CyberComplianceAI
InicioNoticiasIntel Center
Marketplace
CyberForoPrecios
AccederPro
The Pulse · Live Intelligence Feed

Intel Center

Una señal es cualquier evento operacional detectado en las últimas 24h–30d: CVEs en KEV explotados activamente, advisories de vendor, exposición cloud, ransomware y avisos regulatorios. Cada señal se prioriza por severidad, freshness y match con tu Digital Twin.

Para análisis editorial y noticias generales visita Noticias.

Consola en vivo · last 7d
Señales (ventana)247
Última detecciónhace 16 h
Monitorizado porintelligence scouter
Acción Requerida

Sin señales activamente explotadas ni parches de emergencia.

16signals
Explotados & KEV
48signals
Vulns Críticas
2signals
Advisories de Vendor
También en el Intel CenterCloud & Identity149Monitor35

Intel Center Basic

Vista resumida de señales operativas

Discover muestra una cola corta de señales recientes para exploración. Los planes Pro desbloquean el catálogo KEV completo, más histórico, contexto por Digital Twin y priorización ampliada.

Ver planes ProCrear cuenta
Ventana24h7d30d7d / 30d solo en ProSeveridadCríticaAltaLimpiar filtros

Priority Command Strip

What your team should look at right now

6 señales críticas
  1. Exploited & KEVHigh16h

    Blackfield ransomware asks Nidec Corporation for $2 million ransom

    Explotación reportada sobre Microsoft. Verificar exposición real en el inventario.

    BleepingComputer · MicrosoftReview signal
  2. Exploited & KEV
All247Action Required0Exploited & KEV16Critical Vulns48Vendor Advisories2Cloud & Identity149Monitor35

Discover muestra 8 señales operativas recientes. Sube a Consultant Pro o Professional Pro para abrir el feed completo, histórico ampliado y el catálogo KEV.

Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

Frangoteam FUXA SCADA/HMI

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) CVSS Vendor Equipment Vulnerabilities v3 7.5 Frangoteam Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-13207 FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials. View CVE Details Affected Products Frangoteam FUXA SCADA/HMI Vendor: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1.3.1 Product Status: known_affected Remediations Mitigation Frangoteam recommends users apply the latest version of FUXA 1.3.2 or later https://github.com/frangoteam/FUXA/releases. https://github.com/frangoteam/FUXA/releases Relevant CWE: CWE-290 Authentication Bypass by Spoofing Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Joshua Hayes of Cited Relevance LLC reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/priva CVEs: CVE-2026-13207. Vendors: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1. DORA relevance: medium.

Filtered for operational relevance. Powered by a curated catalog of vulnerability, CERT, vendor and threat-intelligence sources.View methodology →

CyberCompliance Pro

¿Quieres esto priorizado para tu rol cada mañana?

El Morning Brief Pro filtra estas señales por tu rol (CISO, SecOps, risk), sector y framework prioritario, y las convierte en acciones recomendadas listas a las 7:00.

Probar Morning Brief Pro →Ver precio

¿Aún no quieres Pro? Recibe el resumen de cumplimiento gratis cada semana.

High
1d

Be on the lookout for Mistic, a new backdoor used by ransomware broker

Explotación reportada sobre Microsoft / Cisco. Verificar exposición real en el inventario.

CSO Online · Microsoft · CiscoReview signal
  • Exploited & KEVHigh1d

    What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan

    Explotación reportada sobre Microsoft. Verificar exposición real en el inventario.

    CSO Online · MicrosoftReview signal
  • Exploited & KEVHigh2d

    The Gentlemen are knocking: сustom backdoors and evolving tactics

    Explotación reportada sobre Microsoft / Google. Verificar exposición real en el inventario.

    Kaspersky Securelist · Microsoft · GoogleReview signal
  • Exploited & KEVHigh3d

    Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

    CVE con evidencia de explotación. Revisar exposición del perímetro.

    Dark Reading Review signal
  • Exploited & KEVHigh6d

    Europe Evolves Into Ransomware's Favorite Region

    CVE con evidencia de explotación. Revisar exposición del perímetro.

    Dark Reading Review signal
  • Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Check exposure to CVE-2026-13207 in asset inventory and vulnerability tooling.

    Vendors:Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1CISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 12:00
    Actualizado
    30 jun 2026, 17:00
    Detectado
    30 jun 2026, 17:00
    Fuente
    CISA All Alerts
    Referencia técnica
    NVD · CVE-2026-13207
    CISA All Alerts
    Prioridad · 59/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · CISA All Alerts authority (+12) · updated <24h (+5 cap)
    hace 12 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAInteligencia operacional

    Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

    Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector appeared first on Unit 42. Vendors: Palo Alto Networks. DORA relevance: high.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Palo Alto Networks technology stacks.

    Vendors:Palo Alto NetworksCISO · Cloud Security · SecOps
    Publicado
    01 jul 2026, 01:00
    Actualizado
    01 jul 2026, 04:00
    Detectado
    01 jul 2026, 04:00
    Fuente
    Palo Alto Unit 42
    Referencia técnica
    Original advisory
    Palo Alto Unit 42
    Prioridad · 55/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · Palo Alto Unit 42 authority (+6) · updated <24h (+5 cap)
    hace 1 hora
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

    Anthropic is now rolling out Sonnet 5, and it's almost as good as the Opus range, but it is designed to be cheaper than the company's flagship model. [...] Vendors: Microsoft.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 23:13
    Actualizado
    01 jul 2026, 04:01
    Detectado
    01 jul 2026, 04:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 1 hora
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    Anthropic to restore Claude Fable access on Wednesday

    Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude's two most powerful models, Fable 5 and Mythos 5. [...] Vendors: Microsoft. DORA relevance: high.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Cloud Security · SecOps
    Publicado
    01 jul 2026, 00:35
    Actualizado
    01 jul 2026, 04:01
    Detectado
    01 jul 2026, 04:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 1 hora
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

    Malicious PyPI packages give hackers control of Telegram bot servers

    A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. [...] Vendors: Microsoft. DORA relevance: medium.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 21:02
    Actualizado
    30 jun 2026, 23:01
    Detectado
    30 jun 2026, 23:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 6 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    New BioShocking attack manipulates AI browser into data theft

    A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...] Vendors: Microsoft, Google.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft, Google technology stacks.

    Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 21:50
    Actualizado
    30 jun 2026, 23:01
    Detectado
    30 jun 2026, 23:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 6 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    CIA chief highlights major shifts in agency’s tech approach

    CIA Director John Ratcliffe said artificial intelligence capabilities are "akin to digital nuclear weapons.” Vendors: AWS. DORA relevance: medium.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for AWS technology stacks.

    Vendors:AWSCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 19:05
    Actualizado
    30 jun 2026, 23:01
    Detectado
    30 jun 2026, 23:01
    Fuente
    The Record by Recorded Future
    Referencia técnica
    Original advisory
    The Record by Recorded Future
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 6 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRADORAInteligencia operacional

    Discover, govern, and scale Azure infrastructure in the AI era

    Organizations are rapidly building AI applications, deploying AI agents, and scaling Azure environments faster than ever before. As AI initiatives accelerate and the volume of code expands, many organizations discover they have lost visibility into the infrastructure supporting those workloads. Resources created outside standard workflows, unmanaged environments, and infrastructure drift create governance, security, and operational challenges that become increasingly difficult to control at scale. The challenge is no longer simply adopting infrastructure as code (IaC). It is continuously discovering, governing, and bringing Azure infrastructure back into alignment as cloud and AI environments evolve. The hidden drift: How unmanaged infrastructure emerges Infrastructure drift rarely happens because teams ignore best practices. It happens because real-world operations rarely follow clean architectural plans. A developer provisions a resource directly in the Azure portal to test an idea. A proof-of-concept AI application is deployed quickly and later promoted into production. A late-night incident leads to a manual fix that never gets codified. A newly acquired team brings Azure subscriptions that were never managed with Terraform. Each decision is reasonable in isolation, and none of them stem from malice, but collectively, they create a growing layer of shadow infrastructure that exists outside Terraform. Over time, organizations find themselves operating in two parallel worlds: one that is version-controlled and governed, and another that is opaque, manually managed, and difficult to reason with. Why AI makes drift worse AI workloads introduce a new layer of infrastructure complexity at a rapid pace. As AI adoption accelerates, infrastructure surface area and churn increases. Without a consistent operating model, organizations can lose visibility into what exists, who created it, and whether it complies with organizational standards. Discover AI and cloud infrastruc Vendors: Microsoft. DORA relevance: high.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 16:00
    Actualizado
    30 jun 2026, 18:01
    Detectado
    30 jun 2026, 18:01
    Fuente
    HashiCorp Blog Security
    Referencia técnica
    Original advisory
    HashiCorp Blog Security
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 11 horas