Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said…
Ejecución de código en remoto en DIAView de Delta Electronics Vie, 23/01/2026 – 09:33 Aviso SCI Recursos Afectados DIAView versiones anteriores a V4.2.0, incluida. Descripción Un investigador anónimo de Trend Zero Day ha informado sobre 1 vulnerabilidad de severidad alta que, en caso de ser exitosamente explotada, podría permitir a un atacante ejecutar código arbitrario. …
La reciente incautación de 300 servidores SIM y 100.000 tarjetas SIM por parte del Servicio Secreto de Estados Unidos en Nueva York pone de relieve un creciente problema de seguridad nacional: la utilización de la infraestructura de telecomunicaciones como arma para el fraude, el espionaje y las operaciones cibernéticas a gran escala. Si bien los SIM Box o SIM servidores se…
Visual Studio Code is a popular open-source code editor[1]. But it’s much more than a simple editor, it’s a complete development platform that supports many languages and it is available on multiple platforms. Used by developers worldwide, it’s a juicy target for threat actors because it can be extended with extensions.
A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats. The findings are based on
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the «Autonomous SOC» and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We…
Cinco extensiones maliciosas de Chrome han sido detectadas robando datos sensibles de plataformas empresariales como Workday, NetSuite y SuccessFactors. El ataque permite a los ciberdelincuentes secuestrar sesiones y bloquear defensas, poniendo en riesgo la seguridad de compañías y empleados. El uso de extensiones en navegadores web es habitual para mejorar la productividad, pero también representa…
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security’s Head of Research, Liad Eliyahu, said, made it possible to circumvent Google Calendar’s privacy controls by hiding a…
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed…
La reciente incautación de 300 servidores SIM y 100.000 tarjetas SIM por parte del Servicio Secreto de Estados Unidos en Nueva York pone de relieve un creciente problema de seguridad nacional: la utilización de la infraestructura de telecomunicaciones como arma para el fraude, el espionaje y las operaciones cibernéticas a gran escala. Si bien los SIM Box o SIM servidores se…