Uncategorized

The New York Times has published new details about a purported cyberattack that unnamed US officials claim plunged parts of Venezuela into darkness in the lead-up to the capture of the country’s president, Nicolás Maduro. Key among the new details is that the cyber operation was able to turn off electricity for most residents in the capital city of Caracas for only a few minutes, though in some neighborhoods close to the military base where Maduro was seized, the outage lasted for three days. The cyber-op also targeted Venezuelan military radar defenses. The paper said the US Cyber Command was involved. Got more details? “Turning off the power in Caracas and interfering with radar allowed US military helicopters to move into the country undetected on their mission to capture Nicolás Maduro, the Venezuelan president who has now been brought to the United States to face drug charges,” the NYT reported. The NYT provided few additional details. Left out were the methods purportedly used. When Russia took out electricity in December 2015, for instance, it used general-purpose malware known as BlackEnergy to first penetrate the corporate networks of the targeted power companies and then further encroach into the supervisory control and data acquisition systems the companies used to generate and transmit electricity. The Russian attackers then used legitimate power distribution functionality to trigger the failure, which took out power to more than 225,000 people for more than six hours, when grid workers restored it. Ars Video What Happens to the Developers When AI Can Code? | Ars Frontiers In a second attack almost exactly a year later, Russia used a much more sophisticated piece of malware to take out key parts of the Ukrainian power grid. Named Industroyer and alternatively Crash Override, it’s the first known malware framework designed to attack electric grid systems directly. As I reported in 2017: What makes Crash Override so sophisticated is its ability to use the same arcane technical protocols that individual electric grid systems rely on to communicate with one another. As such, the malware is more notable for its mastery of the industrial processes used by global grid operators than its robust code. Its fluency in the low-level grid languages allowed it to instruct Ukrainian devices to de-energize and re-energize substation lines, a capability not seen in the attack a year earlier that used a much cruder set of tools and techniques. The concern is that “Industroyer”—the other name given to the malware—can be used against a broad range of electric systems around the world. Besides the lack of details of the purported hack of Venezuela’s power infrastructure, electricity experts have said that the country’s grid has been in disrepair for years. It’s feasible, they say, that power went out due to inadequate maintenance and investment. Another reason for skepticism is that Venezuela’s government said US missiles were at least partially to blame. An unconfirmed video circulating on social media also purports to show a bombed-out substation. Whether through kinetic or cyber attacks, military strikes on power grids have been controversial because the collateral damage they cause can take out hospitals and other infrastructure that’s crucial to civilians’ survival. The NYT said the strike on Venezuela’s power infrastructure “demonstrated [the] precision” of US cyber capabilities and showed the US “could use cyberweapons with powerful and precise effects.” If the attacks were indeed the result of cyber intrusions, there will likely be ample forensic evidence for independent experts in security power grids to confirm. Until then, there’s reason to withhold final judgment. Image Credits: Getty Images Referencia: Arstechnica

Every year, TechCrunch looks back at the cybersecurity horror shows of the past 12 months — from the biggest data breaches to hacks resulting in weeks of disruption — to see what we can learn. This year, the data breaches were like nothing we’ve seen before.  Here’s our look back at some of the biggest security incidents of 2025, starting with: The U.S. federal government was breached, several times over The U.S. government remained one of the biggest targets in cyberspace. The year started with a brazen cyberattack by Chinese hackers on the U.S. Treasury, followed by the breaching of several federal agencies, including the agency tasked with safeguarding U.S. nuclear weapons, thanks to a SharePoint security flaw. All the while, the Russian hackers were stealing sealed records from the U.S. Courts’ filing system, sending alarm bells ringing across the federal judiciary. But nothing quite came as close as DOGE ripping through federal government departments and databases in what became the biggest raid of U.S. government data in its history. The Trump administration’s Department of Government Efficiency, or DOGE as it was widely known, led by Elon Musk and his band of private sector lackeys, violated federal protocols and defied common security practices. They ransacked federal databases of citizens’ data, despite warnings of the national security risks and conflicts of interests over Musk’s overseas business dealings. Legal experts say that DOGE staffers are “personally liable” under U.S. hacking laws, though a court would also have to agree. Musk’s subsequent, very public falling out with President Trump saw the billionaire leave DOGE, and left staffers fearing that they could face federal charges without his protection. Hackers are extorting dozens of companies whose Oracle E-Business servers were breached In late September, senior executives at American corporate giants began receiving threatening emails from a prolific ransomware and extortion group called Clop. The emails included an attached copy of their personal information — and a ransom demand for several million dollars not to publish it. Months earlier, the Clop gang had quietly exploited a never-before-seen vulnerability in Oracle’s E-Business software, a suite of applications used for hosting a company’s core business information, such as financial and human resources records, supply chain data, and customer databases. The vulnerability allowed Clop to steal reams of sensitive employee data, including data belonging to executives, from dozens of organizations that rely on Oracle’s software. Oracle had no idea until it was caught out in October as it was scrambling to patch the vulnerability. It was too late, though: The hackers had already stolen gobs of data from universities, hospitals and health systems, media organizations, and more. This was Clop’s most recent mass-hacking campaign. The group had previously exploited flaws in enterprise file-transfer services, such as GoAnywhere, MOVEit, and Cleo Software, which tech giants use to share large amounts of information over the internet. Hacker collective steals at least 1 billion records from Salesforce databases Salesforce customers had a rough year after two separate data breaches at downstream tech companies allowed hackers to steal a billion records of customer data stored in Salesforce’s cloud.  Hackers targeted at least two companies, Salesloft and Gainsight, both of which allow their customers to handle and analyze the data that they store in Salesforce.  By breaching these companies directly, the hackers gained access to all of the data through their customer connections to Salesforce. Some of the largest tech giants had data stolen in the breaches, including Bugcrowd, Cloudflare, Google, Proofpoint, Docusign, GitLab, LinkedIn, SonicWall, and Verizon. A hacking collective known as Scattered Lapsus$ Hunters, made up of members from different hacking groups, including ShinyHunters, published a data leak site advertising the stolen records in exchange for a ransom paid by the victims. New victims are still rolling in. Hackers ransack the U.K. retail sector, and disrupt operations at Jaguar Land Rover, denting the economy Hackers tore through the U.K. retail sector earlier this year, stealing data from Marks & Spencer and at least 6.5 million customer records from the Co-op. The back-to-back hacks sparked outages and disruption across the retailers’ networks, and some grocery shelves went empty as the systems used to support the retailers were knocked out. Luxury store Harrods was also later hacked. But a major cyberattack targeting Jaguar Land Rover, one of the country’s biggest employers, left a dent in the U.K. economy. A September hack and data breach saw JLR’s car plant stall production for months as the company worked to get its systems back up and running.  The fallout affected JLR’s suppliers across the U.K., some of whom went out of business altogether. The U.K. government ended up guaranteeing a bailout to the tune of £1.5 billion to ensure Jaguar Land Rover employees and suppliers got paid during the shutdown. U.K. security experts said the breach was the most economically damaging cyberattack to hit the United Kingdom in history, showing that disruption may be more valuable for financially motivated hackers than stolen data. South Korea sees months of hacks and data breaches South Korea experienced a major data breach every month this year, and the personal data of millions of its citizens was compromised thanks to security lapses and shoddy data practices at the country’s biggest tech and phone providers. The country’s largest phone company, SK Telecom, was hacked and 23 million customer records were exposed; several cyberattacks were attributed to its hostile North Korean neighbor; and a massive data center fire wiped out years of Korean government data that wasn’t backed up. But the cherry on the data breach cake was the months-long theft of some 33 million customers’ personal information from Coupang, the country’s retail giant that some call Asia’s Amazon. The data theft began in June, but wasn’t detected until November, and ultimately led to the company’s chief executive resigning. Image Credits: John Webb / Getty Images Referencia: Techcrunch

Cybercriminals stole $2.7 billion in crypto this year, a new record for crypto-stealing hacks, according to blockchain-monitoring firms. Once again, in 2025, there were dozens of crypto heists hitting several cryptocurrency exchanges and other web3 and decentralized finance (DeFi) projects. The biggest hack by far was the breach at Dubai-based crypto exchange Bybit, where hackers stole around $1.4 billion in crypto. Blockchain analysis firms, as well as the FBI, accused North Korean government hackers — the most prolific group targeting crypto in the last few years — of this massive heist.   This was the largest known loot of crypto of all time, and one of the largest financial heists in the history of humanity. Before the Bybit hack, the largest crypto thefts netted $624 million and $611 million for hackers in the 2022 breaches against the Ronin Network and the Poly Network, respectively.  Cryptocurrency-monitoring firms Chainalysis and TRM Labs both estimated a total of $2.7 billion stolen in crypto in 2025, per data shared with TechCrunch. Chainalysis also tracked another $700,000 stolen from individual crypto wallets, the company said.  De.Fi, the web3 security firm running the REKT database that tracks crypto thefts, also estimated $2.7 billion in stolen and hacked crypto last year.  As usual, North Korean government hackers were the most successful crypto thieves throughout 2025, after stealing at least $2 billion, according to Chainalysis and Elliptic, which estimated that Kim Jong Un’s hackers have stolen around $6 billion since 2017. North Korea uses crypto thefts to fund its sanctioned nuclear weapons program. Other significant crypto hacks this year included the one against Cetus, a decentralized exchange, which netted the hackers $223 million; the breach against Balancer, a protocol built on the Ethereum blockchain, which resulted in a loss of $128 million; and the one against the crypto exchange Phemex, where cybercriminals stole more than $73 million.  Cybercriminals targeting crypto exchanges and other DeFi projects are not slowing down. In 2024, hackers stole $2.2 billion in crypto, while the year before, in 2023, the total was $2 billion.  Image Credits: alexsl / Getty Images Referencia: Techcrunch

It’s the end of the year. That means it’s time for us to celebrate the best cybersecurity stories we didn’t publish. Since 2023, TechCrunch has looked back at the best stories across the board from the year in cybersecurity. If you’re not familiar, the idea is simple. There are now dozens of journalists who cover cybersecurity in the English language. There are a lot of stories about cybersecurity, privacy, and surveillance that are published every week. And a lot of them are great, and you should read them. We’re here to recommend the ones we liked the most, so keep in mind that it’s a very subjective and, at the end of the day, incomplete list.  Anyway, let’s get into it. — Lorenzo Franceschi-Bicchierai Shane Harris described how he cultivated a senior Iranian hacker as a source, who was then killed Every once in a while, there’s a hacker story that as soon as you start reading, you think it could be a movie or a TV show. This is the case with Shane Harris’ very personal tale of his months-long correspondence with a top Iranian hacker.  In 2016, The Atlantic’s journalist made contact with a person claiming to work as a hacker for Iran’s intelligence, where he claimed to have worked on major operations, such as the downing of an American drone and the now-infamous hack against oil giant Saudi Aramco, where Iranian hackers wiped the company’s computers. Harris was rightly skeptical, but as he kept talking to the hacker, who eventually revealed his real name to him, Harris started to believe him. When the hacker died, Harris was able to piece together the real story, which somehow turned out to be more incredible than the hacker had led Harris to believe.  The gripping story is also a great behind-the-scenes look at the challenges cybersecurity reporters face when dealing with sources claiming to have great stories to share. The Washington Post revealed a secret order demanding Apple let U.K. officials spy on users’ encrypted data In January, the U.K. government secretly issued Apple with a court order demanding that the company build a back door so police can access the iCloud data of any customer in the world. Due to a worldwide gag order, it was only because The Washington Post broke the news that we learned the order existed to begin with. The demand was the first of its kind, and — if successful — would be a major defeat for tech giants who have spent the past decade locking themselves out of their users’ own data so they can’t be compelled to provide it to governments. Apple subsequently stopped offering its opt-in end-to-end encrypted cloud storage to its customers in the U.K. in response to the demand. But by breaking the news, the secret order was thrust into the public eye and allowed both Apple and critics to scrutinize U.K. surveillance powers in a way that hasn’t been tested in public before. The story sparked a months-long diplomatic row between the U.K. and the United States, prompting Downing Street to drop the request — only to try again several months later. “The Trump administration accidentally texted me its war plans” by The Atlantic is this year’s best headline This story was the sort of fly-on-the-wall access that some reporters would dream of, but The Atlantic’s editor-in-chief got to play out in real time after he was unwittingly added to a Signal group of senior U.S. government officials by a senior U.S. government official discussing war plans on their cell phones.  Reading the discussion about where U.S. military forces should drop bombs — and then seeing news reports of missiles hitting the ground on the other side of the world — was confirmation that Jeffrey Goldberg needed to know that he was, as he suspected, in a real chat with real Trump administration officials, and this was all on-the-record and reportable. And so he did, paving the way for a months-long investigation (and critique) of the government’s operational security practices, in what was called the biggest government opsec mistake in history. The unraveling of the situation ultimately exposed security lapses involving the use of a knock-off Signal clone that further jeopardized the government’s ostensibly secure communications. Brian Krebs tracked down a prolific hacker group admin as a Jordanian teenager Brian Krebs is one of the more veteran cybersecurity reporters out there, and for years he has specialized in following online breadcrumbs that lead to him revealing the identity of notorious cybercriminals. In this case, Krebs was able to find the real identity behind a hacker’s online handle Rey, who is part of the notorious advanced persistent teenagers‘ cybercrime group that calls itself Scattered LAPSUS$ Hunters. Krebs’ quest was so successful that he was able to talk to a person very close to the hacker — we won’t spoil the whole article here — and then the hacker himself, who confessed to his crimes and claimed he was trying to escape the cybercriminal life.  Airlines shut down program that sold billions of flight records to the government after 404 Media’s reporting Independent media outlet 404 Media has accomplished more impact journalism this year than most mainstream outlets with vastly more resources. One of its biggest wins was exposing and effectively shuttering a massive air travel surveillance system tapped by federal agencies and operating in plain sight. 404 Media reported that a little-known data broker set up by the airline industry called the Airlines Reporting Corporation was selling access to 5 billion plane tickets and travel itineraries, including names and financial details of ordinary Americans, allowing government agencies like ICE, the State Department, and the IRS to track people without a warrant. ARC, owned by United, American, Delta, Southwest, JetBlue, and other airlines, said it would shut down the warrantless data program following 404 Media’s months-long reporting and intense pressure from lawmakers. Wired made the 3D-printed gun that Luigi Mangione allegedly used to kill a healthcare executive to test the legalities of “ghost guns” The killing of UnitedHealthcare CEO Brian Thompson in December 2024 was one of the biggest stories of the year. Luigi Mangione, the

It was a normal day when Jay Gibson got an unexpected notification on his iPhone. “Apple detected a targeted mercenary spyware attack against your iPhone,” the message read. Ironically, Gibson used to work at companies that developed exactly the kind of spyware that could trigger such a notification. Still, he was shocked that he received a notification on his own phone. He called his father, turned off and put his phone away, and went to buy a new one. “I was panicking,” he told TechCrunch. “It was a mess. It was a huge mess.”   Gibson is just one of an ever-increasing number of people who are receiving notifications from companies like Apple, Google, and WhatsApp, all of which send similar warnings about spyware attacks to their users. Tech companies are increasingly proactive in alerting their users when they become targets of government hackers, and in particular those who use spyware made by companies such as Intellexa, NSO Group, and Paragon Solutions. But while Apple, Google, and WhatsApp alert, they don’t get involved in what happens next. The tech companies direct their users to people who could help, at which point the companies step away. This is what happens when you receive one of these warnings.  Warning  You have received a notification that you were the target of government hackers. Now what?  First of all, take it seriously. These companies have reams of telemetry data about their users and what happens on both their devices and their online accounts. These tech giants have security teams that have been hunting, studying, and analyzing this type of malicious activity for years. If they think you have been targeted, they are probably right.  It’s important to note that in the case of Apple and WhatsApp notifications, receiving one doesn’t mean you were necessarily hacked. It’s possible that the hacking attempt failed, but they can still tell you that someone tried.  In the case of Google, it’s most likely that the company blocked the attack and is telling you so you can go into your account and make sure you have multi-factor authentication on (ideally a physical security key or passkey), and also turn on its Advanced Protection Program, which also requires a security key and adds other layers of security to your Google account. In other words, Google will tell you how to better protect yourself in the future.  In the Apple ecosystem, you should turn on Lockdown Mode, which switches on a series of security features that makes it more difficult for hackers to target your Apple devices. Apple has long claimed that it has never seen a successful hack against a user with Lockdown Mode enabled, but no system is perfect.  Mohammed Al-Maskati, the director of Access Now’s Digital Security Helpline, a 24/7 global team of security experts who investigate spyware cases against members of civil society, shared with TechCrunch the advice that the helpline gives people who are concerned that they may be targeted with government spyware. This advice includes keeping your devices’ operating systems and apps up-to-date; switching on Apple’s Lockdown Mode and Google’s Advanced Protection for accounts and for Android devices; being careful with suspicious links and attachments; restarting your phone regularly; and paying attention to changes in how your device functions. Contact Us Have you received a notification from Apple, Google, or WhatsApp about being targeted with spyware? Or do you have information about spyware makers? We would love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Reaching out for help What happens next depends on who you are.  There are open source and downloadable tools that anyone can use to detect suspected spyware attacks on their devices, which requires a little technical knowledge. You can use the Mobile Verification Toolkit, or MVT, a tool that lets you look for forensic traces of an attack on your own, perhaps as a first step before looking for assistance.  If you don’t want or can’t use MVT, you can go straight to someone who can help. If you are a journalist, dissident, academic, or human rights activist, there are a handful of organizations that can help.  You can turn to Access Now and its Digital Security Helpline. You can also contact Amnesty International, which has its own team of investigators and ample experience in these cases. Or, you can reach out to The Citizen Lab, a digital rights group at the University of Toronto, which has been investigating spyware abuses for almost 15 years.  If you are a journalist, Reporters Without Borders also has a digital security lab that offers to investigate suspected cases of hacking and surveillance.  Outside of these categories of people, politicians or business executives, for example, will have to go elsewhere.  If you work for a large company or political party, you likely have a competent (hopefully!) security team you can go straight to. They may not have the specific knowledge to investigate in depth, but in that case they probably know who to turn to, even if Access Now, Amnesty, and Citizen Lab cannot help those outside of civil society.  Otherwise, there aren’t many places executives or politicians you can turn to, but we have asked around and found the ones below. We can’t fully vouch for any of these organizations, nor do we endorse them directly, but based on suggestions from people we trust, it’s worth pointing them out.  Perhaps the most well known of these private security companies is iVerify, which makes an app for Android and iOS, and gives users an option to ask for an in-depth forensic investigation.  Matt Mitchell, a well-regarded security expert who’s been helping vulnerable populations protect themselves from surveillance, has a new startup called Safety Sync Group, which offers this kind of service.  Jessica Hyde, a forensic investigator with experience in the public and private sectors, has her own startup called Hexordia, and offers to investigate suspected hacks.  Mobile cybersecurity company Lookout, which has experience analyzing government spyware from around the world, has an online form that allows people to reach out for help to investigate cyberattacks involving malware,

Instagram says that although some users received suspicious-looking password reset requests, it has not been breached. That seemingly contradicts a Friday Bluesky post from antivirus software company Malwarebytes, which shared a screenshot of an email from Instagram informing users of a request to reset their password. The post claimed, “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.” This data, Malwarebytes added, “is available for sale on the dark web and can be abused by cybercriminals.” However, Instagram subsequently posted (on X, rather than Instagram or Threads) that it had “fixed an issue that let an external party request password reset emails for some people.” The company did not offer any details about the external party or the specific issue, but its post concluded, “You can ignore those emails — sorry for any confusion.” Image Credits: stockcam/ Getty Images Referencia: Techcrunch

On Tuesday, U.K.-based Iranian activist Nariman Gharib tweeted redacted screenshots of a phishing link sent to him via a WhatsApp message. “Do not click on suspicious links,” Gharib warned. The activist, who is following the digital side of the Iranian protests from afar, said the campaign targeted people involved in Iran-related activities, such as himself. This hacking campaign comes as Iran grapples with the longest nationwide internet shutdown in its history, as anti-government protests — and violent crackdowns — rage across the country. Given that Iran and its closest adversaries are highly active in the offensive cyberspace (read: hacking people), we wanted to learn more.  Gharib shared the full phishing link with TechCrunch soon after his post, allowing us to capture a copy of the source code of the phishing web page used in the attack. He also shared a write-up of his findings. TechCrunch analyzed the source code of the phishing page, and with added input from security researchers, we believe the campaign aimed to steal Gmail and other online credentials, compromise WhatsApp accounts, and conduct surveillance by stealing location data, photos, and audio recordings.  It is unclear, however, if the hackers were government-linked agents, spies, or cybercriminals — or all three.  TechCrunch also identified a way to view a real-time copy of all the victims’ responses saved on the attacker’s server, which was left exposed and accessible without a password. This data revealed dozens of victims who had unwittingly entered their credentials into the phishing site and were subsequently likely hacked. The list includes a Middle Eastern academic working in national security studies; the boss of an Israeli drone maker; a senior Lebanese cabinet minister; at least one journalist; and people in the United States or with U.S. phone numbers.  TechCrunch is publishing our findings after validating much of Gharib’s report. The phishing site is now down. Inside the attack chain According to Gharib, the WhatsApp message he received contained a suspicious link, which loaded a phishing site in the victim’s browser. The link shows that the attackers relied on a dynamic DNS provider called DuckDNS for their phishing campaign. Dynamic DNS providers allow people to connect easy-to-remember web addresses — in this case, a duckdns.org subdomain — to a server where its IP address might frequently change.  It’s not clear whether the attackers shut down the phishing site of their own accord or were caught and cut off by DuckDNS. We reached out to DuckDNS with inquiries, but its owner Richard Harper requested that we send an abuse report instead. From what we understand, the attackers used DuckDNS to mask the real location of the phishing page, presumably to make it look like a genuine WhatsApp link.  The phishing page was actually hosted at alex-fabow.online, a domain that was first registered in early November 2025. This domain has several other, related domains hosted on the same dedicated server, and these domain names follow a pattern that suggests the campaign also targeted other providers of virtual meeting rooms, like meet-safe.online and whats-login.online. We’re not sure what happens while the DuckDNS link loads in the victim’s browser, or how the link determines which specific phishing page to load. It may be that the DuckDNS link redirects the target to a specific phishing page based on information it gleans from the user’s device. The phishing page would not load in our web browser, preventing us from directly interacting with it. Reading the source code of the page, however, allowed us to better understand how the attack worked. Gmail credential and phone number phishing Depending on the target, tapping on a phishing link would open a fake Gmail login page, or ask for their phone number, and begin an attack flow aimed at stealing their password and two-factor authentication code.  But the source code of the phishing page code had at least one flaw: TechCrunch found that by modifying the phishing page’s URL in our web browser, we could view a file on the attacker’s servers that was storing records of every victim who had entered their credentials.  The file contained over 850 records of information submitted by victims during the attack flow. These records detailed each part of the phishing flow that the victim was in. This included copies of the usernames and passwords that victims had entered on the phishing page, as well as incorrect entries and their two-factor codes, effectively serving as a keylogger.  The records also contained each victim’s user agent, a string of text that identifies the operating system and browser versions used to view websites. This data shows that the campaign was designed to target Windows, macOS, iPhone, and Android users. The exposed file allowed us to follow the attack flow step-by-step for each victim. In one case, the exposed file shows a victim clicking on a malicious link, which opened a page that looked like a Gmail sign-in window. The log shows the victim entering their email credentials several times until they enter the correct password.  The records show the same victim entering their two-factor authentication code sent to them by text message. We can tell this because Google sends two-factor codes in a specific format (usually G-xxxxxx, featuring a six-digit numerical code). WhatsApp hijack and browser data exfiltration Beyond credential theft, this campaign also seemed to enable surveillance by tricking victims into sharing their location, audio, and pictures from their device. In Gharib’s case, tapping on the link in the phishing message opened a fake WhatsApp-themed page in his browser, which displayed a QR code. The lure aims to trick the target into scanning the code on their device, purportedly to access a virtual meeting room. Image Credits: Matthias Balk / Getty Images Referencia: Techcrunch

