Cyberhades Podcast 0x29 - La IA audita y parchea sistemas. Que Dios Nos Coja Compilados

La inteligencia artificial sigue acelerando el ritmo de la industria tecnológica y esta semana analizamos algunas de las señales más interesantes. Hablamos del lanzamiento de Claude Opus 4.8, de la creciente autonomía de los modelos para programar y corregir código, y de un debate cada vez más relevante: si la IA puede detectar vulnerabilidades y generar parches automáticamente, ¿quién supervisa que no esté creando nuevos problemas por el camino? También repasamos el cambio de discurso de los grandes líderes del sector sobre el impacto de la IA en el empleo y el enorme coste que supone desplegar estos sistemas a gran escala.

Además, exploramos cómo la IA está transformando la ciberseguridad, la investigación científica e incluso la propia Internet, donde los agentes automatizados ya generan una parte significativa del tráfico global. Y como siempre, reservamos espacio para la nostalgia tecnológica con historias sobre Ethernet, Pac-Man, la cultura hacker de 2600 y algunas joyas retro que nos recuerdan de dónde viene todo este ecosistema que hoy está redefiniendo el futuro.

Enlaces de este episodio:

• OpenAI announcement/update on X — https://x.com/OpenAI/status/2057176201782075690?s=20

• Drupal Core Security Vulnerability — https://cybersecuritynews.com/drupal-core-security-vulnerability/

• NGINX 0-Day RCE “PoolSlip” — https://cybersecuritynews.com/nginx-0-day-rce-nginx-poolslip/

• PinTheft PoC — https://github.com/v12-security/pocs/tree/09e835b587bf71249775654061ae4c79e92cf430/pintheft#pintheft

• Pardus Linux Privilege Escalation Flaw — https://cybersecuritynews.com/pardus-linux-privilege-escalation-flaw/

• FreePBX Vulnerability — https://cybersecuritynews.com/freepbx-vulnerability/

• ExifTool Vulnerability Compromising Macs — https://cybersecuritynews.com/exiftool-vulnerability-compromise-macs/

• Microsoft Python Client DurableTask Vulnerability — https://cybersecuritynews.com/microsoft-python-client-durabletask/

• Google Publishes Exploit Code Threatening Chromium Users — https://arstechnica.com/security/2026/05/google-publishes-exploit-code-threatening-millions-of-chromium-users/

• Discord Enables End-to-End Encryption by Default — https://cybersecuritynews.com/discord-end-to-end-encryption-default/

• Megalodon Malware in GitHub Repositories — https://cybersecuritynews.com/megalodon-malware-github-repos/

• Why the Smart Home Bubble Popped — https://hackaday.com/2026/05/21/why-the-smart-home-bubble-popped/

• Antigravity 2.0 Reddit Thread — https://www.reddit.com/r/google_antigravity/comments/1thvz53/wtf_is_antigravity_20_where_did_my_ide_go/

• Starbucks Scraps AI Inventory Tool Across North America — https://www.cnbc.com/2026/05/21/starbucks-scraps-ai-inventory-tool-across-north-america.html

• 96% of IT Pros Use AI Now — https://www.zdnet.com/article/96-of-it-pros-use-ai-now-their-top-7-agentic-applications-and-biggest-implementation-roadblocks/

• Jeremiah D Johns on X — https://x.com/JeremiahDJohns/status/2057270109878526348

• Steve Wozniak Tells Graduates They All Have AI — https://news.slashdot.org/story/26/05/22/0530218/steve-wozniak-tells-graduates-they-all-have-ai-actual-intelligence

• fatgid.io Bug Demo — https://fatgid.io/#bug

• Laravel Language Packages Compromised — https://cybersecuritynews.com/laravel-lang-packages-compromised/

• UniFi OS Vulnerabilities — https://cybersecuritynews.com/unifi-os-vulnerabilities-privilege-escalation/

• Flipper One Team Needs Your Help — https://hackaday.com/2026/05/22/the-team-behind-the-flipper-one-needs-your-help/

• Drupal SQL Injection Bug Actively Exploited — https://thehackernews.com/2026/05/drupal-core-sql-injection-bug-actively.html

• Megalodon GitHub Attack Targets Thousands — https://thehackernews.com/2026/05/megalodon-github-attack-targets-5561.html

• Police Claim They Hacked Criminal VPN — https://arstechnica.com/tech-policy/2026/05/police-boast-of-hacking-vpn-where-criminals-believed-themselves-to-be-safe/

• Google API Keys Remain Active After Deletion — https://tech.slashdot.org/story/26/05/22/1827258/google-api-keys-remain-active-after-deletion

• Linux Kernel Flaw Allows Root Access — https://linux.slashdot.org/story/26/05/23/0727241/linux-kernel-flaw-lets-unprivileged-users-access-root-only-files-execute-arbitrary-commands-as-root

• Free Software Foundation LibreLocals — https://news.slashdot.org/story/26/05/23/0639208/free-software-foundations-call-for-librelocals-answered-on-six-continents---with-more-coming

• H4ckmanac on X — https://x.com/H4ckmanac/status/2058264335084884353?s=20

• Browser-Locking CypherLoc Kit — https://cybersecuritynews.com/hackers-use-browser-locking-cypherloc-kit/

