CyberComplianceAI
InicioNoticiasIntel Center
Marketplace
CyberForoPrecios
AccederPro
The Pulse · Live Intelligence Feed

Intel Center

Una señal es cualquier evento operacional detectado en las últimas 24h–30d: CVEs en KEV explotados activamente, advisories de vendor, exposición cloud, ransomware y avisos regulatorios. Cada señal se prioriza por severidad, freshness y match con tu Digital Twin.

Para análisis editorial y noticias generales visita Noticias.

Consola en vivo · last 7d
Señales (ventana)817
Última detecciónhace 12 h
Monitorizado porintelligence scouter
528signals
Acción Requerida
16signals
Explotados & KEV
60signals
Vulns Críticas
2signals
Advisories de Vendor
También en el Intel CenterCloud & Identity155Monitor59

Intel Center Basic

Vista resumida de señales operativas

Discover muestra una cola corta de señales recientes para exploración. Los planes Pro desbloquean el catálogo KEV completo, más histórico, contexto por Digital Twin y priorización ampliada.

Ver planes ProCrear cuenta
Ventana24h7d30d7d / 30d solo en ProSeveridadCríticaAltaLimpiar filtros

Priority Command Strip

What your team should look at right now

6 señales críticas
  1. Action RequiredImmediate12h

    BlueHammer Vulnerability Exploited in Ransomware Attacks

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    SecurityWeek · MicrosoftReview signal
  2. Action RequiredImmediate
All817Action Required528Exploited & KEV16Critical Vulns60Vendor Advisories2Cloud & Identity155Monitor59

Discover muestra 8 señales operativas recientes. Sube a Consultant Pro o Professional Pro para abrir el feed completo, histórico ampliado y el catálogo KEV.

Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

Frangoteam FUXA SCADA/HMI

View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI <=1.3.1 (CVE-2026-13207) CVSS Vendor Equipment Vulnerabilities v3 7.5 Frangoteam Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-13207 FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials. View CVE Details Affected Products Frangoteam FUXA SCADA/HMI Vendor: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1.3.1 Product Status: known_affected Remediations Mitigation Frangoteam recommends users apply the latest version of FUXA 1.3.2 or later https://github.com/frangoteam/FUXA/releases. https://github.com/frangoteam/FUXA/releases Relevant CWE: CWE-290 Authentication Bypass by Spoofing Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Joshua Hayes of Cited Relevance LLC reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/priva CVEs: CVE-2026-13207. Vendors: Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1. DORA relevance: medium.

Filtered for operational relevance. Powered by a curated catalog of vulnerability, CERT, vendor and threat-intelligence sources.View methodology →

CyberCompliance Pro

¿Quieres esto priorizado para tu rol cada mañana?

El Morning Brief Pro filtra estas señales por tu rol (CISO, SecOps, risk), sector y framework prioritario, y las convierte en acciones recomendadas listas a las 7:00.

Probar Morning Brief Pro →Ver precio

¿Aún no quieres Pro? Recibe el resumen de cumplimiento gratis cada semana.

15h

Aikido Security acquires Root to expand backported fixes for open source vulnerabilities

Explotación activa confirmada. Riesgo material para entornos expuestos.

Help Net Security · Microsoft · AWSReview signal
  • Action RequiredImmediate17h

    Critical SimpleHelp Vulnerability Exploited for Malware Delivery

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    SecurityWeek · MicrosoftReview signal
  • Action RequiredImmediate17h

    Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    SecurityWeek · MicrosoftReview signal
  • Action RequiredImmediate17h

    CISA: Windows BlueHammer flaw now exploited by ransomware gangs

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    BleepingComputer · MicrosoftReview signal
  • Action RequiredImmediate18h

    SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    Help Net Security · Microsoft · GoogleReview signal
  • Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Check exposure to CVE-2026-13207 in asset inventory and vulnerability tooling.

    Vendors:Frangoteam Product Version: Frangoteam FUXA SCADA/HMI: <=1CISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 12:00
    Actualizado
    30 jun 2026, 17:00
    Detectado
    30 jun 2026, 17:00
    Fuente
    CISA All Alerts
    Referencia técnica
    NVD · CVE-2026-13207
    CISA All Alerts
    Prioridad · 59/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · CISA All Alerts authority (+12) · updated <24h (+5 cap)
    hace 13 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAInteligencia operacional

    Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

    Attackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector appeared first on Unit 42. Vendors: Palo Alto Networks. DORA relevance: high.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Palo Alto Networks technology stacks.

    Vendors:Palo Alto NetworksCISO · Cloud Security · SecOps
    Publicado
    01 jul 2026, 01:00
    Actualizado
    01 jul 2026, 04:00
    Detectado
    01 jul 2026, 04:00
    Fuente
    Palo Alto Unit 42
    Referencia técnica
    Original advisory
    Palo Alto Unit 42
    Prioridad · 55/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · Palo Alto Unit 42 authority (+6) · updated <24h (+5 cap)
    hace 2 horas
    Cloud & IdentityMEDIAAltoNEWAI ACTNIS2GDPRInteligencia operacional

    Microsoft wants to stop unwanted bots from entering Teams meetings

    A new Microsoft Teams admin policy, Manage external bots and their access to meetings, gives organizations greater visibility and control over external bots in meetings. The policy identifies bots and applies safeguards before they are admitted. Microsoft will begin retiring the existing Require verification by participants (CAPTCHA) meeting policy. Admitting a bot should be a deliberate decision (Source: Microsoft) Admin controls for external bots Admins can assign the policy in the Teams Admin Center to … More → The post Microsoft wants to stop unwanted bots from entering Teams meetings appeared first on Help Net Security. CVEs: CVE-2026-46817, CVE-2026-48558. Vendors: Microsoft, AWS. DORA relevance: high.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Check exposure to CVE-2026-46817, CVE-2026-48558 in asset inventory and vulnerability tooling.

    Vendors:MicrosoftAWSCISO · Cloud Security · SecOps
    Publicado
    01 jul 2026, 04:30
    Actualizado
    01 jul 2026, 06:01
    Detectado
    01 jul 2026, 06:01
    Fuente
    Help Net Security
    Referencia técnica
    NVD · CVE-2026-46817
    Help Net Security
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 23 min
    Cloud & IdentityMEDIAAltoNEWAI ACTNIS2GDPRInteligencia operacional

    This supercomputer encrypts your data even while it’s running it

    Most people who handle sensitive data already encrypt it in two places. They lock it down when it sits on a hard drive, and they lock it down when it moves across a network. There has always been a third moment that stayed open. The instant a computer pulls that data into memory to work on it, the protection drops away. For a few seconds or a few hours, the information sits in the open, … More → The post This supercomputer encrypts your data even while it’s running it appeared first on Help Net Security. CVEs: CVE-2026-46817, CVE-2026-48558. Vendors: Microsoft, Cisco, AWS. DORA relevance: high.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Check exposure to CVE-2026-46817, CVE-2026-48558 in asset inventory and vulnerability tooling.

    Vendors:MicrosoftCiscoAWSCISO · Cloud Security · SecOps
    Publicado
    01 jul 2026, 05:30
    Actualizado
    01 jul 2026, 06:00
    Detectado
    01 jul 2026, 06:00
    Fuente
    Help Net Security
    Referencia técnica
    NVD · CVE-2026-46817
    Help Net Security
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 23 min
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price

    Anthropic is now rolling out Sonnet 5, and it's almost as good as the Opus range, but it is designed to be cheaper than the company's flagship model. [...] Vendors: Microsoft.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 23:13
    Actualizado
    01 jul 2026, 04:01
    Detectado
    01 jul 2026, 04:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 2 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    Anthropic to restore Claude Fable access on Wednesday

    Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude's two most powerful models, Fable 5 and Mythos 5. [...] Vendors: Microsoft. DORA relevance: high.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Cloud Security · SecOps
    Publicado
    01 jul 2026, 00:35
    Actualizado
    01 jul 2026, 04:01
    Detectado
    01 jul 2026, 04:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 2 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRInteligencia operacional

    Malicious PyPI packages give hackers control of Telegram bot servers

    A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. [...] Vendors: Microsoft. DORA relevance: medium.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 21:02
    Actualizado
    30 jun 2026, 23:01
    Detectado
    30 jun 2026, 23:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 7 horas
    Cloud & IdentityMEDIAAltoNEWNIS2CRAGDPRAI ACTInteligencia operacional

    New BioShocking attack manipulates AI browser into data theft

    A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. [...] Vendors: Microsoft, Google.

    Por qué importa

    Postura cloud / identity comprometida o reforzada. Revisar configuración y baseline.

    Acción recomendada

    Notify owners for Microsoft, Google technology stacks.

    Vendors:MicrosoftGoogleCISO · Cloud Security · SecOps
    Publicado
    30 jun 2026, 21:50
    Actualizado
    30 jun 2026, 23:01
    Detectado
    30 jun 2026, 23:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 52/100published <24h (+40) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 7 horas