Lucas Oliveira

AgingFly campaign hits Ukrainian government and hospital networks A newly reported campaign centered on the AgingFly backdoor is a reminder that targeted intrus...

Lucas Oliveira

Research

CVE-2026-33032 in nginx-ui Enables Full Nginx Server Takeover via Unauthenticated MCP Access A critical flaw in nginx-ui, the web-based Nginx management tool, c...

Lucas Oliveira

Research

Malicious Chrome extensions turn OAuth tokens into enterprise risk A newly reported cluster of malicious Chrome Web Store extensions is a useful warning for def...

Lucas Oliveira

Research

CVE-2026-5194 weakens wolfSSL certificate trust in embedded deployments CVE-2026-5194 is a reminder that core cryptographic libraries can create outsized enterp...

Lucas Oliveira

Research

Docker AuthZ Plugin Bypass in CVE-2026-34040 Weakens API-Level Container Controls A newly disclosed Docker Engine and Moby flaw, tracked as CVE-2026-34040, show...

Lucas Oliveira

Research

CPUID breach turned CPU-Z and HWMonitor into a malware delivery path Executive summary A compromise of the CPUID website briefly turned trusted download links f...

Lucas Oliveira

Research

CVE-2026-39987 puts exposed Marimo notebooks on a fast credential-theft path CVE-2026-39987 is a sharp reminder that smaller developer and data-science platform...

Lucas Oliveira

Research

CVE-2026-22557 puts internet-exposed UniFi controllers at account-takeover risk CVE-2026-22557 is the kind of infrastructure flaw defenders should treat as urge...

Lucas Oliveira

Research

Iranian PLC Attacks Disrupt U.S. Critical Infrastructure Executive Summary Iranian-affiliated [advanced persistent threat](https://invaders.ie/resources/glossar...

Lucas Oliveira

Research