Uncategorized

Cybercriminals stole $2.7 billion in crypto this year, a new record for crypto-stealing hacks, according to blockchain-monitoring firms. Once again, in 2025, there were dozens of crypto heists hitting several cryptocurrency exchanges and other web3 and decentralized finance (DeFi) projects. The biggest hack by far was the breach at Dubai-based crypto exchange Bybit, where hackers stole around $1.4 billion in crypto. Blockchain analysis firms, as well as the FBI, accused North Korean government hackers — the most prolific group targeting crypto in the last few years — of this massive heist.   This was the largest known loot of crypto of all time, and one of the largest financial heists in the history of humanity. Before the Bybit hack, the largest crypto thefts netted $624 million and $611 million for hackers in the 2022 breaches against the Ronin Network and the Poly Network, respectively.  Cryptocurrency-monitoring firms Chainalysis and TRM Labs both estimated a total of $2.7 billion stolen in crypto in 2025, per data shared with TechCrunch. Chainalysis also tracked another $700,000 stolen from individual crypto wallets, the company said.  De.Fi, the web3 security firm running the REKT database that tracks crypto thefts, also estimated $2.7 billion in stolen and hacked crypto last year.  As usual, North Korean government hackers were the most successful crypto thieves throughout 2025, after stealing at least $2 billion, according to Chainalysis and Elliptic, which estimated that Kim Jong Un’s hackers have stolen around $6 billion since 2017. North Korea uses crypto thefts to fund its sanctioned nuclear weapons program. Other significant crypto hacks this year included the one against Cetus, a decentralized exchange, which netted the hackers $223 million; the breach against Balancer, a protocol built on the Ethereum blockchain, which resulted in a loss of $128 million; and the one against the crypto exchange Phemex, where cybercriminals stole more than $73 million.  Cybercriminals targeting crypto exchanges and other DeFi projects are not slowing down. In 2024, hackers stole $2.2 billion in crypto, while the year before, in 2023, the total was $2 billion.  Image Credits: alexsl / Getty Images Referencia: Techcrunch

It’s the end of the year. That means it’s time for us to celebrate the best cybersecurity stories we didn’t publish. Since 2023, TechCrunch has looked back at the best stories across the board from the year in cybersecurity. If you’re not familiar, the idea is simple. There are now dozens of journalists who cover cybersecurity in the English language. There are a lot of stories about cybersecurity, privacy, and surveillance that are published every week. And a lot of them are great, and you should read them. We’re here to recommend the ones we liked the most, so keep in mind that it’s a very subjective and, at the end of the day, incomplete list.  Anyway, let’s get into it. — Lorenzo Franceschi-Bicchierai Shane Harris described how he cultivated a senior Iranian hacker as a source, who was then killed Every once in a while, there’s a hacker story that as soon as you start reading, you think it could be a movie or a TV show. This is the case with Shane Harris’ very personal tale of his months-long correspondence with a top Iranian hacker.  In 2016, The Atlantic’s journalist made contact with a person claiming to work as a hacker for Iran’s intelligence, where he claimed to have worked on major operations, such as the downing of an American drone and the now-infamous hack against oil giant Saudi Aramco, where Iranian hackers wiped the company’s computers. Harris was rightly skeptical, but as he kept talking to the hacker, who eventually revealed his real name to him, Harris started to believe him. When the hacker died, Harris was able to piece together the real story, which somehow turned out to be more incredible than the hacker had led Harris to believe.  The gripping story is also a great behind-the-scenes look at the challenges cybersecurity reporters face when dealing with sources claiming to have great stories to share. The Washington Post revealed a secret order demanding Apple let U.K. officials spy on users’ encrypted data In January, the U.K. government secretly issued Apple with a court order demanding that the company build a back door so police can access the iCloud data of any customer in the world. Due to a worldwide gag order, it was only because The Washington Post broke the news that we learned the order existed to begin with. The demand was the first of its kind, and — if successful — would be a major defeat for tech giants who have spent the past decade locking themselves out of their users’ own data so they can’t be compelled to provide it to governments. Apple subsequently stopped offering its opt-in end-to-end encrypted cloud storage to its customers in the U.K. in response to the demand. But by breaking the news, the secret order was thrust into the public eye and allowed both Apple and critics to scrutinize U.K. surveillance powers in a way that hasn’t been tested in public before. The story sparked a months-long diplomatic row between the U.K. and the United States, prompting Downing Street to drop the request — only to try again several months later. “The Trump administration accidentally texted me its war plans” by The Atlantic is this year’s best headline This story was the sort of fly-on-the-wall access that some reporters would dream of, but The Atlantic’s editor-in-chief got to play out in real time after he was unwittingly added to a Signal group of senior U.S. government officials by a senior U.S. government official discussing war plans on their cell phones.  Reading the discussion about where U.S. military forces should drop bombs — and then seeing news reports of missiles hitting the ground on the other side of the world — was confirmation that Jeffrey Goldberg needed to know that he was, as he suspected, in a real chat with real Trump administration officials, and this was all on-the-record and reportable. And so he did, paving the way for a months-long investigation (and critique) of the government’s operational security practices, in what was called the biggest government opsec mistake in history. The unraveling of the situation ultimately exposed security lapses involving the use of a knock-off Signal clone that further jeopardized the government’s ostensibly secure communications. Brian Krebs tracked down a prolific hacker group admin as a Jordanian teenager Brian Krebs is one of the more veteran cybersecurity reporters out there, and for years he has specialized in following online breadcrumbs that lead to him revealing the identity of notorious cybercriminals. In this case, Krebs was able to find the real identity behind a hacker’s online handle Rey, who is part of the notorious advanced persistent teenagers‘ cybercrime group that calls itself Scattered LAPSUS$ Hunters. Krebs’ quest was so successful that he was able to talk to a person very close to the hacker — we won’t spoil the whole article here — and then the hacker himself, who confessed to his crimes and claimed he was trying to escape the cybercriminal life.  Airlines shut down program that sold billions of flight records to the government after 404 Media’s reporting Independent media outlet 404 Media has accomplished more impact journalism this year than most mainstream outlets with vastly more resources. One of its biggest wins was exposing and effectively shuttering a massive air travel surveillance system tapped by federal agencies and operating in plain sight. 404 Media reported that a little-known data broker set up by the airline industry called the Airlines Reporting Corporation was selling access to 5 billion plane tickets and travel itineraries, including names and financial details of ordinary Americans, allowing government agencies like ICE, the State Department, and the IRS to track people without a warrant. ARC, owned by United, American, Delta, Southwest, JetBlue, and other airlines, said it would shut down the warrantless data program following 404 Media’s months-long reporting and intense pressure from lawmakers. Wired made the 3D-printed gun that Luigi Mangione allegedly used to kill a healthcare executive to test the legalities of “ghost guns” The killing of UnitedHealthcare CEO Brian Thompson in December 2024 was one of the biggest stories of the year. Luigi Mangione, the

It was a normal day when Jay Gibson got an unexpected notification on his iPhone. “Apple detected a targeted mercenary spyware attack against your iPhone,” the message read. Ironically, Gibson used to work at companies that developed exactly the kind of spyware that could trigger such a notification. Still, he was shocked that he received a notification on his own phone. He called his father, turned off and put his phone away, and went to buy a new one. “I was panicking,” he told TechCrunch. “It was a mess. It was a huge mess.”   Gibson is just one of an ever-increasing number of people who are receiving notifications from companies like Apple, Google, and WhatsApp, all of which send similar warnings about spyware attacks to their users. Tech companies are increasingly proactive in alerting their users when they become targets of government hackers, and in particular those who use spyware made by companies such as Intellexa, NSO Group, and Paragon Solutions. But while Apple, Google, and WhatsApp alert, they don’t get involved in what happens next. The tech companies direct their users to people who could help, at which point the companies step away. This is what happens when you receive one of these warnings.  Warning  You have received a notification that you were the target of government hackers. Now what?  First of all, take it seriously. These companies have reams of telemetry data about their users and what happens on both their devices and their online accounts. These tech giants have security teams that have been hunting, studying, and analyzing this type of malicious activity for years. If they think you have been targeted, they are probably right.  It’s important to note that in the case of Apple and WhatsApp notifications, receiving one doesn’t mean you were necessarily hacked. It’s possible that the hacking attempt failed, but they can still tell you that someone tried.  In the case of Google, it’s most likely that the company blocked the attack and is telling you so you can go into your account and make sure you have multi-factor authentication on (ideally a physical security key or passkey), and also turn on its Advanced Protection Program, which also requires a security key and adds other layers of security to your Google account. In other words, Google will tell you how to better protect yourself in the future.  In the Apple ecosystem, you should turn on Lockdown Mode, which switches on a series of security features that makes it more difficult for hackers to target your Apple devices. Apple has long claimed that it has never seen a successful hack against a user with Lockdown Mode enabled, but no system is perfect.  Mohammed Al-Maskati, the director of Access Now’s Digital Security Helpline, a 24/7 global team of security experts who investigate spyware cases against members of civil society, shared with TechCrunch the advice that the helpline gives people who are concerned that they may be targeted with government spyware. This advice includes keeping your devices’ operating systems and apps up-to-date; switching on Apple’s Lockdown Mode and Google’s Advanced Protection for accounts and for Android devices; being careful with suspicious links and attachments; restarting your phone regularly; and paying attention to changes in how your device functions. Contact Us Have you received a notification from Apple, Google, or WhatsApp about being targeted with spyware? Or do you have information about spyware makers? We would love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Reaching out for help What happens next depends on who you are.  There are open source and downloadable tools that anyone can use to detect suspected spyware attacks on their devices, which requires a little technical knowledge. You can use the Mobile Verification Toolkit, or MVT, a tool that lets you look for forensic traces of an attack on your own, perhaps as a first step before looking for assistance.  If you don’t want or can’t use MVT, you can go straight to someone who can help. If you are a journalist, dissident, academic, or human rights activist, there are a handful of organizations that can help.  You can turn to Access Now and its Digital Security Helpline. You can also contact Amnesty International, which has its own team of investigators and ample experience in these cases. Or, you can reach out to The Citizen Lab, a digital rights group at the University of Toronto, which has been investigating spyware abuses for almost 15 years.  If you are a journalist, Reporters Without Borders also has a digital security lab that offers to investigate suspected cases of hacking and surveillance.  Outside of these categories of people, politicians or business executives, for example, will have to go elsewhere.  If you work for a large company or political party, you likely have a competent (hopefully!) security team you can go straight to. They may not have the specific knowledge to investigate in depth, but in that case they probably know who to turn to, even if Access Now, Amnesty, and Citizen Lab cannot help those outside of civil society.  Otherwise, there aren’t many places executives or politicians you can turn to, but we have asked around and found the ones below. We can’t fully vouch for any of these organizations, nor do we endorse them directly, but based on suggestions from people we trust, it’s worth pointing them out.  Perhaps the most well known of these private security companies is iVerify, which makes an app for Android and iOS, and gives users an option to ask for an in-depth forensic investigation.  Matt Mitchell, a well-regarded security expert who’s been helping vulnerable populations protect themselves from surveillance, has a new startup called Safety Sync Group, which offers this kind of service.  Jessica Hyde, a forensic investigator with experience in the public and private sectors, has her own startup called Hexordia, and offers to investigate suspected hacks.  Mobile cybersecurity company Lookout, which has experience analyzing government spyware from around the world, has an online form that allows people to reach out for help to investigate cyberattacks involving malware,

Instagram says that although some users received suspicious-looking password reset requests, it has not been breached. That seemingly contradicts a Friday Bluesky post from antivirus software company Malwarebytes, which shared a screenshot of an email from Instagram informing users of a request to reset their password. The post claimed, “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.” This data, Malwarebytes added, “is available for sale on the dark web and can be abused by cybercriminals.” However, Instagram subsequently posted (on X, rather than Instagram or Threads) that it had “fixed an issue that let an external party request password reset emails for some people.” The company did not offer any details about the external party or the specific issue, but its post concluded, “You can ignore those emails — sorry for any confusion.” Image Credits: stockcam/ Getty Images Referencia: Techcrunch

On Tuesday, U.K.-based Iranian activist Nariman Gharib tweeted redacted screenshots of a phishing link sent to him via a WhatsApp message. “Do not click on suspicious links,” Gharib warned. The activist, who is following the digital side of the Iranian protests from afar, said the campaign targeted people involved in Iran-related activities, such as himself. This hacking campaign comes as Iran grapples with the longest nationwide internet shutdown in its history, as anti-government protests — and violent crackdowns — rage across the country. Given that Iran and its closest adversaries are highly active in the offensive cyberspace (read: hacking people), we wanted to learn more.  Gharib shared the full phishing link with TechCrunch soon after his post, allowing us to capture a copy of the source code of the phishing web page used in the attack. He also shared a write-up of his findings. TechCrunch analyzed the source code of the phishing page, and with added input from security researchers, we believe the campaign aimed to steal Gmail and other online credentials, compromise WhatsApp accounts, and conduct surveillance by stealing location data, photos, and audio recordings.  It is unclear, however, if the hackers were government-linked agents, spies, or cybercriminals — or all three.  TechCrunch also identified a way to view a real-time copy of all the victims’ responses saved on the attacker’s server, which was left exposed and accessible without a password. This data revealed dozens of victims who had unwittingly entered their credentials into the phishing site and were subsequently likely hacked. The list includes a Middle Eastern academic working in national security studies; the boss of an Israeli drone maker; a senior Lebanese cabinet minister; at least one journalist; and people in the United States or with U.S. phone numbers.  TechCrunch is publishing our findings after validating much of Gharib’s report. The phishing site is now down. Inside the attack chain According to Gharib, the WhatsApp message he received contained a suspicious link, which loaded a phishing site in the victim’s browser. The link shows that the attackers relied on a dynamic DNS provider called DuckDNS for their phishing campaign. Dynamic DNS providers allow people to connect easy-to-remember web addresses — in this case, a duckdns.org subdomain — to a server where its IP address might frequently change.  It’s not clear whether the attackers shut down the phishing site of their own accord or were caught and cut off by DuckDNS. We reached out to DuckDNS with inquiries, but its owner Richard Harper requested that we send an abuse report instead. From what we understand, the attackers used DuckDNS to mask the real location of the phishing page, presumably to make it look like a genuine WhatsApp link.  The phishing page was actually hosted at alex-fabow.online, a domain that was first registered in early November 2025. This domain has several other, related domains hosted on the same dedicated server, and these domain names follow a pattern that suggests the campaign also targeted other providers of virtual meeting rooms, like meet-safe.online and whats-login.online. We’re not sure what happens while the DuckDNS link loads in the victim’s browser, or how the link determines which specific phishing page to load. It may be that the DuckDNS link redirects the target to a specific phishing page based on information it gleans from the user’s device. The phishing page would not load in our web browser, preventing us from directly interacting with it. Reading the source code of the page, however, allowed us to better understand how the attack worked. Gmail credential and phone number phishing Depending on the target, tapping on a phishing link would open a fake Gmail login page, or ask for their phone number, and begin an attack flow aimed at stealing their password and two-factor authentication code.  But the source code of the phishing page code had at least one flaw: TechCrunch found that by modifying the phishing page’s URL in our web browser, we could view a file on the attacker’s servers that was storing records of every victim who had entered their credentials.  The file contained over 850 records of information submitted by victims during the attack flow. These records detailed each part of the phishing flow that the victim was in. This included copies of the usernames and passwords that victims had entered on the phishing page, as well as incorrect entries and their two-factor codes, effectively serving as a keylogger.  The records also contained each victim’s user agent, a string of text that identifies the operating system and browser versions used to view websites. This data shows that the campaign was designed to target Windows, macOS, iPhone, and Android users. The exposed file allowed us to follow the attack flow step-by-step for each victim. In one case, the exposed file shows a victim clicking on a malicious link, which opened a page that looked like a Gmail sign-in window. The log shows the victim entering their email credentials several times until they enter the correct password.  The records show the same victim entering their two-factor authentication code sent to them by text message. We can tell this because Google sends two-factor codes in a specific format (usually G-xxxxxx, featuring a six-digit numerical code). WhatsApp hijack and browser data exfiltration Beyond credential theft, this campaign also seemed to enable surveillance by tricking victims into sharing their location, audio, and pictures from their device. In Gharib’s case, tapping on the link in the phishing message opened a fake WhatsApp-themed page in his browser, which displayed a QR code. The lure aims to trick the target into scanning the code on their device, purportedly to access a virtual meeting room. Image Credits: Matthias Balk / Getty Images Referencia: Techcrunch

A hacker posted the personal data of several of his hacking victims on his Instagram account, @ihackthegovernment, according to a court document. Last week, Nicholas Moore, 24, a resident of Springfield, Tennessee, pleaded guilty to repeatedly hacking into the U.S. Supreme Court’s electronic document filing system. At the time, there were no details about the specifics of the hacking crimes Moore was admitting to.  On Friday, a newly filled document — first spotted by Court Watch’s Seamus Hughes — revealed more details about Moore’s hacks. Per the filing, Moore hacked not only into the Supreme Court systems, but also the network of AmeriCorps, a government agency that runs stipend volunteer programs, and the systems of the Department of Veterans Affairs, which provides healthcare and welfare to military veterans.  Moore accessed those systems using stolen credentials of users who were authorized to access them. Once he gained access to those victims’ accounts, Moore accessed and stole their personal data and posted some online to his Instagram account: @ihackthegovernment.  In the case of the Supreme Court victim, identified as GS, Moore posted their name and “current and past electronic filing records.”  In the case of the AmeriCorps victim, identified as SM, Moore boasted that he had access to the organization’s servers and published the victim’s “name, date of birth, email address, home address, phone number, citizenship status, veteran status, service history, and the last four digits of his social security number.”  And, in the case of the victim at the Department of Veterans Affairs, identified as HW, Moore posted the victim’s identifiable health information “when he sent an associate a screenshot from HW’s MyHealtheVet account that identified HW and showed the medications he had been prescribed.” According to the court document, Moore faces a maximum sentence of one year in prison and a maximum fine of $100,000. Image Credits: Tomasz Zielonka / Unsplash Referencia: Techcrunch

El Cybersecurity Report anual de Hornetsecurity, ha revelado que los delincuentes han adoptado técnicas de automatización, inteligencia artificial e ingeniería social a una velocidad sin precedentes, mientras que empresas e instituciones han tratado de adaptar sus programas de gobernanza, resiliencia y concienciación para defenderse y estar a la altura. Así lo confirma el análisis de más de 6.000 millones de correos electrónicos al mes (72.000 millones al año). La compañía ha descubierto que el correo electrónico ha sido un vector de entrada constante para los ciberataques en 2025. Los correos electrónicos cargados con malware aumentaron un 131% interanual, así como las estafas por correo electrónico (+34,7%) o el phishing (+21%). Los ciberdelincuentes han podido crear contenidos fraudulentos más convincentes gracias a la IA generativa, y más de tres cuartas partes de los CISOs (77%) han identificado al phishing generado por IA como una amenaza grave y emergente. No obstante, los sistemas de defensa están trabajando para ponerse al día y el 68% de las organizaciones han invertido ya este año en capacidades de detección y protección basadas en IA contra este tipo de amenazas. Daniel Hofmann, CEO de Hornetsecurity, afirma que “la IA es tanto una herramienta como un objetivo, y los vectores de ataque están creciendo más rápido de lo que muchos creen. El resultado es una carrera armamentística en la que ambas partes utilizan el machine learning para, por un lado, engañar; y, por otro, defenderse y prevenir”. “Los delincuentes recurren cada vez más a la IA generativa y la automatización para identificar vulnerabilidades, generar señuelos de phishing más convincentes y orquestar intrusiones en varias etapas con una supervisión humana mínima”, concluye Daniel Hofmann. Amenazas emergentes para la ciberseguridad derivadas de la IA: fraude de identidad sintética y deepfakes El potencial del uso indebido de la IA se ha convertido en una tendencia clara del actual panorama de amenazas. Así, el 61% de los CISOs cree que la IA ha aumentado directamente el riesgo de sufrir ataques de ransomware. Además, sus principales preocupaciones son el fraude de identidad sintética, que utiliza la IA para generar documentos y credenciales; la clonación de voz y los vídeos deepfake, para suplantar a usuarios; el ataque de poisoning, donde datos maliciosos corrompen los sistemas internos de IA; y el uso indebido de herramientas públicas de IA por parte de los empleados. Todas estas tecnologías emergentes difuminan la línea entre la actividad legítima y la maliciosa, lo que hace que los controles de seguridad tradicionales sean menos eficaces, especialmente cuando los ciberdelincuentes buscan