Cyber Morning Call

Referências do EpisódioSecurity Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340)Inside the Infrastructure: Who’s Scanning for Ivanti Connect Secure?CVE-2025-0282 DetailDissecting UAT-8099: New persistence mechanisms and regional focusThreat Bulletin: Critical eScan Supply Chain CompromiseRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioSolarwinds - WHD 2026.1 release notesCVE-2025-40551: Another Solarwinds Web Help Desk Deserialization IssueMultiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tacticCan’t stop, won’t stop: TA584 innovates initial accessTwo High-Severity n8n Flaws Allow Authenticated Remote Code ExecutionRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioAdministrative FortiCloud SSO authentication bypassAnalysis of Single Sign-On Abuse on FortiOSCMC 935 - A notável escala dos ataques do PurpleBravo | FortiGate sob ataqueDiverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088HoneyMyte updates CoolClient and deploys multiple stealers in recent campaignsThreat Actors Using AWS WorkMail in Phishing CampaignsNew Architecture, New Risks: One-Click to Pwn IDIS IP CamerasRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioCVE-2026-21509 - Microsoft Office Security Feature Bypass VulnerabilityMicrosoft patches actively exploited Office zero-day vulnerabilityBypassing Windows Administrator ProtectionAPT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1PackageGate: 6 Zero-Days in JS Package Managers But NPM Won't ActRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioPeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat GroupsStanley — A $6,000 Russian Malware Toolkit with Chrome Web Store GuaranteeRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioKONNI Adopts AI to Generate PowerShell BackdoorsWatering Hole Attack Targets EmEditor Users with Information-Stealing MalwareWatering Hole Attack Targets EmEditor Users with Information-Stealing MalwareOsiris: New Ransomware, Experienced Attackers?Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root AccessMalicious VS Code AI Extensions Harvesting Code from 1.5M DevsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioPurpleBravo’s Targeting of the IT Software Supply ChainNew Phishing Campaign Targeting LastPass CustomersCisco Unified Communications Products Remote Code Execution VulnerabilityArctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices via SSO AccountsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioVoidLink: Evidence That the Era of Advanced AI-Generated Malware Has BegunCyata Research: Breaking Anthropic’s Official MCP ServerRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWeaponizing Calendar Invites: How Prompt Injection Bypassed Google Gemini’s ControlsGoogle Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious InvitesCreepy Crawlers: Hunting Those Who Hunt For WordPress Plugins100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress PluginRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioFrom Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software DevelopersPDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR EvasionVoidLink threat analysis: Sysdig discovers C2-compiled kernel rootkitsUnveiling VoidLink – A Stealthy, Cloud-Native Linux Malware FrameworkRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio/bin/live: Rafael Silva, Luiz Eduardo, Willian Caprino e Nelson Murilo - HackingRemote Code Execution via Expression InjectionCritical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of InstancesDecember 22 Advisory: Critical n8n Vulnerability Allows Remote Code Execution [CVE-2025-68613]From ClickFix to code signed: the quiet shift of MacSync Stealer malwareFrom cheats to exploits: Webrat spreading via GitHubEntrarei de férias. Volto no dia 19 de janeiro.Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioNPM Package With 56K Downloads Caught Stealing WhatsApp Messages작전명 아르테미스: HWP 기반 DLL 사이드 로딩 공격 분석Zscaler Threat Hunting Catches Evasive SideWinder APT CampaignTracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio​HPESBGN04985 rev.2 - Hewlett Packard Enterprise OneView Software, Remote Code Execution​CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView​Acronis TRU Alliance {Hunt.io}: Hunting DPRK threats - New Global Lazarus & Kimsuky campaigns​LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and JapanRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioSonicWall SMA1000 appliance local privilege escalation vulnerabilityCVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day ExploitedSonicWall warns of actively exploited flaw in SMA 100 AMCUAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web ManagerCISA Adds Three Known Exploited Vulnerabilities to CatalogOperation ForumTroll continues: Russian political scientists targeted using plagiarism reportsGachiLoader: Defeating Node.js Malware with API TracingRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio史上最疯：独家揭秘感染全球180万Android设备的巨型僵尸网络KimwolfInside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive OperationEtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox UsersRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground ForumsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the WildMultiple Threat Actors Exploit React2Shell (CVE-2025-55182)Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioHunting for Mythic in network trafficHamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware SuiteSHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like TacticsGogs 0-Day Exploited in the WildHow to find Gogs installations on your network - Latest Gogs vulnerability: CVE-2025-8110CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The WildConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grantsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio *Stable Channel Update for Desktop - Wednesday, December 10, 2025 - https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html *Google fixes eighth Chrome zero-day exploited in attacks in 2025 - https://www.bleepingcomputer.com/news/security/google-fixes-eighth-chrome-zero-day-exploited-in-attacks-in-2025/ SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL - https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/ NANOREMOTE, cousin of FINALDRAFT - https://www.elastic.co/security-labs/nanoremote Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits - https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/ Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk - http://flare.io/learn/resources/docker-hub-secrets-exposed/  Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referencias do episodioWebinar Tendencias em Cyber 2026https://www.even3.com.br/tendencias-em-cyber-2026-661705/Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flawshttps://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/Microsofts December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221)https://www.tenable.com/blog/microsofts-december-2025-patch-tuesday-addresses-56-cves-cve-2025-62221Microsoft and Adobe Patch Tuesday, December 2025 – Security Update Reviewhttps://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-reviewFortinet warns of critical FortiCloud SSO login auth bypass flawshttps://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/Multiple Fortinet Products FortiCloud SSO Login Authentication Bypasshttps://www.fortiguard.com/psirt/FG-IR-25-647Security Advisory EPM December 2025 for EPM 2024https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)https://www.rapid7.com/blog/post/cve-2025-10573-ivanti-epm-unauthenticated-stored-cross-site-scripting-fixed/PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shellEtherRAT: DPRK uses novel Ethereum implant in React2Shell attackshttps://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacksChina-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/CVE-2025-55182: React2Shell Critical Vulnerability — what it is and what to dohttps://www.dynatrace.com/news/blog/cve-2025-55182-react2shell-critical-vulnerability-what-it-is-and-what-to-do/Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia