Podcast appearances and mentions of bianca garcia

Referências do EpisódioPixRevolution: The Agent-Operated Android Trojan Hijacking Brazil's PIX Payments in Real TimeZero Click Unauthenticated RCE in n8n: A Contact Form That Executes Shell CommandsIranian Hacktivists Strike Medical Device Maker Stryker in "Severe" Attack that Wiped SystemsVENON: O Primeiro Banker RAT Brasileiro em RustWho bombed the Iranian girls' school, killing more than 170? What we knowRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioMicrosoft Patch Tuesday security updates for March 2026 fixed 84 bugsAdobe - Security Bulletins and Advisories - last updated on Mar 10, 2026Security update available for Adobe Commerce | APSB26-05Zoom Bulletin: ZSB-26005FortiGate Edge Intrusions | Stolen Service Accounts Lead to Rogue Workstations and Deep AD CompromiseRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioRussia targets Signal and WhatsApp accounts in cyber campaignThrough the Lens of MDR: Analysis of KongTuke's ClickFix Abuse of Compromised WordPress SitesThreat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector ToolRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioAI as tradecraft: How threat actors operationalize AIAn Investigation Into Years of Undetected Operations Targeting High-Value SectorsCVE-2026-20122 | CVE-2026-20126 | CVE-2026-20128 - Cisco Catalyst SD-WAN VulnerabilitiesMobile spyware campaign impersonates Israel's Red Alert rocket warning systemMiddle East Conflict Fuels Opportunistic Cyber AttacksRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioNew BoryptGrab Stealer Targets Windows Users via Deceptive GitHub PagesSeedworm: Iranian APT on Networks of U.S. Bank, Airport, Software CompanyUAT-9244 targets South American telecommunication providers with three new malware implantsAPT36: A Nightmare of VibewareLook What You Made Us Patch: 2025 Zero-Days in ReviewRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioCVE-2026-20079 - Cisco Secure Firewall Management Center Software Authentication Bypass VulnerabilityCVE-2026-20131 - Cisco Secure Firewall Management Center Software Remote Code Execution VulnerabilitySilver Dragon Targets Organizations in Southeast Asia and EuropeRetaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring LionDefending the gates: How a global coalition disrupted Tycoon 2FA, a major driver of initial access and large-scale online impersonationRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioCoruna: The Mysterious Journey of a Powerful iOS Exploit KitOperational issue - Multiple services (UAE)Drone strikes damage Amazon data centres in UAE and Bahrain, disrupting servicesInterplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle EastCopy, Paste, Ransom: Making Data Exfiltration As Easy as AzCopyCISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV CatalogFarewell, FelixRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioBoletim de segurança do Android – março de 2026Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilitiesTaming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini PanelFunnull Resurfaces: Exposing RingH23 Arsenal and MacCMS Supply Chain AttacksThreat Brief: March 2026 Escalation of Cyber Risk Related to IranChecklist rápido para não ser vítima colateral de uma guerra que não é suaRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioMAR-25993211-r1.v2 Ivanti Connect Secure (RESURGE)Ivanti Connect Secure VPN Targeted in New Zero-Day ExploitationMalicious Go “crypto” Module Steals Passwords and Deploys Rekoobe BackdoorRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioNew Dohdoor malware campaign targets education and health careMeta Takes Legal Action Against Scam AdvertisersAPT37 Adds New Capabilities for Air-Gapped NetworksRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioCVE-2026-20127 - Cisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityActive exploitation of Cisco Catalyst SD-WAN by UAT-8616CISCO SD-WAN THREAT HUNT GUIDEExposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage CampaignServ-U 15.5.4 release notesBuy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))2026-02 Out-of-Cycle Security Bulletin: Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root (CVE-2026-21902)Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioNorth Korean Lazarus Group Now Working With Medusa RansomwareVMSA-2026-0001: VMware Aria Operations updates address multiple vulnerabilities (CVE-2026-22719, CVE-2026-22720 and CVE-2026-22721)1Campaign: A New Cloaking Platform Helping Attackers Abuse Google AdsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioDetecting and preventing distillation attacksDeepSeek-R1: Incentivizing Reasoning Capability in LLMs via Reinforcement LearningOpenAI suddenly thinks intellectual property theft is not cool, actually, amid DeepSeek's riseAI-augmented threat actor accesses FortiGate devices at scale | Amazon Web ServicesAI-augmented threat actor accesses FortiGate devices at scaleRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioOperation Olalampo: Inside MuddyWater's