• Hacking Video Walkie-Talkies and Running Doom — https://hackaday.com/2026/05/24/hacking-a-video-walkie-talkies-txw818-mcu-and-running-doom/

• WhatsApp Chats Stored Unencrypted on macOS/iOS — https://cybersecuritynews.com/whatsapp-chat-stored-unencrypted-macos-and-ios/

• Trapdoor Supply-Chain Attack — https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html

• Canonical Shutting Down Ubuntu Pastebin — https://news.slashdot.org/story/26/05/24/2042245/canonical-is-shutting-down-ubuntu-pastebin?utm_source=rss1.0mainlinkanon&utm_medium=feed

• Wind and Solar Generated More Power Than Gas — https://hardware.slashdot.org/story/26/05/24/0339201/wind-and-solar-generated-more-power-than-gas-globally-in-april?utm_source=rss1.0mainlinkanon&utm_medium=feed

• Threat Intel: ShinyHunters 94GB Leak — https://www.reddit.com/r/netsec/comments/1tn6yrv/threat_intel_shinyhunters_leaks_94gb_database_of/

• Claude Mythos Moves Toward Public — https://cybersecuritynews.com/claude-mythos-moves-toward-public/

• Amiga UNIX Reappears — https://hackaday.com/2026/05/25/lost-version-of-amiga-unix-suddenly-reappears/

• 7-Zip Vulnerabilities Allow Code Execution — https://cybersecuritynews.com/7-zip-vulnerabilities-code-execution/

• GitHub Authentication Issues Outage — https://cybersecuritynews.com/github-down-authentication-issues/

• Gary Marcus — If Enough Other Companies Report… — https://garymarcus.substack.com/p/if-enough-other-companies-report

• California Moves to Exempt Linux From Upcoming Age Verification Law — https://linux.slashdot.org/story/26/05/26/0450245/california-moves-to-exempt-linux-from-upcoming-age-verification-law

• NVIDIA NV-Generate-MR-Brain — https://huggingface.co/nvidia/NV-Generate-MR-Brain

• 3D Space Cadet Pinball Physical Recreation — https://arstechnica.com/gaming/2026/05/windows-classic-3d-space-cadet-pinball-is-getting-a-physical-re-creation/

• Apple Anti-Snatching Auto-Lock iPhones — https://cybersecuritynews.com/apple-anti-snatching-auto-lock-iphones/

• 0-Click WhatsApp Attack Targeting iOS 16 Users — https://cybersecuritynews.com/0-click-whatsapp-target-ios-16-users/

• Critical Vulnerability in Open-Source AI Package — https://arstechnica.com/information-technology/2026/05/millions-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package/

• Critical Notepad Vulnerabilities — https://cybersecuritynews.com/critical-notepad-vulnerabilities/

• Websites Can Spy on SSD Activity — https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/

• Retro Game Sequel Released After 37 Years — https://www.tomshardware.com/video-games/retro-gaming/veteran-programmer-finishes-retro-game-sequel-and-publishes-it-after-37-years-colin-porch-started-head-over-heels-home-computer-title-in-1989-but-it-was-shelved-due-to-console-pivot

• Erin Brockovich Starts Tracking AI Data Centers — https://www.tomshardware.com/tech-industry/artificial-intelligence/erin-brockovich-starts-tracking-ai-data-centers-calls-on-affected-communities-to-submit-issues-website-shows-more-than-2-700-reports-from-across-the-us-raising-various-concerns

• 21stRobotics on X — https://x.com/21stRobotics/status/2059974542689444232?s=20

• Claude AI on X — https://x.com/claudeai/status/2060042702150930686?s=20

• Roundcube Webmail SQL Vulnerability — https://cybersecuritynews.com/roundcube-webmail-sql-vulnerability/

• Claude Opus 4.8 Released — https://cybersecuritynews.com/claude-opus-4-8-released/

• AI-Generated NPM Malware — https://cybersecuritynews.com/ai-generated-npm-malware/

• Linux CIFSwitch Kernel Vulnerability — https://cybersecuritynews.com/linux-cifswitch-kernel-vulnerability/

• Microsoft’s Zero-Day Stance Criticized — https://doublepulsar.com/microsofts-stance-on-zero-day-exploits-is-a-dumpster-fire-of-their-own-making-0946117940a4?source=rss-7db6d2df42a6------2

• Carnival Confirms Massive Data Breach — https://www.malwarebytes.com/blog/data-breaches/2026/05/carnival-confirms-data-breach-impacting-nearly-6-million

• Zero-Day-Clock — https://www.tomshardware.com/tech-industry/cyber-security/zero-day-clock-visualizes-and-quantifies-the-effects-of-ai-on-software-security-time-until-exploit-went-from-one-year-to-one-day-and-projected-to-be-one-minute-soon-enough

• The Best of 2600: A Hacker Odyssey — https://www.amazon.es/Best-2600-Hacker-Odyssey/dp/0470294191

• Ethernet en Xerox PARC — https://ethw.org/Ethernet

• Primera prueba pública de Pac-Man — https://pacman.com/en/history/

• Bill Gates “The Internet Tidal Wave” — https://www.computerhistory.org/tdih/may/26/

Como siempre puedes ver o escuchar el episodio en:

• YouTube
• Spotify