Tag: ciberseguridad

Be careful with LinkedIn! That job opportunity could be a cyberattack

Cybersecurity researchers have highlighted a new phishing campaign that is spreading through private messages on social media, especially on LinkedIn. This method allows attackers to build trust with high-value individuals before compromising their systems. According to a report from ReliaQuest, the campaign uses malicious files delivered through the technique of sideloading dynamic link libraries (DLL), combined with open-source Python pen-testing scripts. Don’t read your DMs from strangers, just in case The strategy involves approaching victims through messages on LinkedIn, inducing them to download an archive file […]

Cybersecurity researchers have highlighted a new phishing campaign that is spreading through private messages on social media, especially on LinkedIn. This method allows attackers to build trust with high-value individuals before compromising their systems. According to a report from ReliaQuest, the campaign uses malicious files delivered through the sideloading technique of dynamic link libraries (DLL), combined with open-source pen-testing Python scripts.

Don’t open your DMs from strangers, just in case

The strategy involves approaching victims through messages on LinkedIn, inducing them to download a self-extracting WinRAR file that, when executed, activates a chain of infection. In this process, several malicious components are extracted, where the execution of a PDF reader application triggers the malicious payload. This technique has become increasingly common among threat actors, as it allows them to conceal suspicious activities and evade detection.

Once the system is infected, attackers gain persistent remote access, allowing them to exfiltrate sensitive data and escalate privileges within the compromised network. ReliaQuest indicates that this activity is widespread and opportunistic, affecting various industries. The ease of use of legitimate tools and the abuse of social platforms highlight the growth of phishing attacks that go beyond traditional emails.

Previous experiences have shown that LinkedIn has been used for targeted attacks, with malicious actors posing as job opportunities. The lack of monitoring of private messages on these platforms presents a significant gap in organizational security postures, suggesting that companies should consider social media as a critical area of exposure to attacks and expand their defenses beyond the email-centric approach.

If you have Redmi Buds, be careful: they can spy on you through them

Security researchers have discovered significant security flaws in the firmware of Xiaomi’s popular Redmi Buds series, affecting models from the Redmi Buds 3 Pro to the Redmi Buds 6 Pro. These critical vulnerabilities in the Bluetooth implementation allow attackers to access sensitive information or disconnect devices without prior pairing. The headsets are malfunctioning. The identified vulnerabilities are two: the first, tracked as CVE-2025-13834, is an information leak caused by inadequate boundary checking. This flaw can operate similarly to the famous Heartbleed bug in web servers. […]

Security researchers have discovered significant security flaws in the firmware of Xiaomi’s popular Redmi Buds series, affecting models from the Redmi Buds 3 Pro to the Redmi Buds 6 Pro. These critical vulnerabilities in the Bluetooth implementation allow attackers to access sensitive information or disconnect devices without prior pairing.

The helmets are bad

The identified vulnerabilities are two: the first, tracked as CVE-2025-13834, is an information leak caused by inadequate boundary checking. This flaw can operate similarly to the infamous Heartbleed bug in web servers. It occurs when the device receives a specially crafted command that causes the reading of uninitialized memory, allowing up to 127 bytes of data to be returned to the attacker, which could include phone numbers of contacts on active calls.

The second vulnerability, CVE-2025-13328, creates a Denial of Service (DoS) condition that is triggered by flooding the device’s control channels with valid commands. This causes a collapse in the firmware processing queue, disconnecting users from their audio source until the headphones are physically restarted.

The most alarming thing is that these attacks can be carried out from approximately twenty meters away using conventional Bluetooth scanning tools, without requiring user interaction. Attackers only need the MAC address of the headphones, which can be easily obtained through sniffing techniques.

So far, Xiaomi has not issued any statement regarding a firmware patch or specific plans to address this issue following these findings. Until this problem is resolved, users are advised to disable Bluetooth on their mobile devices when not using the headphones, especially in high-density public environments, where the risk is greater.

Microsoft warns about a critical vulnerability in Windows Secure Boot

Microsoft has identified a critical vulnerability in the Windows secure boot certificates, labeled as CVE-2026-21265, which poses serious risks to the integrity of the device’s boot process. This situation arises from the expiration of certificates issued in 2011, which are essential for the secure operation of the secure boot trust chain

Microsoft has identified a critical vulnerability in Windows Secure Boot certificates, labeled as CVE-2026-21265, which poses serious risks to the integrity of device booting. This situation arises from the expiration of certificates issued in 2011, which are essential for the secure operation of the Secure Boot trust chain.

Update the devices

With a base CVSS v3.1 score of 6.4, the vulnerability requires local access, high privileges, and a high attack complexity, which partially reduces the likelihood of immediate exploitation. However, its existence raises an important alert, especially because the affected certificates are scheduled to expire in mid-2026. If the corresponding patches are not applied, devices could be vulnerable to attacks during the boot process.

In order to mitigate these risks, Microsoft released patches in its January 2026 Patch Tuesday update, aimed at replacing the at-risk certificates. Organizations should prioritize the implementation of these updates and check firmware compatibility to avoid boot issues after installing the patches. In its November 2025 notice, Microsoft emphasized the need to renew three key certificates to maintain boot security.

The company calls on organizations that manage IT updates, as well as those that use Microsoft-managed solutions, to take immediate action. The lack of updates can result in a vulnerability that compromises the security of devices at their most critical moment: during boot-up. In light of this situation, it is crucial for system administrators to act swiftly to protect their technological infrastructures.

The important web skimming campaign aimed at payment networks

Cybersecurity researchers have discovered a significant web skimming campaign active since January 2022, targeting prominent payment networks such as American Express, Mastercard, and others. This malicious activity falls within a category of attacks known as Magecart, which initially focused on sites using the Magento platform but has diversified its reach, now affecting various e-commerce portals. Sophisticated threat The attack involves compromising legitimate e-commerce sites and injecting malicious JavaScript code that steals sensitive credit card information and other personal data during the process […]

Cybersecurity researchers have discovered a significant active web skimming campaign since January 2022, targeting prominent payment networks such as American Express, Mastercard, and others. This malicious activity falls within a category of attacks known as Magecart, which initially focused on sites using the Magento platform but has diversified its reach, now affecting various e-commerce portals.

Sophisticated Threat

The attack involves compromising legitimate e-commerce sites and injecting malicious JavaScript code that steals sensitive credit card information and other personal data during the checkout process. Researchers from Silent Push identified this campaign after analyzing a suspicious domain associated with a hosting provider known for its illicit activity, which has attempted to evade sanctions by changing its name.

The domain in question hosts highly obfuscated JavaScript payloads designed to facilitate credit card skimming. This skimmer has the ability to evade detection by site administrators, as it checks the structure of the Document Object Model for specific elements that indicate an administrator user is present. If it detects the presence of these elements, it initiates a self-destruction sequence to eliminate any trace of its code.

Additionally, the skimmer can manipulate payment forms. If it identifies that Stripe was selected as the payment method, the threat creates a fake form that deceives victims into entering their credit card information, which includes the CVC verification code and expiration dates. At the end of the process, the stolen data is sent to a designated server, putting users’ personal information at risk.

This sophisticated operation highlights the level of knowledge that attackers have about the features of WordPress, even integrating lesser-known functions into their attack chain, which raises serious concerns for companies managing online stores.

HawkSec will auction a huge dataset from Discord

HawkSec has announced the auction of a Discord dataset that includes an impressive total of 78,541,207 files, organized into messages, voice sessions, actions, and servers. This dataset arises from an open-source intelligence (OSINT/CSINT) project that was abandoned several months ago. According to HawkSec, the collection only covers public interactions on Discord, although no details have been provided about the sale price, other than that interested parties can request samples through their Discord server. The risks involved in this sale Despite HawkSec claiming that they do not […]

HawkSec has announced the auction of a Discord dataset that includes an impressive total of 78,541,207 files, organized into messages, voice sessions, actions, and servers. This dataset comes from an open-source intelligence (OSINT/CSINT) project that was abandoned several months ago. According to HawkSec, the collection only covers public interactions on Discord, although no details have been provided about the sale price, other than that interested parties can request samples through their Discord server.

The risks involved in this sale

Despite HawkSec’s assurance that it does not include private data, the nature of public records poses a high risk of re-identification if cross-referenced with other data sources. This situation can facilitate harassment or identity theft. The auction occurs in a context where Discord has faced increasing scrutiny over public data collection, recalling past incidents where huge volumes of messages were sold through tools like Spy.pet.

Over the years, similar sales of collected data have been documented, including a list of 348 million messages from nearly 1,000 public servers on cybercrime forums in 2025. In turn, investigators have released significant public datasets, such as Discord Unveiled, which contains over 2 billion messages obtained through the Discord API.

So far, Discord has not issued an official statement in response to HawkSec’s claims, although it has reiterated that its public channels are legitimately accessible, distinguishing between data scraping and security breaches. Cybersecurity experts urge users to review the visibility of their servers and to be vigilant against the potential misuse of their data.