A hacker posted the personal data of several of his hacking victims on his Instagram account, @ihackthegovernment, according to a court document. Last week, Nicholas Moore, 24, a resident of Springfield, Tennessee, pleaded guilty to repeatedly hacking into the U.S. Supreme Court’s electronic document filing system. At the time, there were no details about the specifics of the hacking crimes Moore was admitting to.  On Friday, a newly filled document — first spotted by Court Watch’s Seamus Hughes — revealed more details about Moore’s hacks. Per the filing, Moore hacked not only into the Supreme Court systems, but also the network of AmeriCorps, a government agency that runs stipend volunteer programs, and the systems of the Department of Veterans Affairs, which provides healthcare and welfare to military veterans.  Moore accessed those systems using stolen credentials of users who were authorized to access them. Once he gained access to those victims’ accounts, Moore accessed and stole their personal data and posted some online to his Instagram account: @ihackthegovernment.  In the case of the Supreme Court victim, identified as GS, Moore posted their name and “current and past electronic filing records.”  In the case of the AmeriCorps victim, identified as SM, Moore boasted that he had access to the organization’s servers and published the victim’s “name, date of birth, email address, home address, phone number, citizenship status, veteran status, service history, and the last four digits of his social security number.”  And, in the case of the victim at the Department of Veterans Affairs, identified as HW, Moore posted the victim’s identifiable health information “when he sent an associate a screenshot from HW’s MyHealtheVet account that identified HW and showed the medications he had been prescribed.” According to the court document, Moore faces a maximum sentence of one year in prison and a maximum fine of $100,000. Image Credits: Tomasz Zielonka / Unsplash Referencia: Techcrunch

El Cybersecurity Report anual de Hornetsecurity, ha revelado que los delincuentes han adoptado técnicas de automatización, inteligencia artificial e ingeniería social a una velocidad sin precedentes, mientras que empresas e instituciones han tratado de adaptar sus programas de gobernanza, resiliencia y concienciación para defenderse y estar a la altura. Así lo confirma el análisis de más de 6.000 millones de correos electrónicos al mes (72.000 millones al año). La compañía ha descubierto que el correo electrónico ha sido un vector de entrada constante para los ciberataques en 2025. Los correos electrónicos cargados con malware aumentaron un 131% interanual, así como las estafas por correo electrónico (+34,7%) o el phishing (+21%). Los ciberdelincuentes han podido crear contenidos fraudulentos más convincentes gracias a la IA generativa, y más de tres cuartas partes de los CISOs (77%) han identificado al phishing generado por IA como una amenaza grave y emergente. No obstante, los sistemas de defensa están trabajando para ponerse al día y el 68% de las organizaciones han invertido ya este año en capacidades de detección y protección basadas en IA contra este tipo de amenazas. Daniel Hofmann, CEO de Hornetsecurity, afirma que “la IA es tanto una herramienta como un objetivo, y los vectores de ataque están creciendo más rápido de lo que muchos creen. El resultado es una carrera armamentística en la que ambas partes utilizan el machine learning para, por un lado, engañar; y, por otro, defenderse y prevenir”. “Los delincuentes recurren cada vez más a la IA generativa y la automatización para identificar vulnerabilidades, generar señuelos de phishing más convincentes y orquestar intrusiones en varias etapas con una supervisión humana mínima”, concluye Daniel Hofmann. Amenazas emergentes para la ciberseguridad derivadas de la IA: fraude de identidad sintética y deepfakes El potencial del uso indebido de la IA se ha convertido en una tendencia clara del actual panorama de amenazas. Así, el 61% de los CISOs cree que la IA ha aumentado directamente el riesgo de sufrir ataques de ransomware. Además, sus principales preocupaciones son el fraude de identidad sintética, que utiliza la IA para generar documentos y credenciales; la clonación de voz y los vídeos deepfake, para suplantar a usuarios; el ataque de poisoning, donde datos maliciosos corrompen los sistemas internos de IA; y el uso indebido de herramientas públicas de IA por parte de los empleados. Todas estas tecnologías emergentes difuminan la línea entre la actividad legítima y la maliciosa, lo que hace que los controles de seguridad tradicionales sean menos eficaces, especialmente cuando los ciberdelincuentes buscan comprometer la confianza en lugar de forzar el acceso. Una brecha en la concienciación de los líderes empresariales en materia de IA Incluso cuando las empresas refuerzan su capacidad de recuperación, muchas corren el riesgo de quedarse ancladas en objetivos obsoletos. La próxima ola de ataques se centrará en algo menos tangible pero más poderoso: la confianza. Los CISOs han percibido este año una gran disparidad en la comprensión de los riesgos relacionados con la IA por parte de los directivos de las empresas. Algunos informaron de que sus altos ejecutivos tenían una «profunda conciencia» de estas amenazas, pero otros admitieron que no tenían «ninguna comprensión real» del papel de la IA en este tipo de ataques. La respuesta media general indica que existe cierta conciencia, pero los avances eran inconsistentes y variaban mucho de una empresa a otra. De cara al futuro, la resiliencia impulsada por un cambio cultural y no solo por la prevención, definirá el éxito de la ciberseguridad en 2026. Hofmann añade que “los resultados de nuestro informe demuestran que las organizaciones están aprendiendo a recuperarse sin negociar. Pero los esfuerzos internos de concienciación sobre la seguridad deben evolucionar al mismo ritmo de la adopción de la IA”.  “Pocas juntas directivas realizan simulaciones de ciber crisis y los manuales de estrategias interfuncionales siguen siendo la excepción y no la norma. A medida que la desinformación impulsada por la IA y la extorsión realizada a través de deepfakes se vuelven más comunes, una cultura de seguridad basada en la preparación y respaldada por la concienciación sobre la IA, tendrá que ser un objetivo para 2026”. Referencia e imagen : cybersecuritynews

Windows 10, con todas sus ventajas, es vulnerable a los ciberataques y a las herramientas de pesca. Para evitar cualquier problema con su PC y el sistema operativo, debe elegir cuidadosamente cada software. Desde la edición de vídeo hasta el trabajo con documentos, el soft debe cumplir con las más nuevas medidas de ciberseguridad. Vea cuáles son los principales programas para cada ámbito. Antivirus ¿Realmente los necesita en 2024? Algunos usuarios dicen que los sistemas operativos ya están protegidos por programas de seguridad interna. Esto es cierto. Sin embargo, es necesario instalar protección adicional. Lo que es cierto es que no necesariamente hay que pagar. Incluso un antivirus gratis para Windows puede completar la tarea básica de seguridad. Para 2024, el software líder es el siguiente: Para uso personal, las herramientas gratuitas de cyberseguridad de Microsoft son más que suficientes. Pero si trabaja en una red corporativa, considere las aplicaciones ampliadas. Grabadores de pantalla Los grabadores de pantalla son herramientas para PC esenciales para tareas de trabajo, creatividad e incluso para compartir contenidos. Además, nunca sabrá cuándo va a necesitar una. Puede elaborar vídeos educativos, grabar tutoriales o mostrar cómo haces algo en su PC. También es una herramienta esencial para grabar reuniones de negocios y conferencias. Una de las mejores herramientas para grabar pantalla Windows 10 es Movavi Screen Recorder. Esta herramienta de screen recording es fácil de instalar, y luego utilizar. El programa le permite grabar la pantalla completa o su parte, o solo hacer un video de un programa / página del navegador web. Es una opción realmente cómoda. Además, la aplicación ofrece una serie de teclas de acceso rápido. Otro grabador de pantalla es Apower. Este programa tiene varias funciones para tareas de vídeo, y grabar pantalla es una de ellas. Todo lo que necesita es descargar el software y darle permiso para grabar su pantalla. Editores de vídeo Puede encontrar fácilmente editores de vídeo gratis para PC Windows. Pero, ¿son lo suficientemente seguros? Para garantizar una experiencia sin problemas, solo descargue un editor de video con licencias oficiales. Deben ser programas de desarrolladores fiables y estar disponibles en sus sitios web oficiales. Para las necesidades básicas, el editor OpenShot debería ser suficiente. Esta herramienta está disponible para el sistema operativo Windows y garantiza todas las tareas básicas. Puede cortar y recortar vídeos, crear videoclips y utilizar efectos de sonido y elementos de audio. Con este editor, puede elaborar materiales promocionales, contenidos para redes sociales y otros proyectos. Otra idea para un uso seguro son los editores en línea. Por ejemplo, herramientas como WeVideo no necesitan instalación. Todo lo que necesita es abrir el servicio online y subir sus materiales de vídeo. Estas herramientas son mucho más fiables que cualquier otra que descargue. En WeVideo puede realizar todas las tareas relacionadas con el corte y la edición de vídeo. Reproductores de vídeo Para utilizar todas las funciones de su PC, definitivamente necesitará descargar reproductores de video para Windows 10. Este software le permite abrir vídeos de varios formatos descargados en su PC. El principal reproductor de vídeo para Windows 10 es sin duda VLC Media Player. Esta herramienta funciona con todos los formatos posibles de Windows y también ofrece una serie de plugins web para su navegador. Otro reproductor multimedia que hay que tener por si acaso es Adobe Flash Player. Este se utiliza a menudo para ver contenidos en línea. Pero tenga en cuenta que los productos de Adobe son de pago y, para garantizar la seguridad, solo debería descargarlos del sitio web oficial. Algunos consejos más: Proteja su PC Una grave vulnerabilidad en Windows es bien conocida entre los usuarios. Infelizmente, ni siquiera un soft con licencia puede protegerlo totalmente. Vea cuáles son otros principios para salvaguardar su Windows 10 o Windows 11. Por último, evite descargar programas y herramientas piratas. A pesar de ser gratuitos y fáciles de encontrar, pueden contener archivos dañinos. Desde simples cuelgues hasta ciberataques, pueden dañar enormemente su PC o incluso hacerse con su control. Visite siempre los sitios web oficiales de software para descargar un programa de una fuente oficial. Referencia e imagen: cybersecuritynews