CyberCompliance AICyberCompliance AIPRO
InicioNewsLo últimoMarketplaceProTrustPreciosAbout
AI AssistantGet Started

Inteligencia en vivo

Lo último en ciberregulación y vulnerabilidades

Señales detectadas automáticamente por el scouter horario antes de convertirse en análisis editorial. Fuentes oficiales: CISA, ENISA, EBA, ECB, AEPD, NVD.

Últimas 24h7 díasCríticoAltoRegulaciónIncidentesSancionesLimpiar
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2026-20182 · Cisco Catalyst SD-WAN: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

[CISA KEV] Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. | Ransomware use: Unknown | Added: 2026-05-14

Published
14 may 2026, 00:00
Updated
15 may 2026, 18:57
Detected
15 may 2026, 18:57
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2026-20182)
Ranking rationale
Freshness score 132 · published <7d (+25) · active exploitation/KEV/ransomware signal (+50)
CISA KEV (Known Exploited Vulnerabilities)hace 21 h
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2026-42897 · Microsoft Microsoft: Microsoft Exchange Server Cross-Site Scripting Vulnerability

[CISA KEV] Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context. | Ransomware use: Unknown | Added: 2026-05-15

Published
15 may 2026, 00:00
Updated
15 may 2026, 18:57
Detected
15 may 2026, 18:57
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2026-42897)
Ranking rationale
Freshness score 132 · published <7d (+25) · active exploitation/KEV/ransomware signal (+50)
CISA KEV (Known Exploited Vulnerabilities)
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2025-29635 · D-Link DIR-823X: D-Link DIR-823X Command Injection Vulnerability

[CISA KEV actively exploited] D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Ransomware use: Unknown | Added: 2026-04-24

Published
24 abr 2026, 00:00
Updated
15 may 2026, 19:19
Detected
15 may 2026, 19:19
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2025-29635)
Ranking rationale
Freshness score 117 · published <30d (+10) · active exploitation/KEV/ransomware signal (+50)
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2026-32202 · Microsoft Windows: Microsoft Windows Protection Mechanism Failure Vulnerability

[CISA KEV actively exploited] Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network. | Ransomware use: Unknown | Added: 2026-04-28

Published
28 abr 2026, 00:00
Updated
15 may 2026, 19:19
Detected
15 may 2026, 19:19
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2026-32202)
Ranking rationale
Freshness score 117 · published <30d (+10) · active exploitation/KEV/ransomware signal (+50)
CISA KEV (Known Exploited Vulnerabilities)hace 21 h
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2024-1708 · ConnectWise ScreenConnect: ConnectWise ScreenConnect Path Traversal Vulnerability

[CISA KEV actively exploited ransomware] ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems. | Ransomware use: Known | Added: 2026-04-28

Published
28 abr 2026, 00:00
Updated
15 may 2026, 19:19
Detected
15 may 2026, 19:19
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2024-1708)
Ranking rationale
Freshness score 117 · published <30d (+10) · active exploitation/KEV/ransomware signal (+50)
CISA KEV (Known Exploited Vulnerabilities)
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2026-41940 · WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

[CISA KEV actively exploited ransomware] WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. | Ransomware use: Known | Added: 2026-04-30

Published
30 abr 2026, 00:00
Updated
15 may 2026, 19:19
Detected
15 may 2026, 19:19
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2026-41940)
Ranking rationale
Freshness score 117 · published <30d (+10) · active exploitation/KEV/ransomware signal (+50)
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2026-31431 · Linux Kernel: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

[CISA KEV] Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation. | Ransomware use: Unknown | Added: 2026-05-01

Published
01 may 2026, 00:00
Updated
15 may 2026, 18:57
Detected
15 may 2026, 18:57
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2026-31431)
Ranking rationale
Freshness score 117 · published <30d (+10) · active exploitation/KEV/ransomware signal (+50)
CISA KEV (Known Exploited Vulnerabilities)hace 21 h
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2026-0300 · Palo Alto Networks PAN-OS: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

[CISA KEV] Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. | Ransomware use: Unknown | Added: 2026-05-06

Published
06 may 2026, 00:00
Updated
15 may 2026, 18:57
Detected
15 may 2026, 18:57
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2026-0300)
Ranking rationale
Freshness score 117 · published <30d (+10) · active exploitation/KEV/ransomware signal (+50)
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2026-6973 · Ivanti Endpoint Manager Mobile (EPMM): Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

[CISA KEV] Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution. | Ransomware use: Unknown | Added: 2026-05-07

Published
07 may 2026, 00:00
Updated
15 may 2026, 18:57
Detected
15 may 2026, 18:57
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2026-6973)
Ranking rationale
Freshness score 117 · published <30d (+10) · active exploitation/KEV/ransomware signal (+50)
CISA KEV (Known Exploited Vulnerabilities)
CRÍTICOACTIVELY EXPLOITEDincidentNIS2CRASeñal automática

CVE-2026-42208 · BerriAI LiteLLM: BerriAI LiteLLM SQL Injection Vulnerability

[CISA KEV] BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages. | Ransomware use: Unknown | Added: 2026-05-08

Published
08 may 2026, 00:00
Updated
15 may 2026, 18:57
Detected
15 may 2026, 18:57
Source
Primary source: CISA KEV (Known Exploited Vulnerabilities)
Technical reference
NVD (CVE-2026-42208)
Ranking rationale
Freshness score 117 · published <30d (+10) · active exploitation/KEV/ransomware signal (+50)
CISA KEV (Known Exploited Vulnerabilities)

CyberCompliance Pro

Want this prioritized for your role every morning?

El Morning Brief Pro filtra estas señales por tu rol (CISO, compliance, risk), sector y framework prioritario, y las convierte en acciones recomendadas listas a las 7:00.

Try Pro Morning Brief →Ver precios

Disclaimer. Estas señales son automáticas y todavía no representan análisis editorial completo. Los artículos publicados en /noticias sí pasan por revisión humana.

hace 21 h
CISA KEV (Known Exploited Vulnerabilities)hace 21 h
hace 21 h
CISA KEV (Known Exploited Vulnerabilities)
hace 21 h
CISA KEV (Known Exploited Vulnerabilities)
hace 21 h
hace 21 h
hace 21 h