Cyber Morning Call

Referências do Episódio/bin/live: Rafael Silva, Luiz Eduardo, Willian Caprino e Nelson Murilo - HackingRemote Code Execution via Expression InjectionCritical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of InstancesDecember 22 Advisory: Critical n8n Vulnerability Allows Remote Code Execution [CVE-2025-68613]From ClickFix to code signed: the quiet shift of MacSync Stealer malwareFrom cheats to exploits: Webrat spreading via GitHubEntrarei de férias. Volto no dia 19 de janeiro.Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioNPM Package With 56K Downloads Caught Stealing WhatsApp Messages작전명 아르테미스: HWP 기반 DLL 사이드 로딩 공격 분석Zscaler Threat Hunting Catches Evasive SideWinder APT CampaignTracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio​HPESBGN04985 rev.2 - Hewlett Packard Enterprise OneView Software, Remote Code Execution​CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView​Acronis TRU Alliance {Hunt.io}: Hunting DPRK threats - New Global Lazarus & Kimsuky campaigns​LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and JapanRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioSonicWall SMA1000 appliance local privilege escalation vulnerabilityCVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day ExploitedSonicWall warns of actively exploited flaw in SMA 100 AMCUAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web ManagerCISA Adds Three Known Exploited Vulnerabilities to CatalogOperation ForumTroll continues: Russian political scientists targeted using plagiarism reportsGachiLoader: Defeating Node.js Malware with API TracingRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio史上最疯：独家揭秘感染全球180万Android设备的巨型僵尸网络KimwolfInside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive OperationEtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox UsersRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground ForumsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the WildMultiple Threat Actors Exploit React2Shell (CVE-2025-55182)Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioHunting for Mythic in network trafficHamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware SuiteSHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like TacticsGogs 0-Day Exploited in the WildHow to find Gogs installations on your network - Latest Gogs vulnerability: CVE-2025-8110CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The WildConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grantsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio *Stable Channel Update for Desktop - Wednesday, December 10, 2025 - https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html *Google fixes eighth Chrome zero-day exploited in attacks in 2025 - https://www.bleepingcomputer.com/news/security/google-fixes-eighth-chrome-zero-day-exploited-in-attacks-in-2025/ SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL - https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/ NANOREMOTE, cousin of FINALDRAFT - https://www.elastic.co/security-labs/nanoremote Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits - https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/ Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk - http://flare.io/learn/resources/docker-hub-secrets-exposed/  Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referencias do episodioWebinar Tendencias em Cyber 2026https://www.even3.com.br/tendencias-em-cyber-2026-661705/Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flawshttps://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/Microsofts December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221)https://www.tenable.com/blog/microsofts-december-2025-patch-tuesday-addresses-56-cves-cve-2025-62221Microsoft and Adobe Patch Tuesday, December 2025 – Security Update Reviewhttps://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-reviewFortinet warns of critical FortiCloud SSO login auth bypass flawshttps://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/Multiple Fortinet Products FortiCloud SSO Login Authentication Bypasshttps://www.fortiguard.com/psirt/FG-IR-25-647Security Advisory EPM December 2025 for EPM 2024https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)https://www.rapid7.com/blog/post/cve-2025-10573-ivanti-epm-unauthenticated-stored-cross-site-scripting-fixed/PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shellEtherRAT: DPRK uses novel Ethereum implant in React2Shell attackshttps://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacksChina-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/CVE-2025-55182: React2Shell Critical Vulnerability — what it is and what to dohttps://www.dynatrace.com/news/blog/cve-2025-55182-react2shell-critical-vulnerability-what-it-is-and-what-to-do/Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026The VS Code Malware That Captures Your Screen | Koi BlogGrayBravo’s CastleLoader Activity Clusters Target Multiple IndustriesRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026AI-Automated Threat Hunting Brings GhostPenguin Out of the ShadowsMaximum-severity XXE vulnerability discovered in Apache TikaChina-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So FarCritical React2Shell Flaw Added to CISA KEV After Confirmed Active ExploitationInside Shanya, a packer-as-a-service fueling modern attacksRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioCritical Security Vulnerability in React Server ComponentsReact2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server ComponentsCVE-2025-55182: Frequently Asked Questions About React2Shell: React Server Components Remote Code Execution VulnerabilityBRICKSTORM BackdoorActive Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an OptionArray Networks Array AGシリーズにおけるコマンドインジェクションの脆弱性に関する注意喚起 Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits ContinueIntellexa’s Global Corporate WebFrench NGO Reporters Without Borders targeted by Calisto in recent campaignMalicious Rust Crate evm-units Serves Cross-Platform Payloads for Silent ExecutionRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026New eBPF Filters for Symbiote and BPFdoor MalwareTechnical Analysis of Matanbuchus 3.0Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into GoldminesValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loadingMuddyWater: Snakes by the riverbankRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioImperioShell e PolyjuiceCookie: Backdoor e cookie stealer miram empresas no BrasilUnraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsAppDo Coyote ao Astaroth: o abuso do WhatsApp se consolida como método de infecção do cibercrime brasileiroVídeo sobre os recentes ataques via WhatsApp Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign | Koi BlogGoogle Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the WildRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioTwo Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security ScannersCISA Adds One Known Exploited Vulnerability to Catalog[REPORT] Falhas de segurança em versões do ScadaBRAPT36 Python Based ELF Malware Targeting Indian Government EntitiesThor vs. Silver Fox – Uncovering and Defeating a Sophisticated ValleyRat CampaignRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioDragons in Thunder3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID LogsOpenAI data may have been exposed after a cyberattack on analytics firm MixpanelRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioShadowV2 Casts a Shadow Over IoT Devices | FortiGuard LabStop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)ASUS warns of new critical auth bypass flaw in AiCloud routersCVE-2025-59366Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioZscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group AttackFlexibleFerret malware continues to strikeRussian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting UkraineRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia