Una señal es cualquier evento operacional detectado en las últimas 24h–30d: CVEs en KEV explotados activamente, advisories de vendor, exposición cloud, ransomware y avisos regulatorios. Cada señal se prioriza por severidad, freshness y match con tu Digital Twin.
Para análisis editorial y noticias generales visita Noticias.
Discover muestra una cola corta de señales recientes para exploración. Los planes Pro desbloquean el catálogo KEV completo, más histórico, contexto por Digital Twin y priorización ampliada.
Discover muestra 8 señales operativas recientes. Sube a Consultant Pro o Professional Pro para abrir el feed completo, histórico ampliado y el catálogo KEV.
The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released. The post BlueHammer Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek. CVEs: CVE-2026-33825. CISA KEV/exploitation signal detected. Vendors: Microsoft. DORA relevance: medium.
Filtered for operational relevance. Powered by a curated catalog of vulnerability, CERT, vendor and threat-intelligence sources.View methodology →
15h
Aikido Security acquires Root to expand backported fixes for open source vulnerabilities
Explotación activa confirmada. Riesgo material para entornos expuestos.
Aikido Security has acquired Root, uniting behind a shared mission to make it easy for developers and agents to build with secure open source and tackle the growing threat of supply chain attacks. Open source is the foundation of almost every application in the world, and it has become the primary entry point for attackers. Organizations face two converging threats: attackers hide malware inside the open source packages that applications depend on, and vulnerabilities sit … More → The post Aikido Security acquires Root to expand backported fixes for open source vulnerabilities appeared first on Help Net Security. CISA KEV/exploitation signal detected. Vendors: Microsoft, AWS. DORA relevance: medium.
Por qué importa
Explotación activa confirmada. Riesgo material para entornos expuestos.
Acción recomendada
Prioritize remediation as exploited-in-the-wild; do not wait for monthly patch cadence.
The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek. CVEs: CVE-2026-48558. CISA KEV/exploitation signal detected. Vendors: Microsoft. DORA relevance: medium.
Por qué importa
Explotación activa confirmada. Riesgo material para entornos expuestos.
Acción recomendada
Check exposure to CVE-2026-48558 in asset inventory and vulnerability tooling.
The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product. The post Exploitation of Recent Oracle E-Business Suite Vulnerability Begins appeared first on SecurityWeek. CVEs: CVE-2026-46817. CISA KEV/exploitation signal detected. Vendors: Microsoft. DORA relevance: high.
Por qué importa
Explotación activa confirmada. Riesgo material para entornos expuestos.
Acción recomendada
Check exposure to CVE-2026-46817 in asset inventory and vulnerability tooling.
CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks. [...] CVEs: CVE-2026-33825. CISA KEV/exploitation signal detected. Vendors: Microsoft. DORA relevance: medium.
Por qué importa
Explotación activa confirmada. Riesgo material para entornos expuestos.
Acción recomendada
Check exposure to CVE-2026-33825 in asset inventory and vulnerability tooling.
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud platforms, source control, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets,” BlackPoint Cyber’s researchers discovered. CVE-2026-48558 exploited SimpleHelp is a remote monitoring and management (RMM) tool popular with managed services providers … More → The post SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558) appeared first on Help Net Security. CVEs: CVE-2026-48558. CISA KEV/exploitation signal detected. Vendors: Microsoft, Google, AWS. DORA relevance: medium.
Por qué importa
Explotación activa confirmada. Riesgo material para entornos expuestos.
Acción recomendada
Check exposure to CVE-2026-48558 in asset inventory and vulnerability tooling.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance. CVEs: CVE-2026-48558. CISA KEV/exploitation signal detected. DORA relevance: medium.
Por qué importa
Explotación activa confirmada. Riesgo material para entornos expuestos.
Acción recomendada
Check exposure to CVE-2026-48558 in asset inventory and vulnerability tooling.
[CISA KEV actively exploited] Vendor: SimpleHelp | Product: SimpleHelp | SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. | Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. | Due date: 2026-07-02 | Ransomware use: Unknown | Added: 2026-06-29 CVEs: CVE-2026-48558. CISA KEV/exploitation signal detected. Vendors: SimpleHelp , SimpleHelp. DORA relevance: medium.
Por qué importa
Explotación activa confirmada. Riesgo material para entornos expuestos.
Acción recomendada
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.