Secciones
- Vulnerabilidades y CVEs
- Exploits y pruebas de concepto
- Noticias de seguridad / hacking / malware
- Malware y análisis de amenazas
- Fabricantes de hardware
CERTs / Gobiernos
Fabricantes/ Vendors
- Adobe Security Bulletins
- Oracle Critical Patch Updates
- VMware Security Advisories
- Apple Security Updates
- Google Chrome Releases / Security
- Microsoft Security Bulletins (HTML)
Otros fabricantes y plataformas
Fabricantes de hardware
Vulnerabilidades y CVEs
- [local] NetBT e-Fatura – Privilege Escalationen 10 de abril de 2026 a las 00:00
NetBT e-Fatura – Privilege Escalation
- [webapps] D-Link DIR-650IN – Authenticated Command Injectionen 10 de abril de 2026 a las 00:00
D-Link DIR-650IN – Authenticated Command Injection
- [webapps] React Server 19.2.0 – Remote Code Executionen 9 de abril de 2026 a las 00:00
React Server 19.2.0 – Remote Code Execution
- [webapps] RomM 4.4.0 – XSS_CSRF Chainen 9 de abril de 2026 a las 00:00
RomM 4.4.0 – XSS_CSRF Chain
- [webapps] Jumbo Website Manager – Remote Code Executionen 9 de abril de 2026 a las 00:00
Jumbo Website Manager – Remote Code Execution
- [local] ZSH 5.9 – RCEen 9 de abril de 2026 a las 00:00
ZSH 5.9 – RCE
- [webapps] FortiWeb 8.0.2 – Remote Code Executionen 8 de abril de 2026 a las 00:00
FortiWeb 8.0.2 – Remote Code Execution
- [local] 7-Zip 24.00 – Directory Traversalen 8 de abril de 2026 a las 00:00
7-Zip 24.00 – Directory Traversal
- [webapps] xibocms 3.3.4 – RCEen 8 de abril de 2026 a las 00:00
xibocms 3.3.4 – RCE
- [local] SQLite 3.50.1 – Heap Overflowen 8 de abril de 2026 a las 00:00
SQLite 3.50.1 – Heap Overflow
Exploits y pruebas de concepto
- [local] NetBT e-Fatura – Privilege Escalationen 10 de abril de 2026 a las 00:00
NetBT e-Fatura – Privilege Escalation
- [webapps] D-Link DIR-650IN – Authenticated Command Injectionen 10 de abril de 2026 a las 00:00
D-Link DIR-650IN – Authenticated Command Injection
- [webapps] React Server 19.2.0 – Remote Code Executionen 9 de abril de 2026 a las 00:00
React Server 19.2.0 – Remote Code Execution
- [webapps] RomM 4.4.0 – XSS_CSRF Chainen 9 de abril de 2026 a las 00:00
RomM 4.4.0 – XSS_CSRF Chain
- [webapps] Jumbo Website Manager – Remote Code Executionen 9 de abril de 2026 a las 00:00
Jumbo Website Manager – Remote Code Execution
- [local] ZSH 5.9 – RCEen 9 de abril de 2026 a las 00:00
ZSH 5.9 – RCE
- [webapps] FortiWeb 8.0.2 – Remote Code Executionen 8 de abril de 2026 a las 00:00
FortiWeb 8.0.2 – Remote Code Execution
- [local] 7-Zip 24.00 – Directory Traversalen 8 de abril de 2026 a las 00:00
7-Zip 24.00 – Directory Traversal
- [webapps] xibocms 3.3.4 – RCEen 8 de abril de 2026 a las 00:00
xibocms 3.3.4 – RCE
- [local] SQLite 3.50.1 – Heap Overflowen 8 de abril de 2026 a las 00:00
SQLite 3.50.1 – Heap Overflow
- [local] Microsoft MMC MSC EvilTwin – Local Admin Creationen 8 de abril de 2026 a las 00:00
Microsoft MMC MSC EvilTwin – Local Admin Creation
- [webapps] Horilla v1.3 – RCEen 8 de abril de 2026 a las 00:00
Horilla v1.3 – RCE
- [local] is-localhost-ip 2.0.0 – SSRFen 6 de abril de 2026 a las 00:00
is-localhost-ip 2.0.0 – SSRF
- [webapps] Fortinet FortiWeb v8.0.1 – Auth Bypassen 6 de abril de 2026 a las 00:00
Fortinet FortiWeb v8.0.1 – Auth Bypass
- [local] Windows Kernel – Elevation of Privilegeen 6 de abril de 2026 a las 00:00
Windows Kernel – Elevation of Privilege
- [local] Desktop Window Manager Core Library 10.0.10240.0 – Privilege Escalationen 6 de abril de 2026 a las 00:00
Desktop Window Manager Core Library 10.0.10240.0 – Privilege Escalation
- [webapps] Grafana 11.6.0 – SSRFen 6 de abril de 2026 a las 00:00
Grafana 11.6.0 – SSRF
- [webapps] ASP.net 8.0.10 – Bypassen 6 de abril de 2026 a las 00:00
ASP.net 8.0.10 – Bypass
- [webapps] Zhiyuan OA – arbitrary file upload leadingen 6 de abril de 2026 a las 00:00
Zhiyuan OA – arbitrary file upload leading
- [webapps] RiteCMS 3.1.0 – Authenticated Remote Code Executionen 6 de abril de 2026 a las 00:00
RiteCMS 3.1.0 – Authenticated Remote Code Execution
Noticias de seguridad / hacking / malware
- New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privilegespor Lawrence Abrams en 16 de abril de 2026 a las 20:19
A researcher known as «Chaotic Eclipse» has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed «RedSun,» in the past two weeks, protesting how the company works with cybersecurity researchers. […]
- Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Trafficpor info@thehackernews.com (The Hacker News) en 16 de abril de 2026 a las 17:52
Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. «PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections,» Cisco Talos
- Government Can’t Win the Cyber War Without the Private Sectorpor Steve Durbin en 16 de abril de 2026 a las 17:00
Securing national resilience now depends on faster, deeper partnerships with the private sector. The post Government Can’t Win the Cyber War Without the Private Sector appeared first on SecurityWeek.
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Facepor Bill Toulas en 16 de abril de 2026 a las 16:58
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. […]
- Google expands Gemini AI use to fight malicious ads on its platformpor Lawrence Abrams en 16 de abril de 2026 a las 15:24
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. […]
- OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Revealpor Eduard Kovacs en 16 de abril de 2026 a las 14:27
GPT‑5.4‑Cyber is a model fine-tuned for defenders, lowering boundaries for legitimate cybersecurity work. The post OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal appeared first on SecurityWeek.
- New ATHR vishing platform uses AI voice agents for automated attackspor Bill Toulas en 16 de abril de 2026 a las 14:09
A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. […]
- Most «AI SOCs» Are Just Faster Triage. That’s Not Enough.por Sponsored by Tines en 16 de abril de 2026 a las 14:02
AI-powered SOC tools promise automation, but most only speed up triage instead of reducing real workload. Tines shows how real gains come from end-to-end workflows that execute actions across systems, not just summarize alerts. […]
- ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Storiespor info@thehackernews.com (The Hacker News) en 16 de abril de 2026 a las 13:05
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole «crime» part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a season of television nobody asked for. Not
- Data Breach at Tennessee Hospital Affects 337,000por Eduard Kovacs en 16 de abril de 2026 a las 12:40
Cookeville Regional Medical Center was targeted last year by the Rhysida ransomware group, which stole 500GB of data. The post Data Breach at Tennessee Hospital Affects 337,000 appeared first on SecurityWeek.
Malware y análisis de amenazas
- [Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)en 16 de abril de 2026 a las 19:20
&#;x26;#;x5b;This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor&#;x26;#;39;s Degree in Applied Cybersecurity (BACS) program &#;x26;#;x5b;1].
- Browser Guard gets even better with Access Control en 16 de abril de 2026 a las 12:40
Take control of pesky permission pop-ups and decide exactly which websites can access your camera, microphone, location, and send you notifications.
- “iCloud storage is full” scam is back, and now it wants your payment detailsen 16 de abril de 2026 a las 12:33
Apple users: Watch out for “upgrade now or lose your photos” scams that rush you into handing over your payment details.
- A fake Slack download is giving attackers a hidden desktop on your machineen 16 de abril de 2026 a las 09:26
This trojanized Slack installer looks normal, but quietly gives attackers an invisible desktop to access your accounts and data. We take a deep dive into the attack.
- Booking.com breach gives scammers what they need to target guestsen 16 de abril de 2026 a las 08:02
Guest reservation data stolen from the booking giant can be used by scammers to impersonate hotels to steal payment and personal info.
- ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)en 16 de abril de 2026 a las 02:00
- AI clickbait can turn your notifications into a scam feeden 15 de abril de 2026 a las 17:43
A new AI-driven campaign known as Pushpaganda is using clickbait to turn your browser notifications into a stream of scams and fake alerts.
- Fake YouTube copyright notices can steal your Google loginen 15 de abril de 2026 a las 13:21
This convincing copyright scam is targeting YouTube creators. Attackers can take over your channel, plus your entire Google account.
- From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhereen 15 de abril de 2026 a las 10:37
Hiding in imposter sites, GitHub downloads, and YouTube links, this infostealer is designed to hijack accounts and drain cryptocurrency wallets.
- April Patch Tuesday fixes two zero-days, including one under active attacken 15 de abril de 2026 a las 09:57
This month’s Patch Tuesday addresses 167 vulnerabilities, including two zero-days that could lead to system compromise, data exposure, and privilege escalation.