CyberComplianceAI
InicioNoticiasIntel Center
Marketplace
CyberForoPrecios
AccederPro
The Pulse · Live Intelligence Feed

Intel Center

Una señal es cualquier evento operacional detectado en las últimas 24h–30d: CVEs en KEV explotados activamente, advisories de vendor, exposición cloud, ransomware y avisos regulatorios. Cada señal se prioriza por severidad, freshness y match con tu Digital Twin.

Para análisis editorial y noticias generales visita Noticias.

Consola en vivo · last 24h
Señales (ventana)60
Última detecciónhace 14 h
Monitorizado porintelligence scouter
Acción Requerida

Sin señales activamente explotadas ni parches de emergencia.

4signals
Explotados & KEV
14signals
Vulns Críticas
Advisories de Vendor

Sin nuevos advisories PSIRT de vendor en la ventana.

También en el Intel CenterCloud & Identity37Monitor8

Intel Center Basic

Vista resumida de señales operativas

Discover muestra una cola corta de señales recientes para exploración. Los planes Pro desbloquean el catálogo KEV completo, más histórico, contexto por Digital Twin y priorización ampliada.

Ver planes ProCrear cuenta
Ventana24h7d30d7d / 30d solo en ProSeveridadCríticaAltaLimpiar filtros

Priority Command Strip

What your team should look at right now

1 señal críticas
  1. Exploited & KEVHigh14h

    Blackfield ransomware asks Nidec Corporation for $2 million ransom

    Explotación reportada sobre Microsoft. Verificar exposición real en el inventario.

    BleepingComputer · MicrosoftReview signal
All60Action Required0Exploited & KEV4Critical Vulns14Cloud & Identity37Monitor8

Discover muestra 8 señales operativas recientes. Sube a Consultant Pro o Professional Pro para abrir el feed completo, histórico ampliado y el catálogo KEV.

Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

Frangoteam FUXA SCADA/HMI

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) CVSS Vendor Equipment Vulnerabilities v3 7.5 Frangoteam Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-13207 FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials. View CVE Details Affected Products Frangoteam FUXA SCADA/HMI Vendor: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1.3.1 Product Status: known_affected Remediations Mitigation Frangoteam recommends users apply the latest version of FUXA 1.3.2 or later https://github.com/frangoteam/FUXA/releases. https://github.com/frangoteam/FUXA/releases Relevant CWE: CWE-290 Authentication Bypass by Spoofing Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Joshua Hayes of Cited Relevance LLC reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/priva CVEs: CVE-2026-13207. Vendors: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1. DORA relevance: medium.

Filtered for operational relevance. Powered by a curated catalog of vulnerability, CERT, vendor and threat-intelligence sources.View methodology →

CyberCompliance Pro

¿Quieres esto priorizado para tu rol cada mañana?

El Morning Brief Pro filtra estas señales por tu rol (CISO, SecOps, risk), sector y framework prioritario, y las convierte en acciones recomendadas listas a las 7:00.

Probar Morning Brief Pro →Ver precio

¿Aún no quieres Pro? Recibe el resumen de cumplimiento gratis cada semana.

Por qué importa

Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

Acción recomendada

Check exposure to CVE-2026-13207 in asset inventory and vulnerability tooling.

Vendors:Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1CISO · Cloud Security · SecOps
Publicado
30 jun 2026, 12:00
Actualizado
30 jun 2026, 17:00
Detectado
30 jun 2026, 17:00
Fuente
CISA All Alerts
Referencia técnica
NVD · CVE-2026-13207
CISA All Alerts
Prioridad · 59/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · CISA All Alerts authority (+12) · updated <24h (+5 cap)
hace 10 horas
Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

Malicious PyPI packages give hackers control of Telegram bot servers

A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. [...] Vendors: Microsoft. DORA relevance: medium.

Por qué importa

Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

Acción recomendada

Notify owners for Microsoft technology stacks.

Vendors:MicrosoftCISO · Cloud Security · SecOps
Publicado
30 jun 2026, 21:02
Actualizado
30 jun 2026, 23:01
Detectado
30 jun 2026, 23:01
Fuente
BleepingComputer
Referencia técnica
Original advisory
BleepingComputer
Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
hace 4 horas
Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

New BioShocking attack manipulates AI browser into data theft

A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...] Vendors: Microsoft, Google.

Por qué importa

Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

Acción recomendada

Notify owners for Microsoft, Google technology stacks.

Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
Publicado
30 jun 2026, 21:50
Actualizado
30 jun 2026, 23:01
Detectado
30 jun 2026, 23:01
Fuente
BleepingComputer
Referencia técnica
Original advisory
BleepingComputer
Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
hace 4 horas
Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

CIA chief highlights major shifts in agency’s tech approach

CIA Director John Ratcliffe said artificial intelligence capabilities are "akin to digital nuclear weapons.” Vendors: AWS. DORA relevance: medium.

Por qué importa

Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

Acción recomendada

Notify owners for AWS technology stacks.

Vendors:AWSCISO · Cloud Security · SecOps
Publicado
30 jun 2026, 19:05
Actualizado
30 jun 2026, 23:01
Detectado
30 jun 2026, 23:01
Fuente
The Record by Recorded Future
Referencia técnica
Original advisory
The Record by Recorded Future
Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
hace 4 horas
Cloud & IdentityMEDIAAltoNEWNIS2CRADORAInteligencia operacional

Discover, govern, and scale Azure infrastructure in the AI era

Organizations are rapidly building AI applications, deploying AI agents, and scaling Azure environments faster than ever before. As AI initiatives accelerate and the volume of code expands, many organizations discover they have lost visibility into the infrastructure supporting those workloads. Resources created outside standard workflows, unmanaged environments, and infrastructure drift create governance, security, and operational challenges that become increasingly difficult to control at scale. The challenge is no longer simply adopting infrastructure as code (IaC). It is continuously discovering, governing, and bringing Azure infrastructure back into alignment as cloud and AI environments evolve. The hidden drift: How unmanaged infrastructure emerges Infrastructure drift rarely happens because teams ignore best practices. It happens because real-world operations rarely follow clean architectural plans. A developer provisions a resource directly in the Azure portal to test an idea. A proof-of-concept AI application is deployed quickly and later promoted into production. A late-night incident leads to a manual fix that never gets codified. A newly acquired team brings Azure subscriptions that were never managed with Terraform. Each decision is reasonable in isolation, and none of them stem from malice, but collectively, they create a growing layer of shadow infrastructure that exists outside Terraform. Over time, organizations find themselves operating in two parallel worlds: one that is version-controlled and governed, and another that is opaque, manually managed, and difficult to reason with. Why AI makes drift worse AI workloads introduce a new layer of infrastructure complexity at a rapid pace. As AI adoption accelerates, infrastructure surface area and churn increases. Without a consistent operating model, organizations can lose visibility into what exists, who created it, and whether it complies with organizational standards. Discover AI and cloud infrastruc Vendors: Microsoft. DORA relevance: high.

Por qué importa

Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

Acción recomendada

Notify owners for Microsoft technology stacks.

Vendors:MicrosoftCISO · Cloud Security · SecOps
Publicado
30 jun 2026, 16:00
Actualizado
30 jun 2026, 18:01
Detectado
30 jun 2026, 18:01
Fuente
HashiCorp Blog Security
Referencia técnica
Original advisory
HashiCorp Blog Security
Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
hace 9 horas
Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

Microsoft adds smarter bot protection to Teams meetings

Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. [...] Vendors: Microsoft, Google. DORA relevance: medium.

Por qué importa

Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

Acción recomendada

Notify owners for Microsoft, Google technology stacks.

Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
Publicado
30 jun 2026, 10:52
Actualizado
30 jun 2026, 18:01
Detectado
30 jun 2026, 18:01
Fuente
BleepingComputer
Referencia técnica
Original advisory
BleepingComputer
Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
hace 9 horas
Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

Lessons from the Underground: How to Combat Business Email Compromise

Business Email Compromise is more than an email scam. It's a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums reveal how BEC attacks are planned and executed. [...] Vendors: Microsoft, Google. DORA relevance: high.

Por qué importa

Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

Acción recomendada

Notify owners for Microsoft, Google technology stacks.

Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
Publicado
30 jun 2026, 14:00
Actualizado
30 jun 2026, 18:01
Detectado
30 jun 2026, 18:01
Fuente
BleepingComputer
Referencia técnica
Original advisory
BleepingComputer
Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
hace 9 horas
Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

Fake Perplexity extension on Chrome Web Store tracked searches

A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. [...] Vendors: Microsoft, Google.

Por qué importa

Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

Acción recomendada

Notify owners for Microsoft, Google technology stacks.

Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
Publicado
30 jun 2026, 15:46
Actualizado
30 jun 2026, 18:01
Detectado
30 jun 2026, 18:01
Fuente
BleepingComputer
Referencia técnica
Original advisory
BleepingComputer
Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
hace 9 horas