Cyber Morning Call

Referências do Episódio
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft

Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS

GlassWorm Loader Hits Open VSX via Developer Account Compromise

ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting

19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware: Part 1

DynoWiper update: Technical analysis and attribution

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340)

Inside the Infrastructure: Who’s Scanning for Ivanti Connect Secure?

CVE-2025-0282 Detail

Dissecting UAT-8099: New persistence mechanisms and regional focus

Threat Bulletin: Critical eScan Supply Chain Compromise

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
Solarwinds - WHD 2026.1 release notes

CVE-2025-40551: Another Solarwinds Web Help Desk Deserialization Issue

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tactic

Can’t stop, won’t stop: TA584 innovates initial access

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
Administrative FortiCloud SSO authentication bypass

Analysis of Single Sign-On Abuse on FortiOS

CMC 935 - A notável escala dos ataques do PurpleBravo | FortiGate sob ataque

Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Threat Actors Using AWS WorkMail in Phishing Campaigns

New Architecture, New Risks: One-Click to Pwn IDIS IP Cameras

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia

Referências do Episódio
CVE-2026-21509 - Microsoft Office Security Feature Bypass Vulnerability

Microsoft patches actively exploited Office zero-day vulnerability

Bypassing Windows Administrator Protection

APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1

PackageGate: 6 Zero-Days in JS Package Managers But NPM Won't Act

Roteiro e apresentação: Carlos Cabral
Edição de áudio: Paulo Arruzzo 
Narração de encerramento: Bianca Garcia