A culpa é de Sec!

Não somos videntes — apenas compilamos várias informações e usamos nossos agentes de IA para prever o que vai rolar este ano.🔎 Links & Recomendações 💰 Armis adquirida pela ServiceNow por US$ 7,8B https://www.armis.com/blog/armis-to-join-servicenow... 🤝 Palo Alto negocia aquisição da Koi por US$ 400M https://www.calcalistech.com/ctechnews/article/hj48m0vebe 🛡️ CrowdStrike anuncia aquisição da SGNL https://www.crowdstrike.com/.../crowdstrike-to-acquire-sgnl... 🚀 ServiceNow adquire Veza e expande portfólio de Security https://veza.com/.../servicenow-to-expand-security... 🎵 Music by Karl Casey @ White Bat Audio💬 Não esqueça de comentar o que achou, participar das enquetes e avaliar — isso ajuda os nossos agentes e IA a ficarem mais motivados! 🚀📺 Estamos também no YouTube!Por lá temos shorts e cortes com os melhores momentos dos episódios — e, às vezes, o episódio completo aparece por lá também 👀👉 https://www.youtube.com/@ACulpaedeSec

Não bebemos nenhuma dose hoje! Igual fazemos nas mesas de bar, gravamos esse episódio falando sobre os incidentes recentes de segurança, algumas aquisições e, claro, a nossa amiga IA. Logo vamos entrar em freezing por aqui, então dá o play sem culpa!Links & Recomendações 🔗 TCP #110: 2026 CISO Budgets; Cloudflare Outage; AWS re:Invent; and More — cybersecuritypulse.net ⚡ Cloudflare Outage & $3.35B Palo Alto Deal: Lessons from Swiss Insurance’s Multi-Cloud Migration — cloudsecuritynewsletter.com 🌐 Cloudflare outage on November 18, 2025 — blog.cloudflare.com 🎓 MCP Security Fundamentals — apisecuniversity.com 🎵 Music by Karl Casey @ White Bat Audio💬 Não esqueça de comentar o que achou, participar das enquetes e avaliar — isso ajuda os nossos agentes e IA a ficarem mais motivados!

Analisando novas ferramentas e relatórios de mercadoAnalisar novas ferramentas não se resume apenas em quadrantes, ondas ou guias de mercado. Novos analistas de mercado vêm surgindo, ouvindo clientes e escrevendo relatórios com uma abordagem nova. Neste episódio, comentamos sobre o relatório de James Berthoty, o Latio Cloud Security Market Report.🔗 Links & Recomendações 📘 2025 Latio Cloud Security Market Report 👤 James Berthoty 🧠 WIZDOM - Product Launches 2025 📊 2025 Gartner® Magic Quadrant™ for Security Information and Event Management 💰 Ransomware payments hit record low: only 23% Pay in Q3 2025 🐶 Datadog Threat Roundup: Top Insights for Q3 2025🎵 Music by Karl Casey @ White Bat Audio💬 Não esqueça de comentar o que achou, participar das enquetes e avaliar — isso ajuda os nossos agentes e IA a ficarem mais motivados! 🚀

Kubernetes, K8S, Kabernetes, Kuberneris… como você fala não importa! O que importa é pensar em segurança para os seus containers. 🛡️🔗 Links & Recomendações 🔧 Quor 📊 Zora 🤖 Marvin 🎙️ Kubicast 👨‍💻 João Brito 📘 Livro: Container Security (Liz Rice - 2nd Edition) 🧩 Os 12 Fatores🎵 Music by Karl Casey @ White Bat Audio💬 Não esqueça de comentar o que achou, participar das enquetes e avaliar — isso ajuda os nossos agentes e IA a ficarem mais motivados! 🚀

A segurança é complicada ou somos nós que complicamos? 🤔José Luiz fala sobre o tema de um jeito leve e descontraído — então dá o play sem culpa!Afinal, é só apertar um botão… e não é tão complicado assim! 🎧🔗 Links & Recomendações 👉 LinkedIn do Zé 📘 Livro: Descomplicando a Cibersegurança ⚖️ Projeto de Lei n° 2338, de 2023 🏛️ NIST 📰 Airline held liable for its chatbot giving passenger bad advice — what this means for travellers

Links & RecomendaçõesLinkedin da Hive https://www.linkedin.com/company/hive-connect-tech/Site https://www.hiveconnect.tech/Como fazer parte https://lnkd.in/d692xMymGithub https://github.com/socialhiveconnectE-mail hive.connect.main@gmail.comLinkedin da Barbara https://www.linkedin.com/in/barbarawasch/Linkedin do Paulo https://www.linkedin.com/in/paulovaladao/Linkedin da Leticia ⁠⁠https://www.linkedin.com/in/leticiaemerim/⁠⁠

Links & Recomendaçõesnpm debug and chalk packages compromised https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromisedJosh Junon no BlueSky https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2ySaiu o IDC MarketScape for ASPM https://www.wiz.io/blog/wiz-named-aspm-leader-by-idcObservo AI is joining SentinelOne https://www.observo.ai/post/why-observo-and-sentinelone-are-building-the-autonmous-soc-togetherLinux Incident Surface https://tryhackme.com/room/linuxincidentsurfaceNPM dependencies, supply chain attacks, and Bitcoin wallets https://www.blackduck.com/blog/malicious-dependency-supply-chain.htmlPyTorch dependency ‘torchtriton’ on PyPI Supply Chain Attack https://www.sentinelone.com/blog/pytorch-dependency-torchtriton-supply-chain-attack/Aikido Safe Chain https://www.npmjs.com/package/@aikidosec/safe-chainSupply-Chain Firewall https://github.com/DataDog/supply-chain-firewallF5 to acquire CalypsoAI to bring advanced AI guardrails to large enterprises https://www.f5.com/company/news/press-releases/f5-to-acquire-calypsoai-to-bring-advanced-ai-guardrails-to-large-enterprises?utm_medium=owned-social&utm_source=linkedin&utm_campiagn=ww-Fantasma no Sistema - https://www.amazon.com.br/Fantasma-no-sistema-Kevin-Mitnick/dp/8576087057/ Quadrinho XKCD - https://xkcd.com/2347/ 

Não fomos nos eventos mais hackudo do ano, mas nossos estagiários utilizam algoritmos avançados de IA para trazer para nossos milhares de ouvintes o puro suco do que rolou.Links & Recomendações307 Cybersecurity Exhibitors at Black Hat 2025 https://stiennon.substack.com?utm_source=navbar&utm_medium=webBlackHat USA 2025 Slides https://github.com/onhexgroup/Conferences/tree/main/BlackHat_USA_2025_Slides5 Takeaways From Black Hat x DEF CON 2025 https://open.substack.com/pub/cybersecuritymarketpulse/p/5-takeaways-from-black-hat-x-def?r=363u8u&utm_campaign=post&utm_medium=emailBlack Hat 2025: 10 takeaways you should know https://www.linkedin.com/pulse/black-hat-2025-10-takeaways-you-should-know-warren-atkinson-dfhqe/?trackingId=kErwPpqDTfqaP%2FpBdAvyzQ%3D%3DOWASP Top 10 for Large Language Model Applications https://owasp.org/www-project-top-10-for-large-language-model-applications/Gartner Predicts that by 2027, 17% of Total Cyberattacks Will Involve Generative AI https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025Hackers atacam ambiente de Pix do HSBC e roubam pelo menos R$ 400 mi https://www.infomoney.com.br/business/hackers-roubam-pelo-menos-r-400-mi-do-hsbc-em-ataque-que-envolve-sinqia-diz-site/Datadog guide to Hacker Summer Camp 2025 https://securitylabs.datadoghq.com/articles/hacker-summer-camp-guide-2025/#50-talks-were-excited-to-seeState of Security 2025 https://www.splunk.com/en_us/form/state-of-security/thanks.html10 Security Vendors Making Big Moves At Black Hat 2025 https://www.crn.com/news/security/2025/10-security-vendors-making-big-moves-at-black-hat-2025character.ai https://character.ai/ Quadrinho XKCD - ⁠https://xkcd.com/927/⁠

Link & Recomendações The CrowdStrike Outage Was Bad, but It Could Have Been Worse https://www.darkreading.com/vulnerabilities-threats/crowdstrike-outage-was-bad-could-have-been-worsePalo Alto Networks Announces Agreement to Acquire CyberArk, the Identity Security Leader https://www.cyberark.com/press/palo-alto-networks-announces-agreement-to-acquire-cyberark/AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown https://thehackernews.com/2025/08/ai-generated-malicious-npm-package.htmlA New Chapter for AI and Cybersecurity: SentinelOne Acquires Prompt Security https://www.sentinelone.com/blog/a-new-chapter-for-ai-and-cybersecurity-sentinelone-acquires-prompt-securityIntegrated development environment https://survey.stackoverflow.co/2023/#most-popular-technologies-new-collab-toolsDecepticon - Vibe Hacking Agent ⁠https://github.com/PurpleAILAB/Decepticon⁠

