Tag: ciberseguridad

United States, under direct threat to cybersecurity from Iran

Rating agencies have issued a warning about the increase in cyber risk that public finance issuers in the U.S. could face following the recent bombing campaign by the U.S. and Israel against Iran. Fitch Ratings, in a report published on Monday, warned that hacktivists, state-sponsored groups, and lone actors could target critical infrastructure and public entities in response to this conflict. Iran against Trump Omid Rahmani, director of Public Finance in the U.S. for Fitch Ratings, highlighted that, historically, municipal and local entities have not received the same robust investment in […]

Rating agencies have issued a warning about the increased cyber risk that public finance issuers in the U.S. could face following the recent bombing campaign by the U.S. and Israel against Iran. Fitch Ratings, in a report published on Monday, warned that hacktivists, state-sponsored groups, and lone actors could target critical infrastructure and public entities in response to this conflict.

Iran against Trump

Omid Rahmani, director de Finanzas Públicas en EE. UU. para Fitch Ratings, highlighted that, historically, municipal and local entities have not received the same robust investment in cybersecurity, making them more vulnerable. Threats can vary from distributed denial-of-service attacks to financially motivated intrusions, aimed at disrupting the operations of these entities.

The risk of retaliatory cyber activity has increased with rising geopolitical tensions related to Iran, warned experts from Moody’s, noting that attacks on critical infrastructure providers such as electric or water companies could have severe effects on the supply chain and public trust in services. A recent report revealed that 12% of large U.S. companies with annual revenues exceeding $1 billion are the most vulnerable to attacks related to Iran.

In addition, there are concerns about the possible challenge of insurance policies by insurance companies due to war exclusions, which could mean that the costs arising from the attacks fall directly on corporate balances. With the start of the bombing campaign on February 28, experts have reported on attempts to exploit critical infrastructure, including industrial control systems in Israel and surveillance cameras in Gulf countries.

OpenAI launches Codex Security: An AI agent to combat vulnerabilities

OpenAI has launched Codex Security, an AI-powered security agent designed to identify, validate, and propose solutions to vulnerabilities in systems. This new service, which is available in preview mode for ChatGPT Pro, Enterprise, Business, and Edu users, will offer free access for one month to its innovative features. Reduction of false positives Codex Security is the evolution of Aardvark, presented in private beta in October 2025, with the aim of helping developers and security teams detect and fix vulnerabilities at scale. During its beta phase, Codex Security has scanned […]

OpenAI has launched Codex Security, an AI-powered security agent designed to identify, validate, and propose solutions to vulnerabilities in systems. This new service, which is available in preview mode for ChatGPT Pro, Enterprise, Business, and Edu users, will offer free access for one month to its innovative features.

Reduction of false positives

Codex Security is the evolution of Aardvark, presented in private beta in October 2025, with the aim of helping developers and security teams detect and fix vulnerabilities at scale. During its beta phase, Codex Security has scanned over 1.2 million commits in various open-source projects, identifying 792 critical findings and 10,561 high-severity findings. Among the detected vulnerabilities are issues in popular projects such as OpenSSH, GnuTLS, and PHP.

The company emphasizes that Codex Security combines the reasoning capabilities of its advanced models with automated validation, which minimizes the risk of false positives and delivers practical solutions. An analysis over time in specific repositories has shown an improvement in service accuracy and a 50% reduction in false positive rates.

The operation of Codex Security is based on three stages: first, it analyzes the structure of the repository to create an editable threat model that documents the system’s exposures. Then, it identifies vulnerabilities based on a real context and validates them in an isolated environment. Finally, it proposes solutions that best align with the system’s behavior, facilitating their review and deployment.

The launch of Codex Security comes at a time when competition in the software security field is increasing, especially after the recent launch of Claude Code Security by Anthropic, another agent that helps scan for vulnerabilities in software codebases.

The FBI confirms a cybersecurity incident affecting its networks

The FBI has confirmed that its networks were the subject of a cybersecurity incident, although it has not provided additional details about the exact nature of the attack. According to a statement from the agency, suspicious activities were identified and addressed in its systems, specifically in a digital system used to manage surveillance and procedures related to foreign surveillance orders. Clear responses In 2024, it was revealed that the Chinese hacker group known as ‘Salt Typhoon’ had exploited the United States’ phone tapping system, protected under the Communications Assistance for Law Enforcement Act. […]

The FBI has confirmed that its networks were the subject of a cybersecurity incident, although it has not provided additional details about the exact nature of the attack. According to a statement from the agency, suspicious activities were identified and addressed in its systems, specifically in a digital system used to manage surveillance and processes related to foreign surveillance orders.

Clear Answers

In 2024, it was revealed that the Chinese hacker group known as ‘Salt Typhoon’ had exploited the United States’ phone tapping system, under the Communications Assistance for Law Enforcement Act. However, it is unclear whether there is any connection between the recent cybersecurity incidents and the activities of this group. The lack of clarity regarding the exact timing of the attack, as well as the identity of those responsible, has raised concerns both within and outside the organization.

The FBI, which has been targeted by cyberattacks multiple times, reported in 2023 an incursion in its New York office, in addition to an incident in 2021 where hackers exploited a misconfigured server to send phishing emails.These situations have led to growing skepticism about the FBI’s ability to respond to cyber threats, especially in the context of budget cuts and staff reductions during the Trump administration.

Former agents and members of Congress have expressed their concerns about the FBI’s cyber preparedness. Despite these concerns, Brett Leatherman, director of the FBI’s cyber division, stated in recent remarks to CyberScoop that the agency has not diminished its capacity to respond to threats and incidents. However, the FBI itself continues to struggle with the repercussions of its recent cyber challenges.

CrowdStrike reports record revenues amid concerns about AI

CrowdStrike Holdings has reported record revenue in the fourth fiscal quarter, reaching $1.31 billion, which represents a 23% growth compared to the previous year. This figure comes amid growing market anxiety about how the adoption of artificial intelligence could affect the demand for cybersecurity software and services. CrowdStrike’s positioning The company’s annual recurring revenue also experienced a notable growth of 24%, reaching $5.25 billion, a key indicator in the cybersecurity industry. Despite concerns about the […]

CrowdStrike Holdings has reported record revenue in the fiscal fourth quarter, reaching $1.31 billion, which represents a 23% growth compared to the previous year.

This figure is presented in a context of growing anxiety in the market about how the adoption of artificial intelligence could affect the demand for cybersecurity software and services.

The positioning of CrowdStrike

The company’s annual recurring revenue also experienced a remarkable growth of 24%, reaching 5.25 billion, a key indicator in the cybersecurity industry. Despite concerns about the possibility that advancements in AI could render traditional cybersecurity tools obsolete, CrowdStrike has demonstrated its ability to compete in a constantly changing environment.

The CEO, George Kurtz, emphasized in the call with analysts that the evolution of AI is not fully understood, and that many innovations are misinterpreted as the end of existing categories.

Kurtz has pointed out that the AI revolution is dividing software companies into two categories: those with nice technologies, which are vulnerable to market changes, and those that possess critical infrastructure technologies necessary for global continuity.

CrowdStrike positions itself in this last category, arguing that its access to unique data, which combines threat intelligence and incident response experts, strengthens its ability to prevent breaches in real time.

Looking to the future, the company anticipates total revenues of approximately $1.36 billion for the first fiscal quarter and between $5.86 billion to $5.92 billion for fiscal year 2027. This suggests a cautious optimism amid the transformation of the technology landscape influenced by AI. Meanwhile, many technology and cybersecurity companies have experienced declines in their stocks, highlighting concerns in the sector about the potential impact of AI.

A study reveals that powerful language models can identify anonymous accounts

A recent study from ETH Zurich has revealed that Large Language Models (LLMs) have the ability to identify anonymous accounts on digital platforms alarmingly effectively. According to the research, LLMs can conduct investigations that would normally take hours in just minutes, successfully identifying 9 out of 125 anonymous profiles correctly when provided with a summary of their biographies. This suggests that LLMs are radically changing the landscape of online anonymity. Privacy concerns The results of the study indicate that these models can carry out deanonymization attacks on […]

A recent study by ETH Zurich has revealed that Large Language Models (LLMs) have the ability to identify anonymous accounts on digital platforms alarmingly effectively.

According to the research, LLMs can conduct investigations that would normally take hours in just minutes, successfully identifying 9 out of 125 anonymous profiles correctly when provided with a summary of their biographies. This suggests that LLMs are radically changing the landscape of online anonymity.

Privacy concerns

The results of the study indicate that these models can carry out large-scale deanonymization attacks, raising serious concerns about user privacy on the internet.Researchers warned that the ability of LLMs to correlate dispersed information across different platforms puts individuals who rely on anonymity at risk, including dissidents, human rights activists, and journalists in repressive countries.

One of the authors of the study stated that AI tools have drastically simplified the identification of pseudo-anonymous individuals online, which represents a significant change in operational security. He emphasized that this advancement can be particularly useful for security forces and intelligence agencies, which can now conduct investigations at a lower cost and more quickly.

Although the study was not conducted on users with a high level of privacy, the findings highlight the fragility of pseudo-anonymity in the era of generative AI. Experts, such as Jacob Hoffman-Andrews from the Electronic Frontier Foundation, argue that even the publication of innocuous personal information can facilitate account correlation by LLMs, making online privacy preservation increasingly difficult.

Ultimately, the study suggests that the advancement of deanonymization technology could radically transform the way privacy is managed on the internet, affecting a wide range of users who value their ability to maintain anonymity.

We are experiencing more and more hacker attacks… but, fortunately, they are being resolved faster than ever

A new report from VulnCheck reveals that, despite less than 1% of software vulnerabilities being exploited last year, the pace of exploitation of these flaws has increased significantly. In 2025, more than 14,400 exploits related to approximately 10,500 unique CVEs were recorded, representing a 16.5% increase compared to the previous year. We finish earlier with the bad A large part of this increase is attributed to test code generated by artificial intelligence. However, researchers warn that a large portion of this AI-generated code is non-functional, which […]

A new report from VulnCheck reveals that, despite less than 1% of software vulnerabilities being exploited last year, the rate of exploitation of these flaws has increased significantly. In 2025, more than 14,400 exploits related to approximately 10,500 unique CVEs were recorded, representing a 16.5% increase compared to the previous year.

We finish off the evil sooner

A large part of this increase is attributed to test code generated by artificial intelligence. However, researchers warn that a large portion of this AI-generated code is non-functional, which adds a layer of complexity for security teams when trying to determine which threats are the most critical. The inability to adequately prioritize these threats becomes a problem as attack groups are able to exploit vulnerabilities before defenders can apply security patches or implement other mitigation measures.

Caitlin Condon, Vice President of Security Research at VulnCheck, commented that the large amount of information generated by AI creates difficulties for defenders trying to discern what constitutes legitimate threats and what can be ignored. More than half of the CVEs related to ransomware were identified from zero-day vulnerabilities, highlighting the urgency of addressing these weaknesses before they are exploited.

The most significant vulnerability of 2025 was React2Shell, identified as CVE-2025-55182, with 236 known exploits. Likewise, a vulnerability in Microsoft Sharepoint, labeled as CVE-2025-53770, was reported with 36 exploits. This data highlights the increasing pressure on cybersecurity teams to protect critical systems in an environment where threats are becoming more sophisticated and rapid.

If you have an email in Roundcube, be careful! They may have illegally accessed your account

The recognized webmail platform Roundcube faces serious security threats, according to researchers and the Cybersecurity and Infrastructure Security Agency (CISA). The vulnerabilities, registered as CVE-2025-49113 and CVE-2025-68461, have been added to CISA’s Known Exploited Vulnerabilities catalog, indicating their severity. The first vulnerability, CVE-2025-49113, is a deserialization issue that has remained unresolved for nearly 10 years and has a severity score of 9.9. Cyber-errors This flaw has caught the attention of attackers, especially due to the extensive use of Roundcube in sectors such as government and in institutions […]

The recognized webmail platform Roundcube faces serious security threats, according to researchers and the Cybersecurity and Infrastructure Security Agency (CISA). The vulnerabilities, registered as CVE-2025-49113 and CVE-2025-68461, have been added to CISA’s Known Exploited Vulnerabilities catalog, indicating their severity. The first vulnerability, CVE-2025-49113, is a deserialization issue that has remained unresolved for nearly 10 years and has a severity score of 9.9.

Cyber-errors

This flaw has caught the attention of attackers, especially due to the extensive use of Roundcube in sectors such as government and higher education institutions. In a report by the Shadowserver organization, it was revealed that approximately 84,000 instances of the software are vulnerable. Ryan Dewhurst, head of proactive threat intelligence at the firm watchTowr, highlighted that the popularity of Roundcube makes it an attractive target for hackers, especially because “webmail services are a goldmine”.

The second vulnerability mentioned, CVE-2025-68461, is related to a cross-site scripting issue and was fixed in December 2025. Roundcube has urged its users to upgrade to versions that include the necessary fixes to mitigate these security risks.

The continuous exposure to these vulnerabilities and the constant focus of hackers, including those linked to governments, create an alarming landscape for Roundcube users. With the increase in cyberattacks, institutions must take proactive measures to secure their email platforms.

More than 600 FortiGate devices compromised in a global cyberattack

More than 600 FortiGate devices have been compromised in over 55 countries between January 11 and February 18, 2026, according to a recent report from Amazon Threat Intelligence. This attack, characterized by its focus on exploiting weak credentials exposed on the internet, highlights a growing threat in the field of cybersecurity, where economically motivated actors use artificial intelligence tools to carry out cyberattack campaigns on a scale that previously required a larger and more specialized team. Targeting the weakest link The attacker focused on […]

More than 600 FortiGate devices have been compromised in over 55 countries between January 11 and February 18, 2026, according to a recent report from Amazon Threat Intelligence. This attack, characterized by its focus on exploiting weak credentials exposed on the internet, highlights a growing threat in the field of cybersecurity, where economically motivated actors use artificial intelligence tools to carry out cyberattack campaigns on a scale that previously required a larger and more specialized team.

