CyberComplianceAI
InicioNoticiasIntel Center
Marketplace
CyberForoPrecios
AccederPro
The Pulse · Live Intelligence Feed

Intel Center

Una señal es cualquier evento operacional detectado en las últimas 24h–30d: CVEs en KEV explotados activamente, advisories de vendor, exposición cloud, ransomware y avisos regulatorios. Cada señal se prioriza por severidad, freshness y match con tu Digital Twin.

Para análisis editorial y noticias generales visita Noticias.

Consola en vivo · last 24h
Señales (ventana)568
Última detecciónhace 8 h
Monitorizado porintelligence scouter
506signals
Acción Requerida
4signals
Explotados & KEV
13signals
Vulns Críticas
Advisories de Vendor

Sin nuevos advisories PSIRT de vendor en la ventana.

También en el Intel CenterCloud & Identity38Monitor10

Intel Center Basic

Vista resumida de señales operativas

Discover muestra una cola corta de señales recientes para exploración. Los planes Pro desbloquean el catálogo KEV completo, más histórico, contexto por Digital Twin y priorización ampliada.

Ver planes ProCrear cuenta
Ventana24h7d30d7d / 30d solo en ProSeveridadCríticaAltaLimpiar filtros

Priority Command Strip

What your team should look at right now

6 señales críticas
  1. Action RequiredImmediate8h

    BlueHammer Vulnerability Exploited in Ransomware Attacks

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    SecurityWeek · MicrosoftReview signal
  2. Action RequiredImmediate
All568Action Required506Exploited & KEV4Critical Vulns13Cloud & Identity38Monitor10

Discover muestra 8 señales operativas recientes. Sube a Consultant Pro o Professional Pro para abrir el feed completo, histórico ampliado y el catálogo KEV.

Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

Frangoteam FUXA SCADA/HMI

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) CVSS Vendor Equipment Vulnerabilities v3 7.5 Frangoteam Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-13207 FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials. View CVE Details Affected Products Frangoteam FUXA SCADA/HMI Vendor: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1.3.1 Product Status: known_affected Remediations Mitigation Frangoteam recommends users apply the latest version of FUXA 1.3.2 or later https://github.com/frangoteam/FUXA/releases. https://github.com/frangoteam/FUXA/releases Relevant CWE: CWE-290 Authentication Bypass by Spoofing Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Joshua Hayes of Cited Relevance LLC reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/priva CVEs: CVE-2026-13207. Vendors: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1. DORA relevance: medium.

Filtered for operational relevance. Powered by a curated catalog of vulnerability, CERT, vendor and threat-intelligence sources.View methodology →

CyberCompliance Pro

¿Quieres esto priorizado para tu rol cada mañana?

El Morning Brief Pro filtra estas señales por tu rol (CISO, SecOps, risk), sector y framework prioritario, y las convierte en acciones recomendadas listas a las 7:00.

Probar Morning Brief Pro →Ver precio

¿Aún no quieres Pro? Recibe el resumen de cumplimiento gratis cada semana.

11h

Aikido Security acquires Root to expand backported fixes for open source vulnerabilities

Explotación activa confirmada. Riesgo material para entornos expuestos.

Help Net Security · Microsoft · AWSReview signal
  • Action RequiredImmediate13h

    Critical SimpleHelp Vulnerability Exploited for Malware Delivery

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    SecurityWeek · MicrosoftReview signal
  • Action RequiredImmediate13h

    Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    SecurityWeek · MicrosoftReview signal
  • Action RequiredImmediate13h

    CISA: Windows BlueHammer flaw now exploited by ransomware gangs

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    BleepingComputer · MicrosoftReview signal
  • Action RequiredImmediate14h

    SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    Help Net Security · Microsoft · GoogleReview signal
  • Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Check exposure to CVE-2026-13207 in asset inventory and vulnerability tooling.

    Vendors:Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1CISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 12:00
    Actualizado
    30 jun 2026, 17:00
    Detectado
    30 jun 2026, 17:00
    Fuente
    CISA All Alerts
    Referencia técnica
    NVD · CVE-2026-13207
    CISA All Alerts
    Prioridad · 59/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · CISA All Alerts authority (+12) · updated <24h (+5 cap)
    hace 9 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

    Malicious PyPI packages give hackers control of Telegram bot servers

    A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. [...] Vendors: Microsoft. DORA relevance: medium.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 21:02
    Actualizado
    30 jun 2026, 23:01
    Detectado
    30 jun 2026, 23:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 3 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    New BioShocking attack manipulates AI browser into data theft

    A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...] Vendors: Microsoft, Google.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft, Google technology stacks.

    Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 21:50
    Actualizado
    30 jun 2026, 23:01
    Detectado
    30 jun 2026, 23:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 3 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    CIA chief highlights major shifts in agency’s tech approach

    CIA Director John Ratcliffe said artificial intelligence capabilities are "akin to digital nuclear weapons.” Vendors: AWS. DORA relevance: medium.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for AWS technology stacks.

    Vendors:AWSCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 19:05
    Actualizado
    30 jun 2026, 23:01
    Detectado
    30 jun 2026, 23:01
    Fuente
    The Record by Recorded Future
    Referencia técnica
    Original advisory
    The Record by Recorded Future
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 3 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRADORAInteligencia operacional

    Discover, govern, and scale Azure infrastructure in the AI era

    Organizations are rapidly building AI applications, deploying AI agents, and scaling Azure environments faster than ever before. As AI initiatives accelerate and the volume of code expands, many organizations discover they have lost visibility into the infrastructure supporting those workloads. Resources created outside standard workflows, unmanaged environments, and infrastructure drift create governance, security, and operational challenges that become increasingly difficult to control at scale. The challenge is no longer simply adopting infrastructure as code (IaC). It is continuously discovering, governing, and bringing Azure infrastructure back into alignment as cloud and AI environments evolve. The hidden drift: How unmanaged infrastructure emerges Infrastructure drift rarely happens because teams ignore best practices. It happens because real-world operations rarely follow clean architectural plans. A developer provisions a resource directly in the Azure portal to test an idea. A proof-of-concept AI application is deployed quickly and later promoted into production. A late-night incident leads to a manual fix that never gets codified. A newly acquired team brings Azure subscriptions that were never managed with Terraform. Each decision is reasonable in isolation, and none of them stem from malice, but collectively, they create a growing layer of shadow infrastructure that exists outside Terraform. Over time, organizations find themselves operating in two parallel worlds: one that is version-controlled and governed, and another that is opaque, manually managed, and difficult to reason with. Why AI makes drift worse AI workloads introduce a new layer of infrastructure complexity at a rapid pace. As AI adoption accelerates, infrastructure surface area and churn increases. Without a consistent operating model, organizations can lose visibility into what exists, who created it, and whether it complies with organizational standards. Discover AI and cloud infrastruc Vendors: Microsoft. DORA relevance: high.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 16:00
    Actualizado
    30 jun 2026, 18:01
    Detectado
    30 jun 2026, 18:01
    Fuente
    HashiCorp Blog Security
    Referencia técnica
    Original advisory
    HashiCorp Blog Security
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 8 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

    Microsoft adds smarter bot protection to Teams meetings

    Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [...] Vendors: Microsoft, Google. DORA relevance: medium.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft, Google technology stacks.

    Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 10:52
    Actualizado
    30 jun 2026, 18:01
    Detectado
    30 jun 2026, 18:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 8 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

    Lessons from the Underground: How to Combat Business Email Compromise

    Business Email Compromise is more than an email scam. It's a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums reveal how BEC attacks are planned and executed. [...] Vendors: Microsoft, Google. DORA relevance: high.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft, Google technology stacks.

    Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 14:00
    Actualizado
    30 jun 2026, 18:01
    Detectado
    30 jun 2026, 18:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 8 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    Fake Perplexity extension on Chrome Web Store tracked searches

    A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. [...] Vendors: Microsoft, Google.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft, Google technology stacks.

    Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 15:46
    Actualizado
    30 jun 2026, 18:01
    Detectado
    30 jun 2026, 18:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 8 horas