Noticias de Ciberseguridad

The Hacker News • 27/10/2025

X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts

Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access to the service. To that end, users are being asked to complete the re-enrollment, either using their existing security key or enrolling a new one, by November 10, 2025. "After November 10, if you

Leer más → The Hacker News

The Hacker News • 27/10/2025

New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands

Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code. "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX

Leer más → The Hacker News

The Hacker News • 27/10/2025

⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens

Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here’s how that false sense of security

Leer más → The Hacker News

BleepingComputer • 27/10/2025

Google disputes false claims of massive Gmail data breach

Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. [...]

Leer más → BleepingComputer

BleepingComputer • 27/10/2025

X: Re-enroll 2FA security keys by November 10 or get locked out

X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. [...]

Leer más → BleepingComputer

BleepingComputer • 27/10/2025

Ransomware profits drop as victims stop paying hackers

The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers' demands. [...]

Leer más → BleepingComputer

SecurityWeek • 27/10/2025

Chainguard Raises $280 Million in Growth Funding

Chainguard has raised $636 million in the past six months alone for its software supply chain security solutions.  The post Chainguard Raises $280 Million in Growth Funding appeared first on SecurityWeek.

Leer más → SecurityWeek

BleepingComputer • 27/10/2025

Windows will soon prompt for memory scans after BSOD crashes

Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). [...]

Leer más → BleepingComputer

The Hacker News • 27/10/2025

Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack

The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes as the ransomware-as-a-service (RaaS) operation has emerged as one of the most active ransomware groups, accounting for

Leer más → The Hacker News

SecurityWeek • 27/10/2025

Massive China-Linked Smishing Campaign Leveraged 194,000 Domains

The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers. The post Massive China-Linked Smishing Campaign Leveraged 194,000 Domains appeared first on SecurityWeek.

Leer más → SecurityWeek

The Hacker News • 27/10/2025

ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands

The newly released OpenAI ChatGPT Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. "The omnibox (combined address/search bar) interprets input either as a URL to navigate to, or as a natural-language command to the agent," NeuralTrust said in a report

Leer más → The Hacker News

BleepingComputer • 27/10/2025

QNAP warns of critical ASP.NET flaw in its Windows backup software

QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. [...]

Leer más → BleepingComputer

BleepingComputer • 27/10/2025

Italian spyware vendor linked to Chrome zero-day attacks

A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber ​​Group acquired the infamous Hacking Team. [...]

Leer más → BleepingComputer

BleepingComputer • 27/10/2025

Google says everyone will be able to vibe code video games

Google AI Studio product lead teased that everyone will be able to vibe code video games by the end of the year. [...]

Leer más → BleepingComputer

SecurityWeek • 27/10/2025

New Firefox Extensions Required to Disclose Data Collection Practices

All new extensions will be required to declare their data collection practices in their manifest file using a specific key. The post New Firefox Extensions Required to Disclose Data Collection Practices appeared first on SecurityWeek.

Leer más → SecurityWeek

BleepingComputer • 27/10/2025

Microsoft: New policy removes pre-installed Microsoft Store apps

Microsoft now allows IT administrators to remove pre-installed Microsoft Store apps (also known as in-box apps) using a new app management policy. [...]

Leer más → BleepingComputer

SecurityWeek • 27/10/2025

Year-Old WordPress Plugin Flaws Exploited to Hack Websites

Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced. The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek.

Leer más → SecurityWeek

SecurityWeek • 27/10/2025

Ransomware Payments Dropped in Q3 2025: Analysis

Coveware has attributed the drop to large enterprises increasingly refusing to pay up and smaller amounts paid by mid-market firms. The post Ransomware Payments Dropped in Q3 2025: Analysis appeared first on SecurityWeek.

Leer más → SecurityWeek

BleepingComputer • 27/10/2025

The State of Exposure Management in 2025: Insights From 3,000+ Organizations

Attackers are using AI to weaponize old vulnerabilities while security teams face expanding attack surfaces and limited resources. Intruder's 2025 Exposure Management Index reveals how 3,000+ organizations are adapting and fixing critical flaws faster than ever. [...]

Leer más → BleepingComputer

SecurityWeek • 27/10/2025

Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks. The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek.

Leer más → SecurityWeek