<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Hard2bit Cybersecurity Blog</title>
    <link>https://hard2bit.com/en/blog/</link>
    <atom:link href="https://hard2bit.com/en/rss.xml" rel="self" type="application/rss+xml" />
    <description>Technical analysis, NIS2, DORA, ENS and ISO 27001 guides and operational insights from the Hard2bit team: 24/7 SOC, pentesting, red team and incident response.</description>
    <language>en</language>
    <lastBuildDate>Thu, 02 Jul 2026 13:15:21 GMT</lastBuildDate>
    <item>
      <title>When the AI editor runs the attacker: prompt injection as an RCE vector in Cursor</title>
      <link>https://hard2bit.com/en/blog/prompt-injection-rce-ai-code-editors-cursor-duneslide/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/prompt-injection-rce-ai-code-editors-cursor-duneslide/</guid>
      <pubDate>Thu, 02 Jul 2026 13:15:21 GMT</pubDate>
      <description>Two critical Cursor flaws (DuneSlide) turn indirect prompt injection into code execution. What it means for the AI editors your developers use, and how to defend.</description>
      <category>Ciberamenazas</category>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>CVE-2026-42897: the Exchange Server zero-day that triggers when you open an email in OWA</title>
      <link>https://hard2bit.com/en/blog/cve-2026-42897-exchange-server-owa-zero-day-EN/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/cve-2026-42897-exchange-server-owa-zero-day-EN/</guid>
      <pubDate>Wed, 01 Jul 2026 10:12:43 GMT</pubDate>
      <description>Microsoft has confirmed active exploitation of CVE-2026-42897, an XSS flaw in on-premises Exchange OWA that runs JavaScript the moment a crafted email is opened. What it means and how to contain it.</description>
      <category>Ciberamenazas</category>
    </item>
    <item>
      <title>When encryption is not the target: hijacking Signal and WhatsApp accounts without malware</title>
      <link>https://hard2bit.com/en/blog/signal-whatsapp-account-hijacking-linked-devices/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/signal-whatsapp-account-hijacking-linked-devices/</guid>
      <pubDate>Wed, 01 Jul 2026 09:43:07 GMT</pubDate>
      <description>The US is offering up to $10 million for information on Russian-linked groups that compromised Signal and WhatsApp accounts. What companies and executives should do next.</description>
      <category>Ciberamenazas</category>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>UniFi OS and Lantronix EDS5000 on CISA&apos;s KEV list: when managing the network is the way in</title>
      <link>https://hard2bit.com/en/blog/unifi-os-lantronix-eds5000-cisa-kev-network-management-entry-point/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/unifi-os-lantronix-eds5000-cisa-kev-network-management-entry-point/</guid>
      <pubDate>Mon, 29 Jun 2026 06:52:30 GMT</pubDate>
      <description>On 23 June 2026 CISA added four UniFi OS and Lantronix EDS5000 flaws to its KEV catalogue. Chained, three of them give unauthenticated remote code execution on the box that manages your network.</description>
      <category>Ciberamenazas</category>
      <category>Noticias IT</category>
    </item>
    <item>
      <title>When the SIEM becomes the breach: Splunk&apos;s CVE-2026-20253 is exploited and now on CISA&apos;s KEV list</title>
      <link>https://hard2bit.com/en/blog/siem-as-breach-splunk-cve-2026-20253-rce-kev/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/siem-as-breach-splunk-cve-2026-20253-rce-kev/</guid>
      <pubDate>Wed, 24 Jun 2026 15:16:03 GMT</pubDate>
      <description>An unauthenticated endpoint in Splunk Enterprise&apos;s PostgreSQL service allows remote code execution. CISA added it to the KEV catalogue on 18 June. What breaks and how to contain it.</description>
      <category>Ciberamenazas</category>
    </item>
    <item>
      <title>Hidden C2 in Microsoft Teams: how DragonForce abused TURN relays to stay invisible for two months</title>
      <link>https://hard2bit.com/en/blog/hidden-c2-microsoft-teams-dragonforce-turn-relays/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/hidden-c2-microsoft-teams-dragonforce-turn-relays/</guid>
      <pubDate>Tue, 23 Jun 2026 07:02:41 GMT</pubDate>
      <description>DragonForce hid its command and control inside Microsoft Teams TURN relays and stayed undetected for nearly two months. How Backdoor.Turn works and how to hunt it on your network.</description>
      <category>Ciberamenazas</category>
    </item>
    <item>
      <title>easy-day-js: how 140+ npm packages were trojanised from a forgotten maintainer account</title>
      <link>https://hard2bit.com/en/blog/npm-easy-day-js-mastra-postinstall-supply-chain-attack/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/npm-easy-day-js-mastra-postinstall-supply-chain-attack/</guid>
      <pubDate>Fri, 19 Jun 2026 11:45:33 GMT</pubDate>
      <description>On 17 June 2026 an attacker pushed more than 140 @mastra npm packages carrying a malicious dependency that runs a trojan during postinstall. What happened, and how to defend against it.</description>
      <category>Ciberamenazas</category>
    </item>
    <item>
      <title>We scanned 24 well-known brands for typosquatting: 591 live lookalike domains (with half the radar)</title>
