Lucas Oliveira

Research

A DevOps engineer and cybersecurity enthusiast with a passion for uncovering the latest in zero-day exploits, automation, and emerging tech. I write to share real-world insights from the trenches of IT and security, aiming to make complex topics more accessible and actionable. Whether I’m building tools, tracking threat actors, or experimenting with AI workflows, I’m always exploring new ways to stay one step ahead in today’s fast-moving digital landscape.

Linkedin Twitter Github

Articles

Avg. Read Time

Expertise Areas

Cloud & Application Security

Cybercrime

vulnerability

supply chain attack

Ransomware Groups

Threat Hunting & Intel

Infostealer

Articles by Lucas Oliveira

SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws

Cloud & Application Security

vulnerability

SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws

SolarWinds Web Help Desk: Five Critical Vulnerabilities, Patch Bypass History, and the Most Dangerous IT Service Management Flaw of 2026 Executive Summary On Ja...

February 14, 2026

14 min read

Lucas Oliveira

Research

North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms

North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms

Executive Summary Since February 2026, the North Korea–linked group UNC1069 has been observed running a highly targeted deepfake campaign against cryptocurrency...

February 14, 2026

3 min read

Lucas Oliveira

Research

CVE-2026-21643 & CVE-2026-24858: Fortinet Critical Flaws | 2026

CVE-2026-21643 & CVE-2026-24858: Fortinet Critical Flaws | 2026

Executive Summary Since December 2025, two critical vulnerabilities in Fortinet's infrastructure have created a perfect storm for enterprise compromise: [CVE-20...

February 10, 2026

9 min read

Lucas Oliveira

Research

⭐ Featured

supply chain attack

state-sponsored APT

Lotus Panda Chrysalis: Notepad++ Supply Chain Attack | 2026

Executive Summary Since June 2025, the Chinese state-sponsored [threat actor](https://invaders.ie/resources/glossary/advanced-persistent-threat) Lotus Panda (al...

February 3, 2026

7 min read

Lucas Oliveira

Research

MaliciousCorgi: VSCode Supply Chain Attack on 1.5M Devs | 2026

⭐ Featured

Cloud & Application Security

Threat Intelligence

Malware Analysis

MaliciousCorgi: VSCode Supply Chain Attack on 1.5M Devs | 2026

Executive Summary Since January 2026, the sophisticated MaliciousCorgi supply chain attack has weaponized two malicious AI coding assistants on the official VSC...

February 2, 2026

6 min read

Lucas Oliveira

Research

Mandiant Findings ShinyHunters Voice Phishing: SaaS Extortion Research

Executive Summary Since June 2025, [ShinyHunters](https://cloud.google.com/blog/topics/threat-intelligence/expansion-shinyhunters-saas-data-theft) cybercrime co...

January 31, 2026

11 min read

Lucas Oliveira

Research

CVE-2025-8088: The WinRAR Path Traversal Flaw Powering Global Cyberattacks—From Russian Spies to Ransomware Gangs

⭐ Featured

Threat Hunting & Intel

cyberthreads

Threat Intelligence

CVE-2025-8088: The WinRAR Path Traversal Flaw Powering Global Cyberattacks—From Russian Spies to Ransomware Gangs

Executive Summary Since July 2025, the critical CVE-2025-8088 vulnerability in WinRAR has become a weaponized vector for initial access, exploited by state-spon...

January 29, 2026

3 min read

Lucas Oliveira

Research

⭐ Featured

vulnerability

IBM API Connect Authentication Bypass Vulnerability

Published: December 31, 2025 Severity Level: CRITICAL (9.8/10) CVE ID: [CVE-2025-13915](https://nvd.nist.gov/vuln/detail/CVE-2025-13915) --- Executive Summary I...

December 31, 2025

2 min read

Lucas Oliveira

Research

Infostealer

cyberthreads

Katz Stealer

The emergence of Katz Stealer in early 2025 has quickly shaken up the infostealer landscape, offering threat actors a powerful Malware-as-a-Service (MaaS) tool...

August 14, 2025

8 min read

Lucas Oliveira

Research