Mekotio Banking Trojan Threatens Financial Systems in Latin America - https://www.trendmicro.com/en_us/research/24/g/mekotio-banking-trojan.html 

Eldorado Ransomware: The New Golden Empire of Cybercrime? - https://www.group-ib.com/blog/eldorado-ransomware/ 

Mallox Ransomware Variant Targets Linux: Decryptor Discovered - https://www.uptycs.com/blog/mallox-ransomware-linux-variant-decryptor-discovered#three 

Europol coordinates global action against criminal abuse of Cobalt Strike - https://www.europol.europa.eu/media-press/newsroom/news/europol-coordinates-global-action-against-criminal-abuse-of-cobalt-strike 

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server 

China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices – Advisory for Mitigation and Response - https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/ 

CVE-2024-20399 - Cisco NX-OS Software CLI Command Injection Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP 

Exposing FakeBat loader: distribution methods and adversary infrastructure - https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ 

2024-06: Out-Of-Cycle Security Bulletin: Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed (CVE-2024-2973) - https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US 

June 27, 2024 Advisory: Critical Command Injection Vulnerability in EOL Zyxel NAS Models Exploited by Botnet [CVE-2024-29973] - https://censys.com/cve-2024-29973/ 

Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - https://www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/ 

Security Update – June 28, 2024, 12:10 PM CEST - https://www.teamviewer.com/en/resources/trust-center/statement/ 

Sustaining Digital Certificate Security - Entrust Certificate Distrust - https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html 

Kimsuky deploys TRANSLATEXT to target South Korean academia - https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia 

MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems - https://www.fortinet.com/blog/threat-research/merkspy-exploiting-cve-2021-40444-to-infiltrate-systems 

TeamViewer IT security update - https://www.teamviewer.com/en/resources/trust-center/statement/ 

GitLab Critical Patch Release: 17.1.1, 17.0.3, 16.11.5 - https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/#run-pipelines-as-any-user 

New InnoSetup Malware Created Upon Each Download Attempt - https://asec.ahnlab.com/en/67502/ 

Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware - https://outpost24.com/blog/unfurling-hemlock-cluster-bomb-campaign/ 

Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer - https://www.trendmicro.com/en_us/research/24/f/water-sigbin-xmrig.html 

Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806) - https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/ 

Fortra FileCatalyst Workflow Unauthenticated SQLi - https://www.tenable.com/security/research/tra-2024-25 

Multiple vulnerabilities in TP-Link Omada system could lead to root access - https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/ 

CHAMELGANG & FRIENDS | CYBERESPIONAGE GROUPS ATTACKING CRITICAL INFRASTRUCTURE WITH RANSOMWARE - https://assets.sentinelone.com/sentinellabs/chamelgang-friends-en 

Dados do Pedido à Casa Civil via Lei de Acesso à Informação - https://buscalai.cgu.gov.br/PedidosLai/DetalhePedido?id=5239926 

From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer - https://www.cadosecurity.com/blog/from-dormant-to-dangerous-p2pinfect-evolves-to-deploy-new-ransomware-and-cryptominer 

New attack uses MSC files and Windows XSS flaw to breach networks - https://www.bleepingcomputer.com/news/security/new-grimresource-attack-uses-msc-files-and-windows-xss-flaw-to-breach-networks/ 

8220 Mining Gang's New Tool: k4spreader - https://blog.xlab.qianxin.com/8220-k4spreader-new-tool-en/ 

UAC-0184 Abuses Python in DLL Sideloading for XWORM Distribution - https://cyble.com/blog/uac-0184-abuses-python-in-dll-sideloading-for-xworm-distribution/ 

Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation - https://www.recordedfuture.com/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter

SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques - https://blog.talosintelligence.com/sneakychef-sugarghost-rat/ 

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia - https://blog.talosintelligence.com/new-spicerat-sneakychef/ 

Sustained Campaign Using Chinese Espionage Tools Targets Telcos - https://symantec-enterprise-blogs.security.com/threat-intelligence/telecoms-espionage-asia 

ANALYSIS OF PHANTOM#SPIKE: ATTACKERS LEVERAGING CHM FILES TO RUN CUSTOM CSHARP BACKDOORS LIKELY TARGETING VICTIMS ASSOCIATED WITH PAKISTAN - https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/ 

UEFICANHAZBUFFEROVERFLOW: WIDESPREAD IMPACT FROM VULNERABILITY IN POPULAR PC AND SERVER FIRMWARE - https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/ 

SolarWinds Serv-U path traversal flaw actively exploited in attacks - https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/ 

SolarWinds Serv-U Directory Transversal Vulnerability (CVE-2024-28995) - https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995 

CVE-2024-28995 - https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis 

SolarWinds Serv-U (CVE-2024-28995) exploitation: We see you! - https://www.labs.greynoise.io/grimoire/2024-06-solarwinds-serv-u/ 

RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS - https://research.checkpoint.com/2024/rafel-rat-android-malware-from-espionage-to-ransomware-operations/ 

É HOJE!!!!   TURING DAY 2024 - https://www.even3.com.br/tempest-turing-day-2024/

LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations - https://cybersecurity.att.com/blogs/labs-research/highly-evasive-squidloader-targets-chinese-organizations 

AN UNPATCHED BUG ALLOWS ANYONE TO IMPERSONATE MICROSOFT CORPORATE EMAIL ACCOUNTS - https://securityaffairs.com/164675/hacking/expert-warns-of-a-spoofing-bug.html

Thread sobre a possível falha no Outlook - https://x.com/slonser_/status/1801521692314927433 

Fickle Stealer Distributed via Multiple Attack Chain - https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain