Referências do Episódio

• /bin/live: Rafael Silva, Luiz Eduardo, Willian Caprino e Nelson Murilo - Hacking

• Remote Code Execution via Expression Injection

• Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

• December 22 Advisory: Critical n8n Vulnerability Allows Remote Code Execution [CVE-2025-68613]

• From ClickFix to code signed: the quiet shift of MacSync Stealer malware

• From cheats to exploits: Webrat spreading via GitHub

Entrarei de férias. Volto no dia 19 de janeiro.

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• NPM Package With 56K Downloads Caught Stealing WhatsApp Messages

• 작전명 아르테미스: HWP 기반 DLL 사이드 로딩 공격 분석

• Zscaler Threat Hunting Catches Evasive SideWinder APT Campaign

• Tracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• ​HPESBGN04985 rev.2 - Hewlett Packard Enterprise OneView Software, Remote Code Execution
• ​CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView
• ​Acronis TRU Alliance {Hunt.io}: Hunting DPRK threats - New Global Lazarus & Kimsuky campaigns
• ​LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• SonicWall SMA1000 appliance local privilege escalation vulnerability

• CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

• SonicWall warns of actively exploited flaw in SMA 100 AMC

• UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

• GachiLoader: Defeating Node.js Malware with API Tracing

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• 史上最疯：独家揭秘感染全球180万Android设备的巨型僵尸网络Kimwolf

• Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation

• EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2

• Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Webinar Tendências em Cyber 2026

• Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719

• SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Webinar Tendências em Cyber 2026

• Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

• Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Hunting for Mythic in network traffic

• Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite

• SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics

• Gogs 0-Day Exploited in the Wild

• How to find Gogs installations on your network - Latest Gogs vulnerability: CVE-2025-8110

• CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild

• ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• *Stable Channel Update for Desktop - Wednesday, December 10, 2025 - https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html 
• *Google fixes eighth Chrome zero-day exploited in attacks in 2025 - https://www.bleepingcomputer.com/news/security/google-fixes-eighth-chrome-zero-day-exploited-in-attacks-in-2025/ 
• SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL - https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/ 
• NANOREMOTE, cousin of FINALDRAFT - https://www.elastic.co/security-labs/nanoremote 
• Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits - https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/ 
• Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk - http://flare.io/learn/resources/docker-hub-secrets-exposed/ 

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referencias do episodio

Webinar Tendencias em Cyber 2026

https://www.even3.com.br/tendencias-em-cyber-2026-661705/

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/

Microsofts December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221)

https://www.tenable.com/blog/microsofts-december-2025-patch-tuesday-addresses-56-cves-cve-2025-62221

Microsoft and Adobe Patch Tuesday, December 2025 – Security Update Review

https://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-review

Fortinet warns of critical FortiCloud SSO login auth bypass flaws

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/

Multiple Fortinet Products FortiCloud SSO Login Authentication Bypass

https://www.fortiguard.com/psirt/FG-IR-25-647

Security Advisory EPM December 2025 for EPM 2024

https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

https://www.rapid7.com/blog/post/cve-2025-10573-ivanti-epm-unauthenticated-stored-cross-site-scripting-fixed/

PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182

https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell

EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks

https://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacks

China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)

https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

CVE-2025-55182: React2Shell Critical Vulnerability — what it is and what to do

https://www.dynatrace.com/news/blog/cve-2025-55182-react2shell-critical-vulnerability-what-it-is-and-what-to-do/

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Webinar Tendências em Cyber 2026

• The VS Code Malware That Captures Your Screen | Koi Blog

• GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Webinar Tendências em Cyber 2026

• AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows

• Maximum-severity XXE vulnerability discovered in Apache Tika

• China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)

• CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far

• Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

• Inside Shanya, a packer-as-a-service fueling modern attacks

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Critical Security Vulnerability in React Server Components

• React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components

• CVE-2025-55182: Frequently Asked Questions About React2Shell: React Server Components Remote Code Execution Vulnerability

• BRICKSTORM Backdoor

• Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option

• Array Networks Array AGシリーズにおけるコマンドインジェクションの脆弱性に関する注意喚起 

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Webinar Tendências em Cyber 2026

• Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue

• Intellexa’s Global Corporate Web

• French NGO Reporters Without Borders targeted by Calisto in recent campaign

• Malicious Rust Crate evm-units Serves Cross-Platform Payloads for Silent Execution

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Webinar Tendências em Cyber 2026

• New eBPF Filters for Symbiote and BPFdoor Malware

• Technical Analysis of Matanbuchus 3.0

• Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into Goldmines

• ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading

• MuddyWater: Snakes by the riverbank

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• ImperioShell e PolyjuiceCookie: Backdoor e cookie stealer miram empresas no Brasil

• Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp

• Do Coyote ao Astaroth: o abuso do WhatsApp se consolida como método de infecção do cibercrime brasileiro

• Vídeo sobre os recentes ataques via WhatsApp 

• Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp

• 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign | Koi Blog

• Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners

• CISA Adds One Known Exploited Vulnerability to Catalog

• [REPORT] Falhas de segurança em versões do ScadaBR

• APT36 Python Based ELF Malware Targeting Indian Government Entities

• Thor vs. Silver Fox – Uncovering and Defeating a Sophisticated ValleyRat Campaign

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Dragons in Thunder

• 3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs

• OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab

• Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)

• ASUS warns of new critical auth bypass flaw in AiCloud routers

• CVE-2025-59366

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia

Referências do Episódio

• Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

• FlexibleFerret malware continues to strike

• Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine

Roteiro e apresentação: Carlos Cabral

Edição de áudio: Paulo Arruzzo 

Narração de encerramento: Bianca Garcia