CyberComplianceAI
InicioNoticiasIntel Center
Marketplace
CyberForoPrecios
AccederPro
The Pulse · Live Intelligence Feed

Intel Center

Una señal es cualquier evento operacional detectado en las últimas 24h–30d: CVEs en KEV explotados activamente, advisories de vendor, exposición cloud, ransomware y avisos regulatorios. Cada señal se prioriza por severidad, freshness y match con tu Digital Twin.

Para análisis editorial y noticias generales visita Noticias.

Consola en vivo · last 7d
Señales (ventana)817
Última detecciónhace 12 h
Monitorizado porintelligence scouter
528signals
Acción Requerida
16signals
Explotados & KEV
60signals
Vulns Críticas
2signals
Advisories de Vendor
También en el Intel CenterCloud & Identity155Monitor59

Intel Center Basic

Vista resumida de señales operativas

Discover muestra una cola corta de señales recientes para exploración. Los planes Pro desbloquean el catálogo KEV completo, más histórico, contexto por Digital Twin y priorización ampliada.

Ver planes ProCrear cuenta
Ventana24h7d30d7d / 30d solo en ProSeveridadCríticaAltaLimpiar filtros

Priority Command Strip

What your team should look at right now

6 señales críticas
  1. Action RequiredImmediate12h

    BlueHammer Vulnerability Exploited in Ransomware Attacks

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    SecurityWeek · MicrosoftReview signal
  2. Action RequiredImmediate
All817Action Required528Exploited & KEV16Critical Vulns60Vendor Advisories2Cloud & Identity155Monitor59

Discover muestra 8 señales operativas recientes. Sube a Consultant Pro o Professional Pro para abrir el feed completo, histórico ampliado y el catálogo KEV.

Exploited & KEVALTAAltoEXPLOITEDNIS2CRAGDPRInteligencia operacional

Blackfield ransomware asks Nidec Corporation for $2 million ransom

Filtered for operational relevance. Powered by a curated catalog of vulnerability, CERT, vendor and threat-intelligence sources.View methodology →

CyberCompliance Pro

¿Quieres esto priorizado para tu rol cada mañana?

El Morning Brief Pro filtra estas señales por tu rol (CISO, SecOps, risk), sector y framework prioritario, y las convierte en acciones recomendadas listas a las 7:00.

Probar Morning Brief Pro →Ver precio

¿Aún no quieres Pro? Recibe el resumen de cumplimiento gratis cada semana.

15h

Aikido Security acquires Root to expand backported fixes for open source vulnerabilities

Explotación activa confirmada. Riesgo material para entornos expuestos.

Help Net Security · Microsoft · AWSReview signal
  • Action RequiredImmediate17h

    Critical SimpleHelp Vulnerability Exploited for Malware Delivery

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    SecurityWeek · MicrosoftReview signal
  • Action RequiredImmediate17h

    Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    SecurityWeek · MicrosoftReview signal
  • Action RequiredImmediate17h

    CISA: Windows BlueHammer flaw now exploited by ransomware gangs

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    BleepingComputer · MicrosoftReview signal
  • Action RequiredImmediate18h

    SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

    Explotación activa confirmada. Riesgo material para entornos expuestos.

    Help Net Security · Microsoft · GoogleReview signal
  • The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. [...] Vendors: Microsoft. DORA relevance: high.

    Por qué importa

    Explotación reportada sobre Microsoft. Verificar exposición real en el inventario.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Vulnerability Management · SecOps · IT Ops
    Publicado
    30 jun 2026, 09:41
    Actualizado
    30 jun 2026, 13:01
    Detectado
    30 jun 2026, 13:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 86/100published <24h (+40) · active exploitation/KEV/ransomware signal (+50) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <24h (+5 cap)
    hace 17 horas
    Exploited & KEVALTAAltoEXPLOITEDAI ACTNIS2GDPRInteligencia operacional

    Be on the lookout for Mistic, a new backdoor used by ransomware broker

    Researchers have identified a new backdoor program that has been used in enterprise intrusions since April and appears to be linked to an initial access broker that sells network footholds to ransomware gangs. Dubbed Mistic by researchers from Symantec, the malware program has been deployed on networks belonging to organizations from multiple sectors, including insurance, education, IT, and professional services. In some cases it has been used alongside ModeloRAT, a piece of malware written in Python that’s associated with threat actor Woodgnat, also known as KongTuke. “Woodgnat reportedly functions primarily as an IAB [initial access broker],” the Symantec researchers said in their report. “Its goal is not to deliver the final payload, but to establish highly durable remote access within an enterprise and sell this high-level access to ransomware affiliates and other attackers for a fee. The Symantec Threat Hunter Team has observed ModeloRAT being used in attacks delivering the Qilin ransomware.” Woodgnat has been operating since at least May 2024 and has served multiple ransomware gangs over the past two years, including Interlock, Rhysida, Akira, 8Base, and Black Basta. Its attacks are largely opportunistic by routing web visitors through a variety of ClickFix social engineering campaigns. A backdoor with credential stealing capabilities The Mistic backdoor is launched through a technique called DLL sideloading, where a legitimate executable belonging to another program is executed first and searches for a DLL of a particular name to load into memory. This is a very popular technique for avoiding detection, as many legitimate programs perform dynamic DLL searches across multiple folders and are vulnerable to DLL poisoning. Ironically in this case the attackers deliver and execute a file called MpExtMs.exe, which is digitally signed and belongs to Microsoft Defender. This file searches for a DLL called version.dll, which in turn searchers for and loads another one Vendors: Microsoft, Cisco, Google. DORA relevance: high.

    Por qué importa

    Explotación reportada sobre Microsoft / Cisco. Verificar exposición real en el inventario.

    Acción recomendada

    Notify owners for Microsoft, Cisco, Google technology stacks.

    Vendors:MicrosoftCiscoGoogleCISO · Vulnerability Management · SecOps · IT Ops
    Publicado
    24 jun 2026, 22:20
    Actualizado
    29 jun 2026, 21:00
    Detectado
    29 jun 2026, 21:00
    Fuente
    CSO Online
    Referencia técnica
    Original advisory
    CSO Online
    Prioridad · 75/100published <7d (+25) · active exploitation/KEV/ransomware signal (+50) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <7d (+3 cap)
    hace 1 día
    Exploited & KEVALTAAltoEXPLOITEDAI ACTNIS2GDPRInteligencia operacional

    What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan

    I work as a principal specialist at a pipeline operator where Operational Technology (OT) is the backbone of the business. I do not report to the board or act as a CISO, but the issues that get raised to those levels affect my job every single day. Since the Colonial pipeline ransomware incident in 2021, it has become apparent that our industry has started posing different tones of “Are we zero trust yet?” I frequently witness its intense significance through auditing requests, TSA security directives and conversations around some control project’s goals. One experience the zero trust role has changed is that it often feels misaligned with OT heavy environments. The NIST’s Zero Trust Architecture (SP 800‑207) model works for all, but is originally written as though for an IT network, not terminals, compressor stations and control rooms where equipment must run 24/7, perhaps more aged than the technology present within the organization. CISA’s guidance on adapting zero trust principles to operational technology helps close that gap, but applying it means satisfying the OT teams and company leadership at the same time. The zero trust question I hear behind the scenes I am pretty sure we all know it comes as a jolt of reality after something really major has happened, rather than a bullet point on a slide deck. You have pipeline. The whole distribution stops for six days. In Washington, DC, US congressional hearings are underway, and legislation is coming. TSA Directive 2021-02C requires pipeline operators to attest to several things, like network segmentation and zero-trust architectures. NERC CIP-013 exists on a similar tack, more around supply chain security. In our case, the decision on how to select and manage a vendor partner and control their remote access is driven by regulatory compliance and governance frameworks. So, you have all those things that happen externally and force change. They say, “Are you zero trust? Yes or no?” We always get “yes.” They know it Vendors: Microsoft. DORA relevance: high.

    Por qué importa

    Explotación reportada sobre Microsoft. Verificar exposición real en el inventario.

    Acción recomendada

    Notify owners for Microsoft technology stacks.

    Vendors:MicrosoftCISO · Vulnerability Management · SecOps · IT Ops
    Publicado
    26 jun 2026, 10:00
    Actualizado
    29 jun 2026, 21:00
    Detectado
    29 jun 2026, 21:00
    Fuente
    CSO Online
    Referencia técnica
    Original advisory
    CSO Online
    Prioridad · 75/100published <7d (+25) · active exploitation/KEV/ransomware signal (+50) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <7d (+3 cap)
    hace 1 día
    Exploited & KEVALTAAltoEXPLOITEDNIS2CRAGDPRInteligencia operacional

    The Gentlemen are knocking: сustom backdoors and evolving tactics

    Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant. Vendors: Microsoft, Google. DORA relevance: medium.

    Por qué importa

    Explotación reportada sobre Microsoft / Google. Verificar exposición real en el inventario.

    Acción recomendada

    Notify owners for Microsoft, Google technology stacks.

    Vendors:MicrosoftGoogleCISO · Vulnerability Management · SecOps · IT Ops
    Publicado
    29 jun 2026, 10:00
    Actualizado
    29 jun 2026, 13:00
    Detectado
    29 jun 2026, 13:00
    Fuente
    Kaspersky Securelist
    Referencia técnica
    Original advisory
    Kaspersky Securelist
    Prioridad · 75/100published <7d (+25) · active exploitation/KEV/ransomware signal (+50) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <7d (+3 cap)
    hace 2 días
    Exploited & KEVALTAAltoEXPLOITEDNIS2CRAInteligencia operacional

    Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

    Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks. DORA relevance: medium.

    Por qué importa

    CVE con evidencia de explotación. Revisar exposición del perímetro.

    Acción recomendada

    Review source, confirm applicability, and monitor for follow-up guidance.

    CISO · Vulnerability Management · SecOps · IT Ops
    Publicado
    27 jun 2026, 11:48
    Actualizado
    27 jun 2026, 19:01
    Detectado
    27 jun 2026, 19:01
    Fuente
    Dark Reading
    Referencia técnica
    Original advisory
    Dark Reading
    Prioridad · 75/100published <7d (+25) · active exploitation/KEV/ransomware signal (+50) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <7d (+3 cap)
    hace 3 días
    Exploited & KEVALTAAltoEXPLOITEDNIS2CRAInteligencia operacional

    Europe Evolves Into Ransomware's Favorite Region

    After a global lull, ransomware gangs are setting sights on a rich new arena: attacking EU organizations and their suppliers. DORA relevance: medium.

    Por qué importa

    CVE con evidencia de explotación. Revisar exposición del perímetro.

    Acción recomendada

    Review source, confirm applicability, and monitor for follow-up guidance.

    CISO · Vulnerability Management · SecOps · IT Ops
    Publicado
    25 jun 2026, 10:00
    Actualizado
    25 jun 2026, 13:01
    Detectado
    25 jun 2026, 13:01
    Fuente
    Dark Reading
    Referencia técnica
    Original advisory
    Dark Reading
    Prioridad · 75/100published <7d (+25) · active exploitation/KEV/ransomware signal (+50) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <7d (+3 cap)
    hace 6 días
    Exploited & KEVALTAAltoEXPLOITEDNIS2CRAGDPRInteligencia operacional

    Malicious Edge extension abuses Native Messaging as bridge to malware

    A malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...] Vendors: Microsoft, Cisco, Google, Fortinet. DORA relevance: medium.

    Por qué importa

    Explotación reportada sobre Microsoft / Cisco. Verificar exposición real en el inventario.

    Acción recomendada

    Notify owners for Microsoft, Cisco, Google, Fortinet technology stacks.

    Vendors:MicrosoftCiscoGoogleFortinetCISO · Vulnerability Management · SecOps · IT Ops
    Publicado
    24 jun 2026, 20:58
    Actualizado
    24 jun 2026, 23:01
    Detectado
    24 jun 2026, 23:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 75/100published <7d (+25) · active exploitation/KEV/ransomware signal (+50) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <7d (+3 cap)
    hace 6 días
    Exploited & KEVALTAAltoEXPLOITEDNIS2CRAGDPRInteligencia operacional

    Amadey, StealC malware operations disrupted in Operation Endgame action

    Microsoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs. [...] Vendors: Microsoft, Fortinet. DORA relevance: medium.

    Por qué importa

    Explotación reportada sobre Microsoft / Fortinet. Verificar exposición real en el inventario.

    Acción recomendada

    Notify owners for Microsoft, Fortinet technology stacks.

    Vendors:MicrosoftFortinetCISO · Vulnerability Management · SecOps · IT Ops
    Publicado
    24 jun 2026, 14:35
    Actualizado
    24 jun 2026, 18:01
    Detectado
    24 jun 2026, 18:01
    Fuente
    BleepingComputer
    Referencia técnica
    Original advisory
    BleepingComputer
    Prioridad · 75/100published <7d (+25) · active exploitation/KEV/ransomware signal (+50) · high severity (+15) · regulatory relevance (+15) · source authority (+2) · updated <7d (+3 cap)
    hace 7 días