comprometer la confianza en lugar de forzar el acceso. Una brecha en la concienciación de los líderes empresariales en materia de IA Incluso cuando las empresas refuerzan su capacidad de recuperación, muchas corren el riesgo de quedarse ancladas en objetivos obsoletos. La próxima ola de ataques se centrará en algo menos tangible pero más poderoso: la confianza. Los CISOs han percibido este año una gran disparidad en la comprensión de los riesgos relacionados con la IA por parte de los directivos de las empresas. Algunos informaron de que sus altos ejecutivos tenían una «profunda conciencia» de estas amenazas, pero otros admitieron que no tenían «ninguna comprensión real» del papel de la IA en este tipo de ataques. La respuesta media general indica que existe cierta conciencia, pero los avances eran inconsistentes y variaban mucho de una empresa a otra. De cara al futuro, la resiliencia impulsada por un cambio cultural y no solo por la prevención, definirá el éxito de la ciberseguridad en 2026. Hofmann añade que “los resultados de nuestro informe demuestran que las organizaciones están aprendiendo a recuperarse sin negociar. Pero los esfuerzos internos de concienciación sobre la seguridad deben evolucionar al mismo ritmo de la adopción de la IA”.  “Pocas juntas directivas realizan simulaciones de ciber crisis y los manuales de estrategias interfuncionales siguen siendo la excepción y no la norma. A medida que la desinformación impulsada por la IA y la extorsión realizada a través de deepfakes se vuelven más comunes, una cultura de seguridad basada en la preparación y respaldada por la concienciación sobre la IA, tendrá que ser un objetivo para 2026”. Referencia e imagen : cybersecuritynews

Windows 10, con todas sus ventajas, es vulnerable a los ciberataques y a las herramientas de pesca. Para evitar cualquier problema con su PC y el sistema operativo, debe elegir cuidadosamente cada software. Desde la edición de vídeo hasta el trabajo con documentos, el soft debe cumplir con las más nuevas medidas de ciberseguridad. Vea cuáles son los principales programas para cada ámbito. Antivirus ¿Realmente los necesita en 2024? Algunos usuarios dicen que los sistemas operativos ya están protegidos por programas de seguridad interna. Esto es cierto. Sin embargo, es necesario instalar protección adicional. Lo que es cierto es que no necesariamente hay que pagar. Incluso un antivirus gratis para Windows puede completar la tarea básica de seguridad. Para 2024, el software líder es el siguiente: Para uso personal, las herramientas gratuitas de cyberseguridad de Microsoft son más que suficientes. Pero si trabaja en una red corporativa, considere las aplicaciones ampliadas. Grabadores de pantalla Los grabadores de pantalla son herramientas para PC esenciales para tareas de trabajo, creatividad e incluso para compartir contenidos. Además, nunca sabrá cuándo va a necesitar una. Puede elaborar vídeos educativos, grabar tutoriales o mostrar cómo haces algo en su PC. También es una herramienta esencial para grabar reuniones de negocios y conferencias. Una de las mejores herramientas para grabar pantalla Windows 10 es Movavi Screen Recorder. Esta herramienta de screen recording es fácil de instalar, y luego utilizar. El programa le permite grabar la pantalla completa o su parte, o solo hacer un video de un programa / página del navegador web. Es una opción realmente cómoda. Además, la aplicación ofrece una serie de teclas de acceso rápido. Otro grabador de pantalla es Apower. Este programa tiene varias funciones para tareas de vídeo, y grabar pantalla es una de ellas. Todo lo que necesita es descargar el software y darle permiso para grabar su pantalla. Editores de vídeo Puede encontrar fácilmente editores de vídeo gratis para PC Windows. Pero, ¿son lo suficientemente seguros? Para garantizar una experiencia sin problemas, solo descargue un editor de video con licencias oficiales. Deben ser programas de desarrolladores fiables y estar disponibles en sus sitios web oficiales. Para las necesidades básicas, el editor OpenShot debería ser suficiente. Esta herramienta está disponible para el sistema operativo Windows y garantiza todas las tareas básicas. Puede cortar y recortar vídeos, crear videoclips y utilizar efectos de sonido y elementos de audio. Con este editor, puede elaborar materiales promocionales, contenidos para redes sociales y otros proyectos. Otra idea para un uso seguro son los editores en línea. Por ejemplo, herramientas como WeVideo no necesitan instalación. Todo lo que necesita es abrir el servicio online y subir sus materiales de vídeo. Estas herramientas son mucho más fiables que cualquier otra que descargue. En WeVideo puede realizar todas las tareas relacionadas con el corte y la edición de vídeo. Reproductores de vídeo Para utilizar todas las funciones de su PC, definitivamente necesitará descargar reproductores de video para Windows 10. Este software le permite abrir vídeos de varios formatos descargados en su PC. El principal reproductor de vídeo para Windows 10 es sin duda VLC Media Player. Esta herramienta funciona con todos los formatos posibles de Windows y también ofrece una serie de plugins web para su navegador. Otro reproductor multimedia que hay que