Cybersecurity

The recent Cybersecurity Framework Law (Law 21,663) in Chile establishes a significant regulatory milestone, creating a general framework for digital protection that transcends traditionally regulated sectors and reaches a greater number of private institutions. This new regulation seeks to address the growing scenario of cyber threats in the region and at the local level. Digital Threat Context The launch of this law is framed in a panorama of high risk, evidenced by alarming figures in the region: ...

The New Regulatory Panorama in Chile 2025-2026 Chile is undergoing a profound regulatory transformation between 2025 and 2026, which directly impacts cybersecurity, data protection, modernization of procedures and environmental sustainability. This change represents a turning point for companies, creating both significant challenges and strategic opportunities for those who manage to anticipate and adapt. Organizations that do not comply with the new regulations are exposed to severe fines, loss of operating licenses and exclusion from public tenders. On the other hand, those that properly implement these standards will not only avoid sanctions, but will gain a lasting competitive advantage by improving their reputation, accessing international markets, and attracting investors who value transparency and sustainability. ...

Anthropic, the artificial intelligence company, has confirmed that its new cybersecurity expert language model, Claude Mythos, has been compromised. Despite having restricted access to the tool due to its potential danger, AI has fallen into unauthorized hands, generating serious concern in the technology industry. Claude Mythos: A Cybersecurity AI with Limited Access Claude Mythos was developed with the intention of being an ally in cybersecurity, capable of finding vulnerabilities in operating systems and browsers. However, due to its power, Anthropic drastically limited its availability, allowing very restricted access only to select companies such as Apple, Amazon, and Microsoft. The company rejected thousands of requests from other companies, aware that this tool could be used for malicious purposes. ...

The holiday shopping season has brought with it a notable increase in cyber threats targeting consumers. According to recent data, there has been an 86% increase in malicious websites impersonating postal services in the last month. This trend underscores the growing risk for consumers awaiting delivery of their online purchases. Cybercriminals are taking advantage of the seasonal increase in online shopping to send fraudulent messages that imitate legitimate delivery companies. These messages usually alert about supposed delays or suspensions of packages, with the aim of deceiving victims. ...

PTA Alert on the Increase in Fraud and Hacking on WhatsApp Pakistan Telecommunication Authority (PTA) has issued an alert to mobile users regarding the increasing number of hacking and cyber fraud incidents through WhatsApp. Scammers are using social engineering tactics to trick people into gaining access to sensitive personal information, which can result in financial losses and misuse of victims’ accounts. The PTA urges users to remain vigilant and implement security measures to protect against these threats. Criminals often take advantage of victims’ trust, making scams seem urgent and legitimate in order to manipulate them. ...

This week’s ThreatsDay newsletter highlights the continued adaptation of attackers, who are reconfiguring existing tools and finding new angles of attack on familiar systems. Small tactical changes are adding up quickly, suggesting possible directions for future security breaches. Constantly Evolving Threat Tactics The threat landscape is characterized by its fluidity, with a focus on attackers quickly adapting. Key points of this week’s activity include: Repurposing old tools: Attackers do not always develop new tools, but rather find innovative ways to use pre-existing tools or common systems for their malicious purposes. More sophisticated social engineering attacks: Recent activity shows an increase in “clever social hooks” designed to manipulate users and gain initial access. Changing attack infrastructures: A change is observed in the infrastructure used by threat actors, requiring constant monitoring to detect new patterns. Attack Patterns and Exploit Speed This week’s analysis highlights recurring patterns in how attacks evolve: ...

The US Department of Defense (DoD) has designated ISACA as the global credentialing authority for the Cybersecurity Maturity Model Certification (CMMC) program. This designation seeks to ensure that defense contractors meet strict cybersecurity standards. The CMMC program, introduced by DoD in 2020, requires contractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to implement appropriate cybersecurity practices to protect the defense industrial base. Impact and Implementation Deadlines ...

The threat group known as Jewelbug, also tracked by Check Point Research as Ink Dragon, has intensified its attacks against government targets in Europe since July 2025. Although the actor, aligned with China and active since at least March 2023, continues to attack entities in Southeast Asia and South America, its focus has expanded significantly. Check Point Research has detailed the operations of this hacking group, highlighting its combination of solid software engineering, disciplined operational playbooks, and the reuse of native platform tools to blend into normal company telemetry. These tactics make their intrusions “effective and stealthy.” ...

Fortinet, Ivanti, and SAP have released updates to address critical security flaws in their products. These vulnerabilities could allow authentication bypass or remote code execution if successfully exploited. Fortinet Critical Vulnerabilities (CVE-2025-59718 and CVE-2025-59719) Fortinet has addressed two critical vulnerabilities (CVSS 9.8) affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. The flaws, identified as CVE-2025-59718 and CVE-2025-59719, are due to incorrect verification of the cryptographic signature (CWE-347). Impact: An unauthenticated attacker could bypass FortiCloud SSO login authentication via a crafted SAML message, if the FortiCloud SSO feature is enabled on the device. Temporary Mitigation: While this feature is not enabled by default, administrators should verify if it was enabled during device registration in FortiCare. It is recommended to temporarily disable the FortiCloud login feature until the update can be applied. Mitigation Instructions: ...

Multiple local authorities in London are dealing with a serious cybersecurity incident, it has recently emerged. The Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC) issued a statement saying they are responding to an incident identified on Monday morning. The incident has impacted several systems of both organizations, including telephone lines. Both entities have notified the UK Information Commissioner’s Office (ICO) and are collaborating with the National Cyber ​​Security Center (NCSC) for the response to the incident. ...