Cyber Morning Call

Referências do Episódio
CVE-2026-20182 - Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)

CVE-2026-20209, CVE-2026-20210 e CVE-2026-20224 - Cisco Catalyst SD-WAN Manager Vulnerabilities

Active Supply Chain Attack: Malicious node-ipc Versions Published to npm

Popular node-ipc npm Package Infected with Credential Stealer

CVE-2026-42897 - Microsoft Exchange Server Spoofing Vulnerability

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
NGINX Rift: Achieving NGINX Remote Code Execution via an 18-Year-Old Vulnerability

K000161019: NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945

NGINX Rift: An 18-Year-Old Bug Lets Hackers Hijack One-Third of the Internet's Web Servers

Fragnesia

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing

CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution

CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled

NATS-as-C2: Inside a new technique attackers are using to harvest cloud credentials and AI API keys

Windows BitLocker zero-day gives access to protected drives, PoC released

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised

​​Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

“Shai-Hulud, Here We Go Again”: 170+ Packages Hit Across npm & PyPi

May 2026 Security Updates

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review

Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)

Patch Tuesday - May 2026

CVE-2026-44277 - Improper access control on API endpoints

CVE-2026-26083 - Incorrect global authorization

One Is a Fluke, 3 Is a Pattern: MCP Back-End Vulnerabilities

SAP Security Patch Day - May 2026

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
 秘密活动6年的神秘黑客组织Mr_Rot13正在利用cPanel高危漏洞部署后门木马

PamDOORa: Analyzing a New Linux PAM-Based Backdoor for Sale on the Dark Web

Incident Update: Saturday, May 9, 2026

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia