Referências do Episódio

• Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability New - CVE-2025-24983

• Windows NTFS Information Disclosure Vulnerability New - CVE-2025-24984

• Windows Fast FAT File System Driver Remote Code Execution Vulnerability New - CVE-2025-24985

• Windows NTFS Information Disclosure Vulnerability New - CVE-2025-24991

• Windows NTFS Remote Code Execution Vulnerability New - CVE-2025-24993

• Microsoft Access Remote Code Execution Vulnerability New - CVE-2025-26630

• Microsoft Management Console Security Feature Bypass Vulnerability New - CVE-2025-26633

• Apple fixed the third actively exploited zero-day of 2025

• Exposure of Sensitive Information to an Unauthorized Actor

• Use of hardcoded key used for remote backup server password encryption

• XSS flaw in Fortiview/SecurityLogs pages

• Cross Site Request Forgery in admin endpoint

• Incorrect authorization in GUI console

• Multiple command injections on CLI

• Multiple format string vulnerabilities

• Os command injection on vm download feature

• Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers

• New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

• DCRat backdoor returns

• Analyzing Elysium, a Variant of the Ghost (Cring) Ransomware Family

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia