Micro-píndoles informatives per prevenir fraus o actuar després de patir-los
Últimas alertas de organismos oficiales y fuentes verificadas sobre fraudes, ciberseguridad y riesgos emergentes.
Recibe las fichas de fraudes y novedades del portal en tu lector RSS, sin algoritmos ni publicidad.
https://scam-alert.org/ca/rss.xml Compatible con Feedly, Inoreader, NetNewsWire, Reeder y cualquier lector RSS.
¿Qué es RSS?
Estándar abierto para recibir actualizaciones de webs en una app, sin crear cuenta ni ver publicidad. Instala Feedly o Inoreader y pega la URL del feed.
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. "The attacker
Leer más →(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Leer más →Los mediadores francoalemanes no han logrado acuerdo entre Dassault y Airbus, según ‘Handelsblatt’. El canciller alemán se reunirá con Macron el jueves en Chipre y antes de esa cita debe resolver si mantiene a Berlín dentro del mayor programa militar europeo del siglo.
Leer más →Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. [...]
Leer más →Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters. [...]
Leer más →The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. [...]
Leer más →El liderazgo implica control y responsabilidad. En el caso de Sánchez, su perfil autocrático hace axiomático que conociera lo que ocurría bajo su mando.
Leer más →Las notificaciones fantasma son señales de una vida conectada en exceso.
Leer más →El Instituto Nacional de Estándares y Tecnología (NIST) seguirá añadiendo CVE, pero ha comunicado que únicamente actualizará los detalles de aquellas fallas que cumplan ciertos criterios.
Leer más →En un mensaje difundido en redes sociales, Zelenski ha expresado que, "tenemos mucha cooperación con Suecia y estamos listos para expandir nuestra fuerza aérea gracias al Gripen".
Leer más →Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. [...]
Leer más →Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client. [...]
Leer más →In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAu
Leer más →Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of for
Leer más →Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVS
Leer más →Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
Leer más →In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.
Leer más →More than 18 months after a ransomware attack disrupted care at hospitals in South East London, documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed test results.
Leer más →More than 20 countries participated in a coordinated takedown of platforms selling cheap access to distributed denial-of-service (DDoS) attacks.
Leer más →AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
Leer más →The intrusions exploited vulnerabilities in the open-source Roundcube webmail platform that allow attackers to execute malicious code when a victim simply opens an email in their inbox.
Leer más →Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of wh
Leer más →The House passed stopgap legislation to extend a warrantless government surveillance power for 10 days, following a failed lobbying campaign by the Trump administration.
Leer más →The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.
Leer más →(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Leer más →Introduction
Leer más →The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws.
Leer más →[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].
Leer más →The DOJ said Kejia Wang, 42, was sentenced to nine years in prison and Zhenxing Wang, 39, was given a nearly eight-year sentence for an operation that generated more than $5 million for the government of North Korea.
Leer más →Crosss-Site Scripting en la integración de jQuery de Drupal Jue, 16/04/2026 - 14:05 Aviso Recursos Afectados Drupal core en las versiones comprendidas entre : 8.0.0 y 10.5.9, esta última sin incluir; 10.6.0 y 10.6.7, esta última sin incluir; 11.0.0 y 11.2.11, esta última sin incluir; 11.3.0 y 11.3.7, esta última sin in
Leer más →Múltiples vulnerabilidades en varios productos de Cisco Jue, 16/04/2026 - 10:05 Aviso Recursos Afectados Cisco Webex Services, basados en la nube y que hayan sido configurados para emplear integración SSO con Control Hub. Cisco Identity Services Engine (ISE) y Cisco ISE Passive Identity Connector (ISE-PIC), independien
Leer más →A Michigan resident has been sentenced for defrauding a public pension system by unlawfully collecting retirement benefits after the death of a family member, prosecutors announced. According to the Michigan Attorney General’s Office, the defendant concealed the pension recipient’s death for years, allowing monthly ben
Leer más →(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Leer más →Actualizaciones de seguridad de Microsoft de abril de 2026 Mié, 15/04/2026 - 23:00 Aviso Recursos Afectados .NET .NET Framework .NET and Visual Studio .NET, .NET Framework, Visual Studio Applocker Filter Driver (applockerfltr.sys) Azure Logic Apps Azure Monitor Agent Desktop Window Manager Function Discovery Service (f
Leer más →The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.
Leer más →Múltiples vulnerabilidades en Identity Exposure de Tenable Mié, 15/04/2026 - 10:02 Aviso Recursos Afectados Tenable Identity Exposure, versión 3.77.16 y anteriores. Descripción Tenable ha publicado un aviso donde informa de 19 vulnerabilidades, 1 de severidad crítica, 10 altas, 6 medias y 3 bajas. En caso de ser explot
Leer más →Múltiples vulnerabilidades en FortiSandbox Mié, 15/04/2026 - 09:43 Aviso Recursos Afectados FortiSandbox 4.4, desde la versión 4.4.0 hasta la 4.4.8. Solo para la vulnerabilidad CVE-2026-39813 también se ve afectado: FortiSandbox 5.0, desde la versión 5.0.0 hasta la 5.0.5. Descripción Samuel de Lucas Maroto de KPMG Spai
Leer más →Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, a
Leer más →An Oklahoma-based medical clinic owner has been charged for allegedly orchestrating a Medicare fraud scheme that prosecutors say generated millions of dollars in improper reimbursements by exploiting billing codes rather than providing legitimate care. According to the U.S. Attorney’s Office for the Northern District o
Leer más →Kaspersky GReAT experts describe the latest JanelaRAT campaign detailing infection chain and malware functionality updates.
Leer más →Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard.
Leer más →Pennsylvania authorities have charged multiple individuals in a Supplemental Nutrition Assistance Program (SNAP) fraud scheme that used falsified household information and identity manipulation to obtain benefits for ineligible recipients. According to the Pennsylvania Attorney General’s Office and the U.S. Department
Leer más →In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing, PC malware, and infostealers.
Leer más →Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more tha
Leer más →Arizona officials have uncovered a large‑scale income tax fraud scheme that leveraged stolen identities, falsified employment records, and sophisticated digital filing tactics to divert millions in fraudulent refunds. According to the Arizona Department of Revenue (ADOR) and the IRS Criminal Investigation Division (IRS
Leer más →An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion agai
Leer más →A Texas healthcare provider has agreed to a multimillion‑dollar settlement following allegations that it submitted fraudulent claims to Medicaid for services that were never rendered. According to the Texas Office of the Attorney General and the U.S. Department of Health and Human Services Office of Inspector General (
Leer más →Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.
Leer más →A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.
Leer más →The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets -- named Aisuru, Kimwolf, J
Leer más →Fuentes RSS externas de las que el portal agrega información:
Avisos y alertas tempranas de INCIBE-CERT sobre vulnerabilidades, incidentes y riesgos relevantes.
Repositorio de vulnerabilidades y publicaciones coordinadas por INCIBE-CERT.
Organismo supranacional relevante para operaciones y comunicados sobre fraude y cibercrimen en Europa.
Publicación especializada en esquemas de fraude, investigación y respuesta institucional.
Análisis de fraude corporativo, compliance y prevención.
Comentarios y análisis especializados sobre fraude, escándalos y casos judiciales.
Blog de investigación sobre cibercrimen y seguridad, muy útil para contexto de fraude, brechas y amenazas.
Medio especializado en malware, incidentes, fraude tecnológico y noticias urgentes de ciberseguridad.
Medio global muy activo en ciberseguridad, incidentes, explotación y phishing.
Medio editorial de ESET con contenidos de estafas, campañas y seguridad en español.
Medio de referencia en ciberseguridad y threat intelligence.
Cobertura periodística de ciberseguridad, ciberdelito y operaciones estatales.
Fuente técnica de amenazas, indicadores, campañas y actividad maliciosa observada.
Investigación de amenazas de Kaspersky, útil para campañas, APT, fraude y malware.
Noticias y análisis de operaciones de seguridad, campañas y técnicas de ataque.
Medio en español sobre seguridad, ciberseguridad y tecnología, útil para noticias locales y regionales.
Un cop al mes: els fraus més actius, noves fitxes i recursos d'ajuda.
Sense spam. Baixa quan vulguis.