tener por si acaso es Adobe Flash Player. Este se utiliza a menudo para ver contenidos en línea. Pero tenga en cuenta que los productos de Adobe son de pago y, para garantizar la seguridad, solo debería descargarlos del sitio web oficial. Algunos consejos más: Proteja su PC Una grave vulnerabilidad en Windows es bien conocida entre los usuarios. Infelizmente, ni siquiera un soft con licencia puede protegerlo totalmente. Vea cuáles son otros principios para salvaguardar su Windows 10 o Windows 11. Por último, evite descargar programas y herramientas piratas. A pesar de ser gratuitos y fáciles de encontrar, pueden contener archivos dañinos. Desde simples cuelgues hasta ciberataques, pueden dañar enormemente su PC o incluso hacerse con su control. Visite siempre los sitios web oficiales de software para descargar un programa de una fuente oficial. Referencia e imagen: cybersecuritynews

Durante 2025, pérdidas multimillonarias y ataques sofisticados pusieron a prueba la confianza en el futuro de las criptomonedas El año 2025 estuvo marcado por pérdidas récord en ataques y fraudes en el universo de las criptomonedas. Solo en la primera mitad del año, los robos ya totalizaron 2,17 mil millones de dólares, superando el valor total registrado en 2024, según Chainalysis. Y las proyecciones indican que 2025 podría terminar con más de 4 mil millones de dólares en activos desviados, un máximo histórico. Este escenario de vulnerabilidad contrasta con la creciente institucionalización del sector. Si bien los ETF de criptomonedas registraron entradas récord de 5.95 mil millones de dólares e inversores corporativos como Strategy (anteriormente MicroStrategy) anunciaron nuevas compras de Bitcoin, el mercado expuso sus debilidades de seguridad. La BBC señaló que el ataque de 1.500 millones de dólares al exchange Bybit, atribuido a hackers vinculados a Corea del Norte, fue el más grande de la historia, simbolizando así esta contradicción: incluso con avances regulatorios y técnicos, se siguen explotando fallas conocidas. A continuación, veremos algunos de los principales casos ocurridos en 2025 y cómo vulnerabilidades aparentemente simples resultaron en robos millonarios que sacudieron el mercado de criptomonedas. Panorama general: los números y el tamaño del problema El año 2025 se ha consolidado como un período de pérdidas históricas para el mercado de criptoactivos. Según CertiK,La industria perdió casi 2.5 mil millones de dólares por ataques y estafas solo en los primeros seis meses del año. Chainalysis, por otro lado,eñaló que el volumen de criptoactivos robados en el mismo período superó la marca de 2.17 mil millones de dólares registrada en todo 2024. Manteniendo este ritmo, las pérdidas podrían superar los 4 mil millones de dólares para fin de año, lo que haría de 2025 el año con la mayor cantidad de activos desviados en la historia de las criptomonedas. Aunque el número total de incidentes es alto, las pérdidas se concentraron en algunos eventos de alto impacto: los ataques contra el exchange Bybit y el protocolo Cetus, que en conjunto totalizaron 1.780 millones de dólares. Principales tipos de incidentes Incluso con la creciente madurez técnica y regulatoria del ecosistema, los ciberdelincuentes han demostrado que siguen un paso por delante en 2025, mejorando los métodos, explotando las lagunas conocidas y diversificando los objetivos. Los incidentes más significativos del año ilustran cómo las vulnerabilidades de diferente naturaleza pueden resultar en pérdidas multimillonarias. 1. Ataques a exchanges y plataformas centralizadas (CEX) Entre los episodios más emblemáticos se encuentra el ataque a Bybit, que resultó en el robo de aproximadamente 1.500 millones de dólares en Ethereum, el más grande jamás registrado en la historia de las criptomonedas. En este caso, los atacantes no violaron directamente los servidores del exchange, sino que comprometieron a un proveedor externo de la plataforma, cambiando la dirección de la billetera donde se transfirieron los fondos. ByBit pensó que estaba transfiriendo los fondos a su propia billetera digital, pero lo envió todo a los piratas informáticos. La sofisticación de la operación reveló cómo las cadenas de confianza y las integraciones externas pueden convertirse en puntos de entrada para delincuentes altamente especializados. Otro caso de alto impacto fue el de Cetus, un exchange descentralizado (DEX), que perdió >al menos USD 250 millones debido a una vulnerabilidad en su sistema de liquidez. La falla permitió a los atacantes manipular transacciones internas y desviar activos, lo que destaca la dificultad de asegurar contratos inteligentes complejos, incluso en plataformas no centralizadas. 2. Exploits en protocolos DeFi El ataque a Balancer, que causó pérdidas de más de 100 millones de dólares, destacó una de las debilidades recurrentes en el espacio DeFi: errores en el código. Un error en el contrato inteligente permitió retiros no autorizados, exponiendo cómo se pueden explotar pequeñas fallas lógicas para comprometer un protocolo completo. El impacto se extendió a proyectos derivados, como Beets Finance, que también reportó pérdidas millonarias. Estos incidentes refuerzan la importancia de las auditorías continuas e independientes, un desafío para los protocolos que priorizan la innovación y la velocidad de lanzamiento. 