Going for the weakest target

The attacker focused on the exploitation of FortiGate management interfaces, conducting systematic scans on different ports to identify devices with unique or reused credentials. Once they gained access to the configuration files, which included SSL-VPN user credentials and internal network data, they used AI-driven scripts to organize and decrypt the information. This opportunistic approach was evident in the way the actor attacked multiple devices belonging to the same entity, suggesting methodical planning, although not specific to industrial sectors.

Despite the magnitude of the attack, it was observed that the perpetrator showed limitations in their skills, abandoning targets with effective defenses. This indicates that, although artificial intelligence techniques have transformed the landscape of cybercrime, technical complexity remains a challenge. Amazon warns that organizations with FortiGate devices must act urgently, eliminating exposed management interfaces and applying multifactor authentication to mitigate potential risks.

It is recommended to audit Active Directory activities and be alert to unusual authentication patterns that may indicate attempts at lateral movement in compromised networks. In this regard, the use of open-source tools by the threat actor jeopardizes critical infrastructure, and companies must intensify their security measures to protect their systems.

Cybercriminals are changing tactics: Data exfiltration and extortion on the rise

A recent report from Arctic Wolf highlights a significant shift in the tactics of cyber attackers, who have begun to abandon encryption in favor of data exfiltration and extortion. This turn has emerged as a response to the pursuit of better economic returns, contributing to a new wave of attacks where ransomware is no longer the only approach. In fact, ransomware accounted for 44% of response incidents during the analyzed period. New strategies from criminals The manufacturing sector has become the most affected, followed by […]

A recent report from Arctic Wolf highlights a significant shift in the tactics of cyber attackers, who have begun to abandon encryption in favor of data exfiltration and extortion. This shift has emerged as a response to the pursuit of better economic returns, contributing to a new wave of attacks where ransomware is no longer the sole focus. In fact, ransomware accounted for 44% of the response incidents during the analyzed period.

New strategies of criminals

The manufacturing sector has become the most affected, followed by law firms, schools, financial institutions, and health organizations. These sectors account for the majority of attacks, reflecting the growing impact of cyber threats on key industries of the economy. Furthermore, ransomware gangs have adopted affiliate models, allowing for greater interconnection between different groups, making them more competitive and harder to stop.

The report indicates that police interactions have weakened groups like LockBit, ALPHV/BlackCat, and BlackSuit, suggesting that law enforcement efforts have had some effect on their operability. However, other types of attacks, such as business email compromise, have proliferated, representing 26% of the cases investigated by Arctic Wolf. Most of these attacks have targeted financial and legal organizations, with a notable use of email phishing as the initial access method in 85% of the compared cases.

In addition, attackers have shown a particular preference for compromising remote access tools, such as Remote Desktop Protocol and remote management software, which account for two-thirds of cases unrelated to BEC, a significant increase compared to previous years. This shift in tactics underscores the adaptability and operational maturity of cybercriminals in a constantly evolving technological landscape.

Access keys are revolutionizing digital access

In the ongoing evolution of cybersecurity, passkeys are emerging as a convenient solution for accessing accounts without the need for traditional passwords. This system uses cryptography to authenticate the user, allowing unlocking through biometric methods such as fingerprint or facial recognition, as well as PINs. Thus, it eliminates one of the biggest inconveniences of today’s digital life: the need to remember multiple passwords. Change is coming One of the main benefits of passkeys is their resistance to phishing. Unlike passwords that can be stolen through […]

In the continuous evolution of cybersecurity, passkeys are emerging as a convenient solution for accessing accounts without the need for traditional passwords. This system uses cryptography to authenticate the user, allowing unlocking through biometric methods such as fingerprint or facial recognition, as well as PINs. Thus, it eliminates one of the biggest inconveniences of today’s digital life: the need to remember multiple passwords.

Change is Coming

One of the main benefits of passkeys is their resistance to phishing. Unlike passwords that can be stolen through fake websites, passkeys do not allow this type of attack, significantly increasing security during login. Leading tech companies like Apple, Google, and Microsoft are backing this new standard, which is presented as a collective philosophy rather than just a commercial product.

In addition to improving security, passkeys promise to enhance the user experience by eliminating additional steps, such as verification via SMS or difficult-to-remember codes. However, concerns related to device loss persist, although it has been established that the recovery of passkeys can be linked to cloud synchronization or between devices.

Despite its advantages, the widespread adoption of passkeys faces obstacles. Not all users are ready for this transition, especially on platforms that still use traditional passwords or operate with hybrid systems. This is particularly relevant in shared environments, such as family or work devices, where managing access securely remains a challenge.

From a business perspective, passkeys are attractive due to their ability to reduce account theft and issues related to forgotten passwords. As more organizations adopt this technology, we could be witnessing the twilight of passwords as we know them. Maintaining a sensible backup method will be key in this new digital security landscape.