writeups · 6 min
Comprehensive analysis of security threats in Large Language Models (LLMs), attack techniques like prompt injection, and practical case study from the A.D.I.C. 7 challenge at CyberH2O CTF.
· Manuel López Pérez
ai-security · 14 min
January 2026 marks a year since DeepSeek-R1. The expected V4 doesn't land — DeepSeek publishes the Engram paper (conditional memory) and an updated R1 paper instead. Moonshot AI drops Kimi K2.5 with multimodal and agent swarm. The open-weights frontier pattern is now normal: Chinese labs dominate the Hugging Face rankings. State and the defences it assumes broken.
· Manuel López Pérez
writeups · 7 min
Write-up of the third and final machine from the CyberH2O cyberchallenge, an industrial environment with SNMP, OPC UA, Node-RED and privilege escalation.
· Manuel López Pérez
compliance · 15 min
On 17 January 2026 DORA marks a year of applicability. The ESAs designate 19 critical ICT providers in November 2025, the first TLPT cycle starts to land for 2026-2028, national authorities close the grace period and open active inspection. Operational table of what worked, what is missing, and what is required during 2026.
· Manuel López Pérez
writeups · 6 min
Write-up of the second machine from the CyberH2O cyberchallenge, a hybrid environment with Docker containers and privilege escalation via Portainer.
· Manuel López Pérez
writeups · 6 min
Write-up of the first challenge of the CyberH2O cyberchallenge, focused on OSINT to locate an exposed PLC in a specific municipality.
· Manuel López Pérez
news · 9 min
Cl0p insists a year after Cleo. OpenAI repeats Shipmas. Anthropic closes the year with a Claude refresh. DORA and NIS2 enter the first inspection cycle. Year-end reports from Mandiant, CrowdStrike and Verizon. The year in one table.
· Manuel López Pérez
tutoriales · 10 min
ByBit, the UK retail wave (M&S/Co-op/Harrods), SharePoint ToolShell and Windows 10 end-of-support. Four incidents with explicit criterion — no exhaustive top list, no ranking — and the operational lesson each one leaves for 2026.
· Manuel López Pérez
ai-security · 11 min
Open-weights reasoning as new default, generalist agents in product, MCP poisoning as mature category, agentic misalignment with reproducible metric, AI Act as real compliance gradient, and reasoning models as consolidated surface. Six patterns with cross-links to the monthly technicals.
· Manuel López Pérez
news · 12 min
Anthropic publishes the first case of espionage with an autonomous coding agent. Microsoft Ignite and AWS re:Invent put "agent security" into product: Entra Agent ID GA, AgentCore Policy in preview with Cedar. FortiWeb 0-day CVE-2025-64446 exploited in the wild. Cloudflare down for 4 hours on the 18th over a badly-generated feature file. Logitech joins the Cl0p / Oracle E-Business cluster. Patch Tuesday with CVE-2025-62215 zero-day in Windows Kernel.
· Manuel López Pérez
ai-security · 11 min
On 13 November Anthropic reported that a China-nexus group used Claude Code to automate 80–90% of a campaign against ~30 organisations. The first documented case of agent-driven espionage. A critical read: what the report proves, what it leaves unproven, and what changes operationally for anyone running coding agents in 2026.
· Manuel López Pérez
news · 9 min
Windows 10 closes ten years of support. F5 discloses source code theft and unpublished CVEs by a nation-state. Patch Tuesday with three zero-days in use, WSUS RCE wormable with out-of-band patch. AWS US-East-1 down for 15 hours. Claude Haiku 4.5 and Sonnet 4.5 in production.
· Manuel López Pérez