Latest CampaignHow Predator spyware defeats iOS recording indicatorsMalicious OpenClaw Skills Used to Distribute Atomic MacOS StealerRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioPromptSpy ushers in the era of Android threats using GenAIMassiv: When your IPTV app terminates your savingsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioNew Clickfix variant ‘CrashFix' deploying Python Remote Access TrojanFrom BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-DayDSA-2026-079: Security Update for RecoverPoint for Virtual Machines Hardcoded Credential VulnerabilityNew Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch ReleasedFour Vulnerabilities Expose a Massive Security Blind Spot in IDE ExtensionsAI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven AttacksRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioAbout the security content of iOS 26.3 and iPadOS 26.3OysterLoader Unmasked: The Multi-Stage Evasion LoaderGTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial UseAttackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams LuresDataflow Rider: How Attackers can Abuse Shadow Resources in Google Cloud DataflowRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioLummaStealer Is Getting a Second Life Alongside CastleLoaderAgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen CredentialsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioMicrosoft - February 2026 Security UpdatesMicrosoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flawsMicrosoft Patch Tuesday – February 2026CVE-2025-52436 - XSS via back buttonCVE-2026-22153 - LDAP authentication bypass in Agentless VPN and FSSOCMC 932CMC 934VoidLink: um sinal do fim do gargalo humano no desenvolvimento de malware avançadoRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioUNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social EngineeringTechnical Analysis of GuLoader Obfuscation TechniquesRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioAnalysis of active exploitation of SolarWinds Web Help DeskBeyondTrust - Advisory ID: BT26-02CVE-2026-1731: Pre-Auth RCE in BeyondTrust Remote Support & PRARoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioThe Shadow Campaigns: Uncovering Global EspionageKnife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaultsPro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter OlympicsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioSilent Push Identifies More Than 10,000 Infected IPs as Part of SystemBC Botnet Malware FamilyLookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast AsiaRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioAPT28 Leverages CVE-2026-21509 in Operation NeusploitAI-assisted cloud intrusion achieves admin access in 8 minutesMetro4Shell: Exploitation of React Native's Metro Server in the WildRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioNotepad++ Hijacked by State-Sponsored HackersThe Chrysalis Backdoor: A Deep Dive into Lotus Blossom's toolkit1-Click RCE via Authentication Token Exfiltration From gatewayUrl1-Click RCE To Steal Your Moltbot Data and KeysGiving OpenClaw The Keys to Your Kingdom? Read This FirstRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioVishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data TheftGuidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaSGlassWorm Loader Hits Open VSX via Developer Account CompromiseClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware: Part 1DynoWiper update: Technical analysis and attributionRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioSecurity Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340)Inside the Infrastructure: Who's Scanning for Ivanti Connect Secure?CVE-2025-0282 DetailDissecting UAT-8099: New persistence mechanisms and regional focusThreat Bulletin: Critical eScan Supply Chain CompromiseRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioSolarwinds - WHD 2026.1 release notesCVE-2025-40551: Another Solarwinds Web Help Desk Deserialization IssueMultiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554Meet IClickFix: a widespread WordPress-targeting framework using the ClickFix tacticCan't stop, won't stop: TA584 innovates initial accessTwo High-Severity n8n Flaws Allow Authenticated Remote Code ExecutionRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioAdministrative FortiCloud SSO authentication bypassAnalysis of Single Sign-On Abuse on FortiOSCMC 935 - A notável escala dos ataques do PurpleBravo | FortiGate sob ataqueDiverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088HoneyMyte updates CoolClient and deploys multiple stealers in recent campaignsThreat Actors Using AWS WorkMail in Phishing CampaignsNew Architecture, New Risks: One-Click to Pwn IDIS IP CamerasRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioCVE-2026-21509 - Microsoft Office Security Feature Bypass VulnerabilityMicrosoft patches actively exploited Office zero-day vulnerabilityBypassing Windows Administrator ProtectionAPT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1PackageGate: 6 Zero-Days in JS Package Managers But NPM Won't ActRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioPeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat GroupsStanley — A $6,000 Russian Malware Toolkit with Chrome Web Store GuaranteeRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioKONNI Adopts AI to Generate PowerShell BackdoorsWatering Hole Attack Targets EmEditor Users with Information-Stealing MalwareWatering Hole Attack Targets EmEditor Users with Information-Stealing MalwareOsiris: New Ransomware, Experienced Attackers?Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root AccessMalicious VS Code AI Extensions Harvesting Code from 1.5M DevsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioPurpleBravo's Targeting of the IT Software Supply ChainNew Phishing Campaign Targeting LastPass CustomersCisco Unified Communications Products Remote Code Execution VulnerabilityArctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices via SSO AccountsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioVoidLink: Evidence That the Era of Advanced AI-Generated Malware Has BegunCyata Research: Breaking Anthropic's Official MCP ServerRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWeaponizing Calendar Invites: How Prompt Injection Bypassed Google Gemini's ControlsGoogle Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious InvitesCreepy Crawlers: Hunting Those Who Hunt For WordPress Plugins100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress PluginRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioFrom Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software DevelopersPDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR EvasionVoidLink threat analysis: Sysdig discovers C2-compiled kernel rootkitsUnveiling VoidLink – A Stealthy, Cloud-Native Linux Malware FrameworkRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio/bin/live: Rafael Silva, Luiz Eduardo, Willian Caprino e Nelson Murilo - HackingRemote Code Execution via Expression InjectionCritical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of InstancesDecember 22 Advisory: Critical n8n Vulnerability Allows Remote Code Execution [CVE-2025-68613]From ClickFix to code signed: the quiet shift of MacSync Stealer malwareFrom cheats to exploits: Webrat spreading via GitHubEntrarei de férias. Volto no dia 19 de janeiro.Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioNPM Package With 56K Downloads Caught Stealing WhatsApp Messages작전명 아르테미스: HWP 기반 DLL 사이드 로딩 공격 분석Zscaler Threat Hunting Catches Evasive SideWinder APT CampaignTracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio​HPESBGN04985 rev.2 - Hewlett Packard Enterprise OneView Software, Remote Code Execution​CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView​Acronis TRU Alliance {Hunt.io}: Hunting DPRK threats - New Global Lazarus & Kimsuky campaigns​LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and JapanRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioSonicWall SMA1000 appliance local privilege escalation vulnerabilityCVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day ExploitedSonicWall warns of actively exploited flaw in SMA 100 AMCUAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web ManagerCISA Adds Three Known Exploited Vulnerabilities to CatalogOperation ForumTroll continues: Russian political scientists targeted using plagiarism reportsGachiLoader: Defeating Node.js Malware with API TracingRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio史上最疯：独家揭秘感染全球180万Android设备的巨型僵尸网络KimwolfInside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive OperationEtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox UsersRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground ForumsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the WildMultiple Threat Actors Exploit React2Shell (CVE-2025-55182)Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioHunting for Mythic in network trafficHamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware SuiteSHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like TacticsGogs 0-Day Exploited in the WildHow to find Gogs installations on your network - Latest Gogs vulnerability: CVE-2025-8110CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The WildConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grantsRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do Episódio *Stable Channel Update for Desktop - Wednesday, December 10, 2025 - https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html *Google fixes eighth Chrome zero-day exploited in attacks in 2025 - https://www.bleepingcomputer.com/news/security/google-fixes-eighth-chrome-zero-day-exploited-in-attacks-in-2025/ SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL - https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/ NANOREMOTE, cousin of FINALDRAFT - https://www.elastic.co/security-labs/nanoremote Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits - https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/ Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk - http://flare.io/learn/resources/docker-hub-secrets-exposed/  Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referencias do episodioWebinar Tendencias em Cyber 2026https://www.even3.com.br/tendencias-em-cyber-2026-661705/Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flawshttps://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/Microsofts December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221)https://www.tenable.com/blog/microsofts-december-2025-patch-tuesday-addresses-56-cves-cve-2025-62221Microsoft and Adobe Patch Tuesday, December 2025 – Security Update Reviewhttps://blog.qualys.com/vulnerabilities-threat-research/2025/12/09/microsoft-patch-tuesday-december-2025-security-update-reviewFortinet warns of critical FortiCloud SSO login auth bypass flawshttps://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/Multiple Fortinet Products FortiCloud SSO Login Authentication Bypasshttps://www.fortiguard.com/psirt/FG-IR-25-647Security Advisory EPM December 2025 for EPM 2024https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)https://www.rapid7.com/blog/post/cve-2025-10573-ivanti-epm-unauthenticated-stored-cross-site-scripting-fixed/PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shellEtherRAT: DPRK uses novel Ethereum implant in React2Shell attackshttps://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacksChina-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/CVE-2025-55182: React2Shell Critical Vulnerability — what it is and what to dohttps://www.dynatrace.com/news/blog/cve-2025-55182-react2shell-critical-vulnerability-what-it-is-and-what-to-do/Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026The VS Code Malware That Captures Your Screen | Koi BlogGrayBravo's CastleLoader Activity Clusters Target Multiple IndustriesRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioWebinar Tendências em Cyber 2026AI-Automated Threat Hunting Brings GhostPenguin Out of the ShadowsMaximum-severity XXE vulnerability discovered in Apache TikaChina-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So FarCritical React2Shell Flaw Added to CISA KEV After Confirmed Active ExploitationInside Shanya, a packer-as-a-service fueling modern attacksRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Referências do EpisódioCritical Security Vulnerability in React Server ComponentsReact2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server ComponentsCVE-2025-55182: Frequently Asked Questions About React2Shell: React Server Components Remote Code Execution VulnerabilityBRICKSTORM BackdoorActive Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an OptionArray Networks Array AGシリーズにおけるコマンドインジェクションの脆弱性に関する注意喚起 Roteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

In “Got (Raw) Milk? The Small Family Dairy Farms Behind a Big Controversy,” Gravy producer Bianca Garcia takes listeners to Milky Way Farm, the last dairy in Anderson County, South Carolina, where raw milk sales are keeping the Peeler family afloat.   Their neighbors have succumbed to the pressures that have defined a generation of farmers. Between 2003 and 2022, South Carolina—where the state beverage is a glass of cold milk—lost 75 percent of licensed dairy operations. They have found their market in a niche constituency, though the wider public might disapprove. Raw milk is a risky product, often considered a public health risk.   Raw milk is unpasteurized, meaning it hasn't been through a sanitizing kill step. Scientists worry that it can make consumers vulnerable to bacterial or viral infection, but raw milk lovers can't get enough of the creamy taste and allegedly healthful properties.   This debate is situated in what seems to be a public health emergency. Reports of bird flu infecting dairy cattle leave public health officials worried that drinking raw milk can spread disease. Under the Trump presidency, Secretary of the Department of Health and Human Services Robert F. Kennedy Jr. has vowed to increase public access to raw milk as a part of his Make America Healthy Again agenda. Raw influencers and “tradwives” promote it endlessly on social media. Through all this noise, it's easy to lose sense of the fact that this is an issue that starts on the farm.   In this episode, you will hear from L.D. Peeler, acting patriarch of Milky Way Farm, his daughter, Iris, and son, Davis. Each plays a role on their small family farm, which raises 120 Jersey cows: Davis works on the farm, L.D. manages the finances, and Iris does the public relations. They each have different, but entangled, stories to tell.   At Milky Way Farm, we are reminded that, just like any other food, raw milk starts with the land, the animals, and the people that make it possible. Guided by the community's desire for a tasty and safe product, the Peelers have shaped their business to meet this need. Thus, in the face of economic pressures of the dairy industry and cultural pressures around the product, they have risen above—like the cream beneath the lid of their bottled pints. Learn more about your ad choices. Visit megaphone.fm/adchoices