Link & Recomendações Linkedin do Filipi Pires https://www.linkedin.com/in/filipipiresMagic Quadrant for Endpoint Protection Platforms https://www.gartner.com/doc/reprints?id=1-2LGE96J2&ct=250715&st=sbLessons Learned From McDonald's Big AI Flub https://www.darkreading.com/application-security/lessons-learned-mcdonalds-ai-flubProteção de credenciais: lições do ataque à C&M https://segura.security/pt-br/post/protecao-de-credenciais-licoes-do-ataque-a-c-mawspx https://github.com/ReversecLabs/awspxIdentiverse  https://identiverse.com/ Let’s Get Real: How to Tell Which Customers You Can Trust - Matthew Badgerow https://youtu.be/Dnwql_XsDZE?feature=sharedIAM Tech Day ⁠https://iamtechday.org/⁠

Links de referênciaLinkedin do Felipe Costa https://www.linkedin.com/in/felipe-dacosta/GitHub: https://github.com/felipecosta09X: https://x.com/devsecguyArtigos: https://medium.com/@devsecguyUltimo artigo https://www.linkedin.com/pulse/vision-one-mcp-democratizing-platform-access-ai-felipe-costa-nlj4c/

Neste episódio Raphael Bottino e Tales Casagrande falam sobre as principais funcionalidades de segurança da AWS e o que rolou no re:Inforce 2025, ficou curioso? Dá o play :) Links de referênciaAWS re:Inforce roundup 2025: top announcements https://aws.amazon.com/pt/blogs/aws/aws-reinforce-roundup-2025-top-announcements/Amazon Inspector Code Security https://docs.aws.amazon.com/inspector/latest/user/code-security-assessments.htmlHow to migrate your AWS CodeCommit repository to another Git provider https://aws.amazon.com/pt/blogs/devops/how-to-migrate-your-aws-codecommit-repository-to-another-git-provider/AWS Certified Security - Specialty - ⁠https://aws.amazon.com/certification/certified-security-specialty⁠Linkedin do Bruno https://www.linkedin.com/in/bruno-silva-goncalves-lima/Curso do Bruno https://www.udemy.com/course/formacao-datadog/

Threat Hunting não é para qualquer um! Raphael Bottino e Tales Casagrande conversam com Lucas de Assis para explorar os desafios de analisar ameaças em um ambiente tempestuoso como a nuvem. Link & Recomendações Linkedin do Lucas https://www.linkedin.com/in/lucasdeassis/Sigma pra Cloud: https://github.com/SigmaHQ/sigma/tree/master/rules/cloud S3 Ransomware Simulator: ⁠https://github.com/raphabot/s3-ransomware-simulator⁠ Invictus IR: https://www.invictus-ir.com/ Understanding CloudTrail Events: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-events.html Stratus Red Team: https://github.com/DataDog/stratus-red-team 

Neste episódio Raphael Bottino e Tales Casagrande discutem sobre os relatórios de Segurança, quem nunca leu um relatório que era mais sobre vendas de ferramentas do que levar um conteúdo técnico sobre segurança, vamos analisar e falar sobre alguns relatórios e extrair o suco da informação! Dá o play :) Links de referênciaM-Trends 2025 Report is now availableThe State of Cyber Security 2025State of DevSecOpsAI codeDryRun Security 2025 SAST Accuracy ReportThe state of Secrets Sprawl 2025Gartner CNAPPMagic Quadrant for Application Security TestingRelatório de Investigações de Violações de Dados da Verizon de 2025Cloud Security Report 2024 SentinelOneHashiCorp 2024 State of Cloud Strategy SurveyThe State of Cloud Runtime Security, 2025 Edition

Chegou a hora do momento mais esperado de todos os tempos.. temos o nosso primeiro convidado! Neste episódio Raphael Bottino e Tales Casagrande se juntam ao Antonio Firmiano e discutem sobre Como AI Agêntica Muda o Panorama de Segurança e dicas revolucionárias que vão resolver todos os seus problemas (sqn)! Link & Recomendações Model-Driven Dependency Confusion ​​https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610Explicacao de MCP vs API: ⁠⁠https://medium.com/@elisowski/mcp-explained-the-new-standard-connecting-ai-to-everything-79c5a1c98288⁠⁠GitHub Copilot Agent: https://github.blog/news-insights/product-news/github-copilot-meet-the-new-coding-agent/Google Jules: https://jules.google/ Agno https://docs.agno.com/introductionPapers de Agentic AI https://ia600601.us.archive.org/15/items/google-ai-agents-whitepaper/Newwhitepaper_Agents.pdfAnthropic https://www.anthropic.com/engineering/building-effective-agentsOpenAi https://cdn.openai.com/business-guides-and-resources/a-practical-guide-to-building-agents.pdf⁠ Siga o Antonio Firmiano para saber mais sobre o seu projeto https://www.linkedin.com/in/antonio-firmiano-gomes/

Neste episódio Raphael Bottino e Tales Casagrande falam sobre Hanson Ransom no S3. Sabia que a nuvem traz novos desafios quanto a proteção de Ransomware? Dá o play aí, prometo que ninguém vai cantar no seu ouvido. 🌚Links de referênciahttps://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-chttps://raphabot.medium.com/simulating-detecting-and-responding-to-s3-ransomware-attacks-9f85b2a97086?source=friends_link&sk=712f94cf48b7bc46aa29aa652efacaab https://www.sentinelone.com/blog/the-state-of-cloud-ransomware-in-2024/https://www.trendmicro.com/en_us/research/24/j/fake-lockbit-real-damage-ransomware-samples-abuse-aws-s3-to-stea.htmlhttps://repost.aws/knowledge-center/potential-account-compromise

Neste episódio Raphael Bottino e Tales Casagrande falam sobre construção, pilares mas não é construção civil é nuvem! Dá o play ai :)Links de referênciaAWS Well Architected Framework: https://aws.amazon.com/architecture/well-architected/ AWS Well-Architected Tool https://aws.amazon.com/pt/well-architected-tool/Azure Well-Architected Framework: https://learn.microsoft.com/en-us/azure/well-architected/Azure Well-Architected Review https://learn.microsoft.com/en-us/assessments/azure-architecture-review/Google Cloud Well-Architected Framework:  https://cloud.google.com/architecture/frameworkOCI Well-Architected Framework: https://docs.oracle.com/en/solutions/oci-best-practices/index.html OCI Well-Architected Assessment https://well-architected.oracle.com/apex/r/owwa/well-architected-assessment/homeUma analogia sobre o AWS Well-Architected Framework https://medium.com/@100HnoMeuNome/uma-analogia-sobre-o-aws-well-architected-framework-237449062823Mapa do AWS Well Architected https://wa.aws.amazon.com/wat.map.en.htmlWell Architected Labs: https://www.wellarchitectedlabs.com/ Skill Builder - AWS Well-Architected Foundations: https://explore.skillbuilder.aws/learn/courses/108/aws-well-architected-foundations RecomendaçõesBottino: https://www.thefrugalarchitect.com/ Tales: https://github.com/infracost/infracost

Neste episódio Raphael Bottino e Tales Casagrande falam sobre jornada para nuvem, pizza e o modelo de responsabilidade compartilhada! Mas me responde, qual o seu sabor favorito de pizza?Referência PaaS x IaaS x SaaS x CaaS: qual é a diferença entre elas? ⁠https://cloud.google.com/learn/paas-vs-iaas-vs-saas?hl=pt-BR⁠Understanding Cloud Misconfigurations — With Pizza and Lego ⁠https://www.trendmicro.com/en_us/research/21/b/understanding-cloud-misconfigurations-with-pizza-and-lego.html⁠HashiCorp 2024 State of Cloud Strategy Survey ⁠https://www.hashicorp.com/pt/state-of-the-cloud⁠Modelo de arquitetura do Google Cloud ⁠https://cloud.google.com/architecture/framework?hl=pt-br⁠AWS Well-Architected  ⁠https://aws.amazon.com/pt/architecture/well-architected/⁠Azure Well-Architected Framework ⁠https://learn.microsoft.com/en-us/azure/well-architected⁠Oracle Acknowledges Data Breach and Starts Informing Affected Clients ⁠⁠https://cybersecuritynews-com.cdn.ampproject.org/c/s/cybersecuritynews.com/oracle-acknowledges-data-breach/amp/⁠⁠What is lift and shift cloud migration? ⁠⁠⁠https://www.pluralsight.com/resources/blog/business-and-leadership/what-is-lift-and-shift-cloud-migration⁠⁠⁠Links das Indicações:AWS Cloud Quest: Cloud Practitioner ⁠https://explore.skillbuilder.aws/learn/courses/11458/aws-cloud-quest-cloud-practitioner/lessons/42651/play-cloud-quest-cloud-practitioner⁠Manual de DevOps: Como Obter Agilidade, Confiabilidade e Segurança em Organizações Tecnológicas ⁠https://a.co/d/2qm3fpq

Hoje é primeiro de abril, mas, nesta conversa, só tem verdades!Raphael Bottino e Tales Casagrande falam sobre conceitos e a utilização do tão falado Cloud Security Posture Management.Referência Modelo de responsabilidade compartilhada https://aws.amazon.com/pt/compliance/shared-responsibility-model/Links das Indicações:CloudFox https://github.com/BishopFox/cloudfoxCloudsploit https://github.com/aquasecurity/cloudsploitFalco https://github.com/falcosecurity/falcoAWS Security Digest https://awssecuritydigest.com/

Um podcast sobre Cloud e Application Security! Agora me diz, a culpa é da Segurança ou não?"