🚨Cyber Alert‼️ New ransomware group detected: 0APT 0APT is a newly identified double extortion group that describes itself as: “We are a politically neutral underground syndicate. We do not want to destroy your business, we only want financial compensation. Treat this as a

⚠️#INCIBEaviso | Asignación incorrecta de permisos en ibaPDA de #ibaSystems incibe.es/incibe-cert/al… #AvisosDeSeguridad #SCI

⚠️ #INCIBEaviso | Ejecución SQL remota en productos de #JohnsonControls incibe.es/incibe-cert/al… #AvisosDeSeguridad #SCI

⚠️Microsoft 365 Outlook Add-ins Weaponized to Exfiltrate Sensitive Email Data Source: cybersecuritynews.com/outlook-add-in… A significant architectural blind spot in the Microsoft 365 ecosystem that allows threat actors to exfiltrate sensitive email data without leaving forensic traces.

Investigadores reportaron una vulnerabilidad crítica en n8n (CVE-2026-1470, CVSS 9.9) que, bajo ciertas condiciones, podría permitir ejecución remota de código mediante el sistema de expresiones. El fallo afectaría a múltiples versiones y potencialmente expondría miles de

🚨 CVE-2026-1281 (CVSS 9.8): Ivanti Endpoint Manager Mobile Mobile Command Execution A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. Search by vul.cve Filter 👉 vul.cve="CVE-2026-1281" ZoomEye Dork 👉

Machine learning research offers four proven strategies to prevent people from gaming measures of organizational performance. mitsmr.com/45l9YUc

🚨 Hackers Exploiting Vulnerable IIS Servers to Inject Malicious Web Shells Source: cybersecuritynews.com/uat-8099-targe… A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia, with threat actors deploying sophisticated malware designed

🛡️ Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti & SmarterMail Source: cybersecuritynews.com/metasploit-exp… The latest update to the Metasploit Framework this week provides a significant enhancement for penetration testers and red teamers, introducing seven new exploit

🛠️ AutoPentestX - Automated Penetration Testing Toolkit Designed for Linux systems Source: cybersecuritynews.com/autopentestx-p… ▶️ AutoPentestX, an open-source automated penetration testing toolkit for Linux systems, enables comprehensive security assessments from a single command. ▶️

🛠️ Argus - Python-powered Toolkit for Information Gathering and Reconnaissance Source: cybersecuritynews.com/argus-python-t… Argus is a comprehensive Python-based toolkit designed for reconnaissance tasks in cybersecurity. The developers recently released version 2.0, expanding it to

⚠️ Hackers Hijacked Notepad++ Update Servers to Redirect Users to Malicious Servers Source: cybersecuritynews.com/notepad-hijack… The developer of Notepad++ has confirmed that a targeted attack by a likely Chinese state-sponsored threat actor compromised the project's former shared hosting

Han llegado cositas 😎 #AYNThor

⚠️#INCIBEaviso | #Notepad++ ha sufrido un incidente de seguridad y por ello, se recomienda actualizar a la versión 8.9.1 para mantener tu aplicación protegida. ➕ℹ️: notepad-plus-plus.org/news/hijacked-… #AvisosDeSeguridad #TI #Explotación

⚠️ #INCIBEaviso | Múltiples vulnerabilidades en #VMware Tanzu incibe.es/incibe-cert/al… #AvisosDeSeguridad #TI

⚠️ Hikvision Wireless Access Points Flaw Enables Malicious Command Execution Source: cybersecuritynews.com/hikvision-wire… A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw, tracked as

🚨COMUNIDAD: ATENCIÓN CON #OPENCLAW 🚨 El asistente de IA (antes #Clawdbot y #Moltbot), que actúa en tu sistema, usa tus sesiones y maneja tus datos, está de moda. Eso lo vuelve potente… pero también puede exponerte a riesgos de seguridad, a la vez que lo convierte en un

⚠️ Chrome Vulnerabilities Let Attackers Execute Arbitrary Code and Crash System Source: cybersecuritynews.com/chrome-vulnera… Google has released a critical security update for the Chrome Stable channel, addressing two high-severity vulnerabilities that expose users to potential arbitrary

🚨 CVE-2026-25253 (CVSS 8.8): OpenClaw Logical Flaw OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value. Search by vul.cve Filter 👉

⚠️ Hackers Exfiltrating NTDS.dit File to Gain Full Active Directory Access Source: cybersecuritynews.com/hackers-exfilt… Active Directory serves as the foundation of enterprise authentication systems, making it a prime target for sophisticated threat actors. The NTDS[.]dit database file,