3. Estafas de phishing Si bien las grandes plataformas sufrieron ataques coordinados, los usuarios individuales siguieron siendo los objetivos preferidos. Las estafas de phishing, en las que se engaña a las víctimas para que renuncien voluntariamente a sus credenciales, generaron 410 millones de dólares en pérdidas, según Certik. Se estima que los ataques dirigidos a individuos representaron el 23,35% de todos los fondos robados en el período, una señal de que la ingeniería social sigue siendo tan eficiente como las intrusiones técnicas. 4. Ataques históricos y vulnerabilidades de puentes Aunque en 2025 no se produjeron incidentes importantes relacionados con puentes, este tipo de ataque sigue siendo uno de los más destructivos. El recuerdo del caso del puente Ronin, en 2022, cuando se robaron 600 millones de dólares, sigue siendo una alerta permanente. Estas fallas muestran cómo la interconectividad entre redes, esencial para la escalabilidad del ecosistema criptográfico, también amplía la superficie de ataque y puede convertir un solo error de código en un colapso sistémico. La profesionalización de los ataques y el papel de los Estados Los ataques recientes también revelan el creciente nivel de profesionalización de la ciberdelincuencia relacionada con las criptomonedas. Los grupos patrocinados por el Estado, en particular el Grupo Lazarus, vinculado al gobierno de Corea del Norte, siguen operando de forma muy organizada. Los ataques a Bybit en 2025 y al puente Ronin en 2022 se atribuyen correctamente a Lazarus, según una auditoría deTRM Labs, que identificó similitudes en el modus operandi de otras invasiones. Funcionarios estadounidenses y aliados dicen que los ataques de Lazarus tienen como objetivo financiar los programas militares y nucleares del régimen norcoreano. Durante los últimos cinco años, Lazarus ha centrado sus esfuerzos en las empresas de criptomonedas, que se consideran menos protegidas y tienen menos barreras para el lavado de dinero que las instituciones financieras tradicionales. Esta especialización muestra que, incluso en un mercado cada vez más regulado, las vulnerabilidades operativas siguen siendo el eslabón más

A Russian telecom company that develops technology to allow phone and internet companies to conduct web surveillance and censorship was hacked, had its website defaced, and had data stolen from its servers, TechCrunch has learned. Founded in Russia, Protei makes telecommunications systems for phone and internet providers across dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan and much of central Africa. The company, now headquartered in Jordan, sells video conferencing technology and internet connectivity solutions, as well as surveillance equipment and web-filtering products, such as deep packet inspection systems. It’s not clear exactly when or how Protei was hacked, but a copy of the company’s website saved on the Internet Archive’s Wayback Machine shows it was defaced on November 8. The website was restored soon after. During the breach, the hacker obtained the contents of Protei’s web server — around 182 gigabytes of files — including emails dating back years. A copy of Protei’s data was provided to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest, including data from law enforcement, government agencies, and companies involved in the surveillance industry. Mohammad Jalal, the managing director of Protei’s branch in Jordan, did not respond to a request for comment about the breach prior to publication. In an email sent after this story published, Jalal said the company has no affiliation with Russia and that it is “not aware” of the data exfiltration from its servers. The identity of the hacker is not known, nor their motivations, but the defaced website read: “another DPI/SORM provider bites the dust.” The message likely references the company’s sales of deep packet inspection systems and other internet filtering technology for the Russian-developed lawful intercept system known as SORM. SORM is the main lawful intercept system used across Russia as well as several other countries that use Russian technology. Phone and internet providers install SORM equipment on their networks, which allows their country’s governments to obtain the contents of calls, text messages, and web browsing data of the networks’ customers.  Deep-packet inspection devices allow telecom companies to identify and filter web traffic depending on its source, such as a social media website or a specific messaging app, and selectively block access. These systems are used for surveillance and censorship in regions where freedom of speech and expression are limited. The Citizen Lab reported in 2023 that Iranian telecoms giant Ariantel had consulted with Protei about technology for logging internet traffic and blocking access to certain websites. Documents seen and published by The Citizen Lab show that Protei touted its technology’s ability to restrict or block access to websites for specific people or entire swathes of the population. Updated with comment from Jalal. Image Credits:Artem Bruk / Getty Images Referencia: Techcrunch