Ciberseguridad

Artificial intelligence (AI) technology is increasingly being adopted by fraudsters to commit new account fraud (NAF) and bypass even biometric checks. This is revealed by a new report from Entrust, which analyzed data from more than one billion identity verifications in 30 sectors and 195 countries between September 2024 and September 2025. The report details how Generative AI (GenAI) has democratized the creation of counterfeit ID documents and deepfakes, allowing fraudsters to generate hyper-realistic replicas of documents and impersonate identities to open new fraudulent accounts. ...

The RondoDox botnet malware is actively exploiting unpatched XWiki servers via the critical vulnerability CVE-2025-24893 (CVSS 9.8), allowing arbitrary remote code execution. 🔍 CVE-2025-24893 Evaluation injection bug that allows any guest user to execute remote code via the /bin/get/Main/SolrSearch endpoint. Affected versions: All before XWiki 15.10.11, 16.4.1 or 16.5.0RC1 Patch available from: February 2025 🤖 RondoDox: Expanding Botnet RondoDox incorporates vulnerable devices to: DDoS attacks (HTTP, UDP, TCP) Cryptocurrency mining Persistent access (reverse shells, backdoors) Chronology: March 2025 (first evidence) → Nov 3 (first RondoDox exploitation) → Nov 7 (maximum peak) → Nov 11 (new wave) ...