restricted access to the full details of the bug to allow most users to apply the patch, a standard practice to prevent the active exploitation of vulnerabilities.

This update is part of a series of security patches for Chrome 138. Previously, in July, Google addressed other serious vulnerabilities, including CVE-2025-6558, a zero-day exploit that was actively being used in attacks. Throughout June and July, Chrome 138 has received multiple updates to fix various security flaws, including type confusion in the V8 JavaScript engine and other memory-related errors.

Google’s security teams are constantly working to discover and resolve vulnerabilities through internal audits and other security initiatives. Users can ensure that their browser is up to date by going to “Help” and then “About Google Chrome” in the browser menu.

Google Chrome DOWNLOAD

Microsoft servers are at risk due to a serious vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical vulnerabilities in Microsoft SharePoint, designated as CVE-2025-49704 and CVE-2025-49706. Both vulnerabilities are being actively exploited worldwide, posing a significant risk to organizations operating on-premises SharePoint servers. A vulnerability that could be critical The first vulnerability, CVE-2025-49704, is a serious code injection flaw that allows authorized attackers to execute arbitrary code over a network connection, which could result in full control over the compromised server. This vulnerability is classified as CWE-94, referring to […]

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical vulnerabilities in Microsoft SharePoint, designated as CVE-2025-49704 and CVE-2025-49706. Both vulnerabilities are being actively exploited worldwide, posing a significant risk to organizations operating on-premises SharePoint servers.

A vulnerability that can be critical

The first vulnerability, CVE-2025-49704, is a serious code injection flaw that allows authorized attackers to execute arbitrary code through a network connection, which could result in full control over the compromised server. This vulnerability is classified as CWE-94, referring to Improper Control of Code Generation, and may result in the exposure of sensitive data and a potential information exfiltration.

On the other hand, CVE-2025-49706 is a vulnerability of incorrect authentication that facilitates spoofing attacks, allowing attackers to bypass authentication controls and gain unauthorized access to critical information. This flaw is classified under CWE-287, and its successful exploitation allows attackers to modify data and compromise the integrity of SharePoint environments.

When both vulnerabilities are combined, they create a powerful attack vector. Attackers often use CVE-2025-49706 to bypass authentication and then exploit CVE-2025-49704 to inject malicious code. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog with a remediation deadline of 24 hours, highlighting the urgency and severity of the situation.

Likewise, CISA has recommended that organizations take immediate action, especially those using versions of SharePoint that are no longer supported. For supported versions, it is urged to apply the latest security patches and to follow the mitigation guidelines recommended by Microsoft.

Microsoft Edge DOWNLOAD

If you want to prevent Windows 11 from stealing your information, this is the only browser that will stop it

With the recent update of Windows 11, Microsoft has introduced a new feature called Windows Recall, which has raised concerns among users about privacy. This tool allows the operating system to capture and store images of active windows, creating a history that can facilitate tasks such as text searching in the captures. Although the company claims that the feature is designed to enhance user experience, its ability to take screenshots has generated distrust in the community. The only browser that can ensure your information is protected Despite the fact that Windows Recall […]

With the recent update of Windows 11, Microsoft has introduced a new feature called Windows Recall, which has raised concerns among users about privacy. This tool allows the operating system to capture and store images of active windows, creating a history that can facilitate tasks such as text search in the captures. Although the company claims that the feature is designed to enhance user experience, its ability to take screenshots has generated distrust in the community.

The only browser that can ensure your information is protected

Despite the fact that Windows Recall can be disabled, many choose to keep it off for fear that their computing activity will be stored without their consent. In this scenario, the Brave browser has decided to take action. In a statement issued on July 22, Brave announced that it will disable Windows Recall in all tabs and windows of its browser to safeguard the privacy of its users.

Brave has implemented this measure using Microsoft’s SetInputScope API. By setting the “IS_PRIVATE” parameter in its configuration, the browser informs Windows that it cannot capture images or index information related to user activity. Brave developers point out that this setting has been approved by Microsoft for use in browsers that wish to protect their users’ privacy.

This new feature from Brave will gradually be accessible to users in the coming weeks, providing an additional layer of security against potential issues or errors related to Windows Recall. Although the option to disable the feature is available, Brave’s strategy aims to offer a more robust solution for those who are particularly cautious about handling their data and privacy online.

Rumors suggest that other software companies and browsers may follow Brave’s example in implementing similar measures in response to privacy concerns raised by Windows Recall.

Windows 11 DOWNLOAD

Paypal is expanding with a platform that connects international payment systems

PayPal has launched PayPal World, a global platform that connects international payment systems and digital wallets, significantly facilitating transactions and purchases abroad. Benefiting from strategic partnerships with payment communities like Mercado Pago from Argentina, UPI from India, and Tenpay Global from China, this new service aims to expand PayPal’s reach in key markets and offer more integrated solutions to its users. PayPal extends into a deeper ecosystem One of the most notable changes of PayPal World is the unification of the PayPal and Venmo ecosystems, allowing users […]

PayPal has launched PayPal World, a global platform that connects international payment systems and digital wallets, significantly facilitating transactions and purchases abroad. Benefiting from strategic partnerships with payment communities such as Mercado Pago from Argentina, UPI from India, and Tenpay Global from China, this new service aims to expand PayPal’s reach in key markets and offer more integrated solutions to its users.

Paypal expands into a deeper ecosystem

One of the most notable changes at PayPal World is the unification of the PayPal and Venmo ecosystems, allowing users of both platforms to send money seamlessly to each other. Previously, this exchange was only possible using the stablecoin PYUSD. Now, with the opening of this new capability, it is expected that 2 billion users of the associated wallets will be able to make purchases and international money transfers without relying on local wallets that are often limited in their acceptance.

For merchants, PayPal World promises instant integration into PayPal’s payment systems, without the need for additional investments in technology. This ease of onboarding can be particularly appealing to small and medium-sized businesses looking to expand their international reach without significant technical complications.

Additionally, it is speculated that PayPal has the potential to partner with European payment initiatives and popular wallets like Apple Pay and Google Pay to expand its influence in the market. PayPal’s ability to eliminate friction in transactions positions PayPal World for mass adoption and a significant increase in its global transaction volume.

PayPal DOWNLOAD
4.3
PayPal is a secure and convenient system for making online purchases and deposits, and this is its official application for Android.

Iran intensifies the use of spy software on the web

Recently, new samples of DCHSpy have been detected, a spyware associated with the advanced persistent threat (APT) group MuddyWater, linked to Iran. The cybersecurity company Lookout announced this finding a week after the outbreak of the conflict between Israel and Iran, raising concerns about the increasing use of cyberattacks in this tense geopolitical context. A maneuver in response to Israel’s attack DCHSpy is known for its infiltration and data collection capabilities, primarily aimed at spying on government entities and corporations. MuddyWater, the group behind this tool, has been active […]

Recently, new samples of DCHSpy have been detected, a spyware associated with the advanced persistent threat (APT) group MuddyWater, linked to Iran. The cybersecurity company Lookout announced this finding a week after the outbreak of the conflict between Israel and Iran, raising concerns about the increasing use of cyberattacks in this tense geopolitical context.

A maneuver in response to Israel’s attack

DCHSpy is known for its infiltration and data collection capabilities, mainly aimed at spying on government entities and corporations. MuddyWater, the group behind this tool, has been active in the region for a long time, using various methods to carry out its cyber espionage operations. This new discovery of DCHSpy underscores the persistence of malicious activities by APT groups operating amid international conflicts.

The detection of this spyware coincides with an increase in the intensity of tensions between Israel and Iran, suggesting that cyberattacks could become an additional front in the conflict. According to cybersecurity experts, the use of DCHSpy may be aimed not only at gathering strategic information but also at creating destabilization in the political and social sphere of the involved nations.

While the threat of malware like DCHSpy is real, the exact nature of its implementation and the specific objectives of MuddyWater in this context are not completely clear. Rumors suggest that the group may intensify its cyber espionage efforts in response to the escalation of hostilities. As the international community observes these developments, the focus on cybersecurity becomes increasingly crucial in potential conflict scenarios.

Avast Free Antivirus DOWNLOAD

Google releases an update for Chrome that you need right now to protect your computer

Google has recently released updates to address six security issues in its Chrome browser, highlighting a critical vulnerability classified as CVE-2025-6558, which has already been exploited in the wild. This high-severity flaw has a CVSS score of 8.8 and is related to the improper validation of untrusted inputs in Chrome’s ANGLE and GPU components. A critical browser vulnerability The vulnerability allows a remote attacker to bypass the browser’s security restrictions through a malicious HTML page. This could compromise systems without the need for users to perform downloads or […]

Google has recently released updates to address six security issues in its Chrome browser, highlighting a critical vulnerability classified as CVE-2025-6558, which has already been exploited in the wild. This high-severity flaw has a CVSS score of 8.8 and is related to improper validation of untrusted inputs in Chrome’s ANGLE and GPU components.

A critical browser vulnerability

The vulnerability allows a remote attacker to bypass the browser’s security restrictions through a malicious HTML page. This could compromise systems without the need for users to perform downloads or additional interactions. The vulnerability was discovered by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group on June 23, 2025, and is considered a particular risk, as it could result in a sandbox escape, granting access to low-level operations and potentially to the user’s systems.

Although Google has not revealed the exact nature of the attacks that exploit this vulnerability, it is acknowledged that an “exploit for CVE-2025-6558 exists in the wild,” suggesting the possibility of involvement from state actors. This announcement comes shortly after Google addressed another Chrome vulnerability (CVE-2025-6554) that also had a high potential for exploitation.

Since the beginning of the year, Google has fixed five critical vulnerabilities in Chrome that have been actively exploited or have been demonstrated as proof of concept. To protect against potential threats, users are advised to update their Chrome browser to versions 138.0.7204.157 and 138.0.7204.158 for Windows and macOS, and 138.0.7204.157 for Linux. Users of other Chromium-based browsers, such as Microsoft Edge and Brave, should also apply the available patches.

Google Chrome DOWNLOAD

Grok 4 has serious security issues that do not recommend its use

xAI has announced that its language model Grok 4 will be available to the federal government of the U.S. as part of a $200 million contract with the Department of Defense. However, Grok 4’s performance in terms of security and privacy has raised concerns. According to research from SplxAI, this model showed alarmingly low scores, with only 0.3% in security and 0.42% in safety, making it vulnerable to prompt injection attacks. A true disaster compared to ChatGPT-40 The lead researcher at SplxAI, Dorian Granoša, highlighted that Grok 4 was easy to “release, […]

xAI has announced that its language model Grok 4 will be available to the federal government of the U.S. as part of a $200 million contract with the Department of Defense. However, Grok 4’s performance in terms of security and privacy has raised concerns. According to research from SplxAI, this model showed alarmingly low scores, with only 0.3% in security and 0.42% in privacy, making it vulnerable to prompt injection attacks.

A true disaster compared to ChatGPT-40

The principal investigator of SplxAI, Dorian Granoša, highlighted that Grok 4 was easy to “release, generating harmful content without requiring complex instructions. In comparison, ChatGPT-4o showed scores of 33% in safety and 18% in security, remaining more robust under conditions without additional prompts. This difference underscores the challenges that Grok 4 faces for enterprise use.

However, tests conducted by SplxAI revealed that Grok 4 can drastically improve its performance in security and privacy with proper guidance. Even in basic configurations, success rates increased by up to 90% with minimal prompting. This suggests that, although Grok has the capacity to operate responsibly, its implementation requires strict guidelines.

Despite concerns about its safety, the government’s use of Grok is indicative of the growing adoption of artificial intelligence tools in the public sector. xAI was one of four technology companies selected for the federal contract, alongside OpenAI, Google, and Anthropic. This collaboration will mean that Grok will be accessible to other federal agencies through GSA programming.

Twitter DOWNLOAD

Latin America becomes the main market for social media searches

According to recent data from November 2024 from ESW and EMARKETER, social media is playing a crucial role in the initiation of product searches in Latin America. In particular, Argentina (17.8%), Brazil (16.8%), and Mexico (18.0%) stand out as countries where social platforms are significant launch points for consumers searching for products. An emerging market gaining strength in the southern hemisphere The study, part of the Global Voices Survey conducted in partnership with EMARKETER, surveyed 18,448 adults over 18 years old in 18 countries, revealing that, although in much of the […]

According to recent data from November 2024 from ESW and EMARKETER, social media is playing a crucial role in the initiation of product searches in Latin America. In particular, Argentina (17.8%), Brazil (16.8%), and Mexico (18.0%) stand out as countries where social platforms are significant launch points for consumers searching for products.

An emerging market gaining strength in the southern hemisphere

The study, part of the Global Voices Survey conducted in partnership with EMARKETER, surveyed 18,448 adults over 18 years old in 18 countries, revealing that, although in much of the Western Hemisphere the start of product searches usually occurs in search engines, social media is becoming increasingly relevant in this dynamic.

The data suggests that marketers should adapt their discovery strategies based on the region, emphasizing the need to invest in search engine optimization (SEO) in markets where it continues to dominate. However, they are also advised to strengthen their social commerce campaigns, especially on popular platforms like Instagram, WhatsApp, and TikTok in Latin America.

The survey methodology included questions about the beginning of the search for products in categories such as clothing, footwear, cosmetics, and consumer electronics, among others. The results underscore the importance of digital marketing strategies tailored to the preferences of local consumers, suggesting that brands must be present where their customers start their shopping journey.

With the number of interactions on social media growing, investment in social media for commerce is expected to increase significantly in the coming years, thus aligning marketing strategies with current consumer trends. This transformation in search behaviors represents a key opportunity for companies looking to capture consumer attention in an increasingly competitive digital era.

Instagram DOWNLOAD