This repository is a curated collection of cybersecurity articles, whitepapers, and podcasts I’ve published or contributed to over the years across multiple platforms including Business Insider, Sysdig, Aragón Radio, and BBVA Next Technologies.
-
Attacker exploits misconfigured AI tool to run AI-generated payload
Accidental misconfigurations where systems like Open WebUI are exposed to the internet remain a serious problem. -
EMERALDWHALE: 15k Cloud credentials stolen in operation targeting exposed Git config files
EMERALDWHALE, targeting exposed Git configurations resulting in more than 15,000 cloud service credentials stolen. -
LLMjacking targets DeepSeek
LLMjacking proxy operators have expanded access to credentials, customized their offerings, and begun including new models like DeepSeek. -
The Growing Dangers of LLMjacking: Evolving Tactics and Evading Sanctions
LLMjacking is a term to describe an attacker obtaining access to an LLM illegally. -
CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools
CRYSTALRAY's motivations are to collect and sell credentials, deploy cryptominers, and maintain persistence in victim environments. -
DDoS-as-a-Service: The Rebirth Botnet
At the core of the RebirthLtd's business is its DDoS botnet, which is rented out to whomever is willing to pay. -
RUBYCARP: A Detailed Analysis of a Sophisticated Decade-Old Botnet Group
RUBYCARP is interested in payloads that enable financial gain. This includes cryptomining, DDoS, and Phishing. -
SSH-Snake: New Self-Modifying Worm Threatens Networks
Analysis of SSH-Snake, a self-replicating worm using SSH credentials to spread. -
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
A deep dive into a stealthy attack combining crypto- and proxyjacking. -
Why Companies Still Struggle with Least Privilege in the Cloud
Discussion on the persistent IAM challenges in cloud security. -
Securing SSH on EC2
Best practices for hardening SSH access in AWS EC2 environments.
-
Adversarial Machine Learning (Whitepaper)
Explains techniques and threats related to adversarial ML. - Offensive AI Compilation -
Contenido Sintético (Whitepaper)
An overview of synthetic content and its implications for cybersecurity.
-
Hackers vs ciberdelincuentes
Discussion on the difference between hackers and cybercriminals. -
Ciberseguridad en verano
How to stay cyber-safe during summer vacations.
- Tardes de Ciberseguridad Unizar
¿Cómo es el día a día de un investigador de ciberseguridad en Sysdig?
- Detección de deepfakes
Tips from cybersecurity experts on detecting deepfakes.
- OnTheNubs Fun program related with new technologies.
- Análisis de la seguridad de las bases de datos orientadas a grafos
A research paper analyzing information leakage and design flaws in graph-oriented databases.
- (In) Security in Graph Databases - Analysis and Data Leaks
In our research, we had reviewed the design of the most widespread graph databases detecting several security problems, improper default configurations and leaks.
- Cyber Threat Analysis
- Cloud Security
- Adversarial AI
- Deepfakes
- Synthetic Content
- SSH & IAM Hardening
- Cybersecurity in the Media
Feel free to fork or suggest improvements. I'm open to collaborations, expansions, and feedback. Future updates may include summaries, translated versions, or article annotations.