Cyber Morning Call

Referências do Episódio
TURING DAY 2026 | 6ª EDIÇÃO - DIA 25/06

K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530

K000161584: NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability CVE-2026-42055

Killing me gently: Inside Gentlemen’s EDR killer framework

Lost in relocation: analysis of a new loader distributing CASTLESTEALER

AutoJack: How a single page can RCE the host running your AI agent 

Oracle Critical Security Patch Update Advisory - June 2026

PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
TURING DAY 2026 | 6ª EDIÇÃO - DIA 25/06

FortiBleed — 75k Fortinet firewalls have admin passwords cracked

FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls

FortiBleed - HudsonRock

ClickFix Campaign Generated Via AI Delivers SmartRAT

From package to postinstall payload: Inside the Mastra npm supply chain compromise

From Stars to Upvotes: Fake Reputation Fueling a Crypto Clipboard Hijacker

Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
/bin/live: CISOs - com Fabiana Tanaka e Denis Nesi

TURING DAY 2026 | 6ª EDIÇÃO - DIA 25/06

FishMonger’s arsenal upgraded: SprySOCKS for Windows

隐形毒刺：超4000台老旧路由器遭AryStinger入侵，沦为黑客全球攻击跳板

Rokarolla : Android Banker with Complete Device Takeover Capabilities

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

Critical Fortinet FortiSandbox flaws now exploited in attacks

Chrome Releases - Tuesday, June 16, 2026

GitBait: Phishing the Mexican Financial Sector

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
TURING DAY 2026 | 6ª EDIÇÃO - DIA 25/06

Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research

SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon

CVE-2026-42824 - M365 Copilot Information Disclosure Vulnerability

Unveiling ErrTraffic: inside a growing ClickFix malware distribution framework

FI-2026-007 - Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability

EvilTokens: A phishing attack that doesn’t steal your password

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
MS 사칭 피싱과 Dead-drop C2 기반 APT37 NarwhalRAT 분석

Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware

Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)

FBI takes down massive China-based cybercrime network that caused $1.9B in losses

Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.

Cyber Intel Brief: Handala Claims Breach of California Water Service

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia