All articles

12 published articles · search, filter and sort as you wish.

Orden

Showing 12 of 12 articles

Ciberataques26 may 2026

China's Webworm hits EU govs via Discord and Microsoft Graph

Chinese APT Webworm targets EU governments using Discord and Microsoft Graph API as covert command-and-control channels.

Restrict Discord and Microsoft Graph API access to only hosts that explicitly need it.
Enable Unified Audit Log in Azure and hunt for registered apps with suspicious Graph permissions.
Detect SoftEther VPN or SOCKS tunnel traffic originating from critical infrastructure hosts.

Gorka El Bochi Morillo

Leer artículo

CVE26 may 2026

CVE-2026-31635 DirtyDecrypt: public PoC for Linux kernel LPE

Public PoC released for CVE-2026-31635 (DirtyDecrypt), a Linux kernel local privilege escalation flaw discovered by Zellic and V12.

Leer artículo

Ciberataques26 may 2026

Linux rootkits, router 0-day, AI intrusions: 25 attacks

Attackers exploit trusted tokens, packages, and accounts across 25 incidents reported this week.

Leer artículo

Newsletter

Una historia al día. Cero ruido.

Elige las ramas que quieres recibir. Cancela cuando quieras.

1 email

/día

4 ramas

a elegir

20:00

CET

CVE · IA · Bug Bounty · Cyber
Sin spam, sin tracking invasivo

IA26 may 2026

RAMPART & Clarity: security testing for AI agents

Microsoft open-sources RAMPART and Clarity, two frameworks for security-testing AI agents at development time.

Leer artículo

Bug Bounty26 may 2026

Repo jacking on bundler.io: open supply chain attack

Repo jacking on bundler.io let an attacker claim Bundler's orphaned GitHub repo and inject malicious code into any Ruby project referencing it.

Leer artículo

Ciberataques26 may 2026

Megalodon: 5,561 GitHub repos hit with malicious CI/CD workflows

5,718 malicious commits pushed to 5,561 GitHub repos in six hours to steal CI/CD pipeline secrets.

Leer artículo

Newsletter BBLabs

Lo que importa hoy, filtrado por la IA.

Un email al día con los CVE críticos, breaches activos, writeups jugosos y novedades en IA.

Personaliza qué ramas recibes
Un email al día · ~20:00 CET
Cancela en un clic

Recibe el próximo

Sin spam · sin tracking invasivo · cancela en 1 clic

Ciberataques26 may 2026

FBI shuts down First VPN used by dozens of ransomware gangs

FBI shut down First VPN, a criminal VPN service used by dozens of ransomware groups for network reconnaissance and corporate intrusions.

Leer artículo

Ciberataques26 may 2026

Infosecurity Europe 2026: what to watch

Infosecurity Europe 2026 brings together ransomware, offensive AI, and critical infrastructure defense as the dominant themes in London.

Leer artículo

Bug Bounty26 may 2026

Jacob Butler arrested for running Kimwolf botnet

Canadian Jacob Butler, 23, arrested for running the Kimwolf botnet; US seeks extradition on federal hacking charges.

Leer artículo

Newsletter

Recibe lo más relevante en tu inbox, sin paja.

Un email al día con los CVE, breaches, writeups y novedades en IA que de verdad importan. Cancela cuando quieras.

IA26 may 2026

Anthropic's restricted Mythos model may ship inside Claude Code

Anthropic is preparing to roll out Mythos to Claude Code, a restricted model flagged for major security risks to public and private software.

Leer artículo

CVE24 may 2026

CVE-2026-34926: Apex One zero-day actively exploited

CVE-2026-34926, a directory traversal zero-day in TrendAI Apex One on-premise, is being actively exploited in the wild; patch is available.

Leer artículo

Bug Bounty24 may 2026

KimWolf botnet admin charged: 2M devices, US-Canada joint op

US and Canadian authorities charged a Canadian national for running KimWolf, a DDoS botnet that infected nearly two million devices worldwide.

Leer artículo