      <link>https://hard2bit.com/en/blog/typosquatting-scan-24-brands-591-domains/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/typosquatting-scan-24-brands-591-domains/</guid>
      <pubDate>Thu, 18 Jun 2026 11:10:52 GMT</pubDate>
      <description>We ran a 100% passive OSINT scan against 24 well-known brands and found 591 live typosquatting domains. 48% can send email. Anonymised aggregate data, June 2026.</description>
      <category>Ciberamenazas</category>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>ClickFix and fake CAPTCHAs: defending your organisation from the paste-and-run trap</title>
      <link>https://hard2bit.com/en/blog/clickfix-fake-captcha-social-engineering-defence-guide/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/clickfix-fake-captcha-social-engineering-defence-guide/</guid>
      <pubDate>Mon, 15 Jun 2026 08:31:13 GMT</pubDate>
      <description>ClickFix tricks users into running PowerShell by pasting a command. 517% growth in 2025. Anatomy, operational detection and defences that genuinely work.</description>
      <category>Ciberamenazas</category>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>How much does a cybersecurity audit cost for businesses?</title>
      <link>https://hard2bit.com/en/blog/cybersecurity-audit-cost-for-businesses/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/cybersecurity-audit-cost-for-businesses/</guid>
      <pubDate>Thu, 11 Jun 2026 12:46:22 GMT</pubDate>
      <description>Realistic 2026 ranges for cybersecurity audit pricing in the Spanish and EU mid-market, what a professional audit covers and how to choose a serious provider.</description>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>Digital supply chain 2025-2026: 5 lessons for the CISO from European and global data</title>
      <link>https://hard2bit.com/en/blog/digital-supply-chain-2025-2026-5-lessons-ciso/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/digital-supply-chain-2025-2026-5-lessons-ciso/</guid>
      <pubDate>Thu, 11 Jun 2026 09:48:17 GMT</pubDate>
      <description>ENISA Threat Landscape 2025 (4,875 EU incidents) and Verizon DBIR 2026 combined: five CISO lessons on supply chain, digital dependencies, vulnerabilities, AI phishing and NIS2.</description>
      <category>Investigación</category>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>AI Agent Readiness in Europe: 0% adoption in 59 large enterprises analysed (2026 report)</title>
      <link>https://hard2bit.com/en/blog/ai-agent-readiness-eu-60-enterprises-report-2026/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/ai-agent-readiness-eu-60-enterprises-report-2026/</guid>
      <pubDate>Sat, 06 Jun 2026 16:16:24 GMT</pubDate>
      <description>Passive analysis of 60 EU domains — banking, pharma, telcos, energy, retail and public sector — against the 11 emerging AI Agent Readiness standards. Aggregated data by sector.</description>
      <category>Investigación</category>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>Cyber Resilience Dashboard for the Board: 12 Actionable KPIs That Drive Decisions</title>
      <link>https://hard2bit.com/en/blog/cyber-resilience-dashboard-board-12-actionable-kpis/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/cyber-resilience-dashboard-board-12-actionable-kpis/</guid>
      <pubDate>Sat, 06 Jun 2026 09:29:07 GMT</pubDate>
      <description>A practical 12-KPI cyber resilience dashboard for the Board: what to measure, how to present it, and how to use it to drive decisions on risk, investment and strategy.</description>
      <category>Normativa &amp; GRC</category>
    </item>
    <item>
      <title>SPIFFE/SPIRE vs OAuth in Cloud-Native: How to Govern Non-Human Identities at Scale</title>
      <link>https://hard2bit.com/en/blog/spiffe-spire-vs-oauth-non-human-identities-cloud-native/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/spiffe-spire-vs-oauth-non-human-identities-cloud-native/</guid>
      <pubDate>Sat, 06 Jun 2026 09:20:07 GMT</pubDate>
      <description>SPIFFE/SPIRE for workload identity and OAuth for machine-to-machine: how each works, where each fits, and the hybrid pattern that scales for cloud-native enterprises.</description>
      <category>Ciberamenazas</category>
    </item>
    <item>
      <title>KEV, EPSS and SSVC: How to Prioritise Exploitable Vulnerabilities Before They Become Incidents</title>
      <link>https://hard2bit.com/en/blog/kev-epss-ssvc-prioritise-exploitable-vulnerabilities/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/kev-epss-ssvc-prioritise-exploitable-vulnerabilities/</guid>
      <pubDate>Sat, 06 Jun 2026 09:16:48 GMT</pubDate>
      <description>How to combine CISA KEV, EPSS and SSVC to prioritise exploitable vulnerabilities, replace CVSS-only triage and produce defensible remediation decisions.</description>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>Continuous Threat Exposure Management (CTEM): How to Implement It in Regulated Enterprises</title>
      <link>https://hard2bit.com/en/blog/continuous-threat-exposure-management-ctem-regulated-enterprises/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/continuous-threat-exposure-management-ctem-regulated-enterprises/</guid>
      <pubDate>Sat, 06 Jun 2026 08:13:59 GMT</pubDate>
      <description>How to implement Continuous Threat Exposure Management (CTEM) in regulated enterprises: five phases, architecture, KPIs, compliance mapping and a 90-day rollout plan.</description>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>Hybrid Active Directory Attacks: How to Detect and Contain Kerberoasting, AD CS Abuse and Golden Ticket</title>
      <link>https://hard2bit.com/en/blog/hybrid-active-directory-attacks-detection-containment/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/hybrid-active-directory-attacks-detection-containment/</guid>
      <pubDate>Sat, 06 Jun 2026 06:08:00 GMT</pubDate>
      <description>Technical playbook for SOC and IR teams: how to detect, contain and reduce Active Directory abuse in hybrid environments — Kerberoasting, AD CS misconfigurations, Golden Ticket and Entra ID.</description>
      <category>Ciberamenazas</category>
    </item>
    <item>
      <title>The Post-Quantum Cryptography Transition Has Started: A 2026-2028 Plan for European Enterprises</title>
      <link>https://hard2bit.com/en/blog/post-quantum-cryptography-transition-european-enterprises-2026-2028/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/post-quantum-cryptography-transition-european-enterprises-2026-2028/</guid>
      <pubDate>Fri, 05 Jun 2026 20:54:11 GMT</pubDate>
      <description>Executive guide to preparing the post-quantum transition for European enterprises 2026-2028: cryptographic inventory, prioritisation by impact and feasibility, governance, KPIs and quick wins.</description>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>MCP Security for Enterprise AI Agents: Production Controls for Operating Without Improvising</title>
      <link>https://hard2bit.com/en/blog/mcp-security-enterprise-ai-agents-production-controls/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/mcp-security-enterprise-ai-agents-production-controls/</guid>
      <pubDate>Fri, 05 Jun 2026 20:54:11 GMT</pubDate>
      <description>How to move AI agents from pilot to secure production with MCP: control architecture, guardrails, security minimums and a phased implementation plan for the enterprise.</description>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>Non-Human Identities (NHI) Security in 2026: Hardening Service Accounts, Tokens and API Keys</title>
      <link>https://hard2bit.com/en/blog/non-human-identities-security-service-accounts-tokens-api-keys/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/non-human-identities-security-service-accounts-tokens-api-keys/</guid>
      <pubDate>Fri, 05 Jun 2026 18:49:33 GMT</pubDate>
      <description>Non-human identities now outnumber humans in most enterprises. Practical guide to inventory, least-privilege, secret rotation, anomaly detection and a 90-day implementation plan.</description>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>Microsoft 365 Account Takeover: How Attackers Bypass MFA with AiTM and Token Theft</title>
      <link>https://hard2bit.com/en/blog/microsoft-365-account-takeover-aitm-token-theft/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/microsoft-365-account-takeover-aitm-token-theft/</guid>
      <pubDate>Fri, 05 Jun 2026 18:44:37 GMT</pubDate>
      <description>Traditional MFA isn&apos;t enough. Technical analysis of Adversary-in-the-Middle (AiTM) attacks, Evilginx2, ESTSAUTH cookie theft and FIDO2-based mitigation in Microsoft 365.</description>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>Microsoft 365 Device-Code Phishing: How It Works and How to Block It</title>
      <link>https://hard2bit.com/en/blog/microsoft-365-device-code-phishing-prevention-detection/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/microsoft-365-device-code-phishing-prevention-detection/</guid>
      <pubDate>Fri, 05 Jun 2026 18:41:51 GMT</pubDate>
      <description>Device-code phishing in Microsoft 365 abuses legitimate OAuth flows to steal tokens without asking for passwords. How it works, warning signs and the controls that actually block it.</description>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>Browser Extensions and GenAI: The Silent Vector Stealing Sessions, Prompts and Corporate Data</title>
      <link>https://hard2bit.com/en/blog/browser-extensions-genai-session-theft-corporate-data/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/browser-extensions-genai-session-theft-corporate-data/</guid>
      <pubDate>Fri, 05 Jun 2026 18:18:21 GMT</pubDate>
      <description>AI-powered browser extensions can read sessions, prompts, cookies, SaaS data and corporate secrets. Learn the real risks, technical controls and detection patterns to protect your organisation.</description>
      <category>Ciberseguridad</category>
    </item>
    <item>
      <title>AI Agent Readiness: How to Prepare Your Website for AI Agents</title>
      <link>https://hard2bit.com/en/blog/ai-agent-readiness-scanner/</link>
      <guid isPermaLink="true">https://hard2bit.com/en/blog/ai-agent-readiness-scanner/</guid>
      <pubDate>Fri, 05 Jun 2026 12:27:53 GMT</pubDate>
      <description>AI Agents like ChatGPT, Perplexity, Claude and Gemini discover websites through 11 emerging standards. What they are and how to audit your site against them.</description>
      <category>Ciberseguridad</category>
    </item>
  </channel>
</rss>