Donald Trump has given the green light to cybercriminals (and you probably haven't noticed)

The Trump administration has decided to withdraw the United States from several international organizations that work to strengthen cybersecurity, including the Global Forum on Cyber Expertise, the Coalition for Freedom Online, and the European Centre of Excellence for Countering Hybrid Threats. This measure is part of a broader disengagement from 66 international bodies, which has raised concerns among critics who warn of a potential leadership vacuum that could be exploited by U.S. adversaries. Make Nothing Great Again Marco Rubio, Secretary of State, defended the decision by arguing that these institutions are redundant and represent […]

The Trump administration has decided to withdraw the United States from several international organizations that work to strengthen cybersecurity, including the Global Forum on Cyber Experience, the Coalition for Freedom Online, and the European Centre of Excellence for Countering Hybrid Threats. This measure is part of a broader disengagement from 66 international bodies, which has raised concerns among critics who warn of a potential leadership vacuum that could be exploited by U.S. adversaries.

Make Nothing Great Again

Marco Rubio, Secretary of State, defended the decision by considering that these institutions are redundant and pose a threat to the sovereignty and prosperity of the nation. According to Rubio, the administration has concluded that it is unacceptable to continue allocating taxpayer resources to organizations that it considers poorly managed and that favor agendas foreign to American interests.

Cybersecurity experts warn that the U.S. withdrawal from these organizations could weaken coordination in the protection of critical infrastructures. Ron Deibert from the University of Toronto stated that this decision will contribute to eroding network security in a context where cyber threats are on the rise. Furthermore, the Coalition for Online Freedom, which advocates for freedom of expression and online privacy, is affected by this withdrawal, despite the Trump administration claiming to care about these issues.

Alexandra Givens, president of the Center for Democracy and Technology, emphasized that this decision will harm the rights and safety of Americans and people around the world in the years to come. The U.S. exit from these platforms is seen as a decrease in commitment to the defense of human rights and democracy, just as freedom of expression faces challenges globally.

Cybersecurity jobs at risk due to AI

The cybersecurity industry faces a significant challenge due to a talent shortage and a growing skills gap. Meanwhile, the demand for skills in artificial intelligence (AI) is increasing, as this technology is seen as a key solution for improving cybersecurity risk management. More AI, less security Organizations are reevaluating their approaches to risk management, and many are beginning to see automation not just as an option, but as a necessity. AI plays a fundamental role in identifying and prioritizing threats, allowing humans to focus on […]

The cybersecurity industry faces a significant challenge due to a talent shortage and a growing skills gap. Meanwhile, the demand for skills in artificial intelligence (AI) is increasing, as this technology is seen as a key solution for improving cybersecurity risk management.

More AI, less security

Organizations are reevaluating their approaches to risk management, and many are beginning to see automation not just as an option, but as a necessity. AI plays a key role in identifying and prioritizing threats, allowing humans to focus on more critical and strategic tasks. A Risk Operations Center (ROC) offers a proactive approach, consolidating risk factors and facilitating appropriate remediation actions to prevent severe cyber incidents.

Despite the growing demand for AI experts, there is a notable lack of qualified professionals. The complexity of the AI lifecycle and the expertise required to manage effective systems make it difficult to fill these roles. It is imperative that training programs are implemented to close this skills gap.

However, an additional challenge is the security of the code generated by AI; a recent study revealed that approximately 45% of this code contains security flaws. To mitigate risks, it is crucial to incorporate security reviews into the development process, ensuring that vulnerabilities are detected before being implemented.

Cybersecurity leaders, recognizing the importance of AI in their operations, must adapt their hiring strategies. Instead of focusing on the quantity of personnel, it is essential to prioritize training and the use of security platforms with integrated AI capabilities, which can lead to better risk management and greater organizational resilience.

The United States may be on the brink of a cyber catastrophe

Hostile powers, including China and Russia, are intensifying their cyber operations, posing a significant threat to the critical infrastructure of the United States. Reports indicate that Beijing is not only stealing information but has also been planting tools and maintaining access in key systems, giving it the ability to pressure the U.S. in the future. Similarly, Russia has been testing U.S. critical infrastructure through increasingly sophisticated operations, gathering information and even supporting criminal activities. Security must return. For its part, Iran and North Korea […]

Hostile powers, including China and Russia, are intensifying their cyber operations, posing a significant threat to the critical infrastructure of the United States. Reports indicate that Beijing is not only stealing information but has also been planting tools and maintaining access in key systems, giving it the ability to pressure the U.S. in the future. Similarly, Russia has been testing U.S. critical infrastructure through increasingly sophisticated operations, gathering information and even supporting criminal activities.

Let security return

For its part, Iran and North Korea are increasing their disruptive attacks that impact hospitals, schools, and local governments. The global threat of cyberattacks shows no signs of slowing down, as the cybersecurity capacity of the United States is under pressure. Collaboration between the public and private sectors has also decreased, while federal agencies suffer from a lack of stable leadership.

The Cybersecurity and Infrastructure Security Agency (CISA) faces critical challenges, including the loss of approximately one-third of its workforce and unstable funding. Experts are calling for the Senate to quickly confirm a permanent leadership for CISA and for sustained budgets to be established in order to address the increasing cyber threat situations.

Moreover, the lack of an ambassador for cyberspace and digital policy at the State Department has left the United States in a vulnerable position to confront global authoritarianism. The administration is urged to nominate a new ambassador to represent U.S. interests in shaping international cyber norms and strengthening the capacity of allies.

In summary, effective and bipartisan action is required to prevent a cyber catastrophe in the United States, as well as to restore trust and coordination between the public and private sectors in the field of cybersecurity.

8.5 million dollars: one of the largest robberies due to a Chrome extension

The hacking of the Trust Wallet Chrome extension, which occurred in November 2025, has exposed serious vulnerabilities in the company’s security, resulting in a theft of approximately 8.5 million dollars in assets. In a post-incident analysis, Trust Wallet revealed that the secrets of its GitHub repository were exposed, allowing the attacker to access the source code of the extension and the Chrome Web Store (CWS) API key. A million-dollar theft With full access to the CWS API thanks to the leaked key, the attacker managed to […]

The hacking of the Trust Wallet Chrome extension, which occurred in November 2025, has exposed serious vulnerabilities in the company’s security, resulting in the theft of approximately 8.5 million dollars in assets. In a post-incident analysis, Trust Wallet revealed that the secrets of its GitHub repository were exposed, allowing the attacker to access the source code of the extension and the API key for the Chrome Web Store (CWS).

A million-dollar robbery

With full access to the CWS API thanks to the leaked key, the attacker was able to upload malicious versions of the extension without going through the usual Trust Wallet review process. A malicious domain, “metrics-trustwallet[.]com”, was registered, where a trojanized version of the extension was distributed, designed to steal users’ mnemonic phrases and provide unauthorized access to their wallets.

This attack occurs in a broader context of a software supply chain incident known as Sha1-Hulud. This attack has affected multiple companies, allowing attackers to introduce malicious code through commonly used development tools. The new version of this malware, Shai-Hulud 3.0, has arrived with improvements in obfuscation and reliability, which could make its detection more difficult.

In light of this event, Trust Wallet has initiated a refund claim process for the victims, handling each case individually to protect against fraud. The company has also implemented additional monitoring capabilities and controls related to its launch processes, in order to prevent future incidents of this nature.

In a message following the attack, Trust Wallet warned about a million users of its extension to update to version 2.69, after a malicious update was made available. The recovery of stolen assets and the restoration of user trust will be essential in the coming months for the platform.

OpenAI has just installed a security update for ChatGPT that was more than necessary

OpenAI has issued a warning about the growing threat of prompt injection attacks, a technique that hides malicious instructions in ordinary online content, becoming a considerable risk for artificial intelligence agents operating in web browsers. The company has implemented a security update for its ChatGPT Atlas tool after discovering a new class of attacks during automated internal security simulations. Not so much intelligence, but very artificial The updated version of Atlas includes a model specifically trained to withstand adversarial attacks, as well as reinforced safeguards. According to OpenAI, the browser agent mode […]

OpenAI has issued a warning about the growing threat of prompt injection attacks, a technique that hides malicious instructions in ordinary online content, becoming a significant risk for artificial intelligence agents operating in web browsers. The company has implemented a security update for its ChatGPT Atlas tool after discovering a new class of attacks during automated internal security simulations.

Not so much intelligence, but very artificial

The updated version of Atlas includes a model specifically trained to withstand adversarial attacks, as well as enhanced safeguards. According to OpenAI, the browser agent mode allows the software to interact on the web in a manner similar to a human user, accessing emails, documents, and web services, which increases its value as a target for adversarial attacks compared to a traditional chatbot that only answers questions.

The company has developed an automated attacker, using language models that identify prompt injection strategies, allowing for the execution of complex harmful workflows. This attacker can simulate encounters with malicious content, generating a complete trail of reasoning and actions of the victim agent, which helps refine attacks through multiple rounds of testing.

A hypothetical example illustrates the risk: a malicious email instructing the agent to send a resignation letter to the user’s boss. If the agent encounters this email during a legitimate request, they could misinterpret the instructions, acting to the detriment of the user. This change in the interaction dynamic highlights the need to address new forms of online risk.

It is not just OpenAI that is facing this problem; the UK’s National Cyber Security Centre has warned that these attacks may not be completely eliminated, urging organizations to minimize risks and limit impacts. With the introduction of a “Preparation” team, OpenAI aims to identify and address these emerging risks in the field of artificial intelligence and cybersecurity.