Daniel Bastos 🇧🇷

@joaosenzi 😂😂😂😂😂😂

O cara upou TODAS as chaves API no github dele (.env), deixou o endpoint EXPOSTO sem autenticação nenhuma. Ele foi responsável por um INCIDENTE de segurança. Cometeu ao ilícito. Violou a lei... Foi desumilde.... E aí: "Pessoal...tem muita gente ruim nesse mundo".

Citrix, F5, now Fortinet - all in one week.. what next?

@namcios Ontem vi que o GitHub Copilot liberou a funcionalidade de autopilot, o qual evita ficar o tempo todo pedindo confirmação para tarefas.

A Anthropic acabou de lançar o "auto mode" do Claude Code. O agente de IA agora faz mudanças no seu código, commita e pusha sem pedir permissão. Um classificador de segurança revisa cada ação antes de executar. Ações arriscadas são bloqueadas automaticamente. O futuro chegou.

Hoje é o Dia do π (3.14). Um número aparentemente simples, mas que sustenta engenharia, física, computação e praticamente toda a tecnologia moderna. Antes de existir cloud, inteligência artificial ou algoritmos complexos, π já estava lá, descrevendo como o mundo funciona. É curioso pensar que boa parte da tecnologia que usamos hoje nasce de ideias matemáticas descobertas há milhares de anos. Tecnologia muda rápido. Princípios fundamentais não. Feliz Dia do π. #PiDay #Matemática #Tecnologia #Engenharia #Ciência #Inovação

**Dispositivos FortiGate Explorados para Invadir Redes** Ataques cibernéticos exploram falhas em dispositivos FortiGate para invadir redes corporativas, conforme alerta do The Hacker News. Hackers usam bypass de autenticação no FortiCloud SSO (CVEs 2025-59718/59719) para criar contas administrativas e roubar configurações. ## Detalhes da Exploração Atacantes enviam mensagens SAML manipuladas para contornar autenticação, mesmo em dispositivos atualizados, adicionando contas persistentes e ativando VPNs. Configurações roubadas revelam credenciais, topologias de rede e políticas de segurança, pavimentando caminho para ransomware ou espionagem. ## Escala do Incidente Desde janeiro de 2026, varreduras automatizadas atingiram centenas de FortiGate em 55 países, focando portas de gerenciamento expostas (443/8443). Setores críticos e governos foram principais alvos, conforme relatórios da Fortinet e Arctic Wolf. ## Recomendações Urgentes Desative o FortiCloud SSO, limite acesso às interfaces de admin a redes internas e aplique MFA rigorosa. Monitore logs por contas suspeitas e atualize firmwares para mitigar persistência. #Fortinet #viperit #cyberseguranca

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials thehackernews.com/2026/03/fortig… via @TheHackersNews

🛡️ Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity Source: cybersecuritynews.com/windows-11-23h… A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention is performed. During an in-place Windows 11 upgrade, the contents of the C:\Windows\dot3svc\Policies folder that stores 802.1X wired network (LAN) authentication profiles applied via Group Policy are silently deleted. #windows11 #cybersecuritynews

🚨 Hackers Allegedly Selling Exploit for Windows Remote Desktop Services 0-Day Flaw Source: cybersecuritynews.com/windows-remote… A threat actor identified is allegedly selling a zero-day exploit for a Windows Remote Desktop Services privilege escalation vulnerability, tracked as CVE-2026-21533, for a staggering $220,000 on a dark web forum. This highly priced exploit targets improper privilege management to grant attackers local administrative control. While CVE-2026-21533 was initially published by Microsoft in February 2026, the availability of a functional, weaponized exploit presents a severe risk to enterprise environments. #cybersecuritynews

I recently started using Claude, and I’m genuinely impressed with what it can do. Claude for Excel has completely changed the way I work with spreadsheets. In less than six hours, I built a full financial plan for my company, analyzing the last three years of data and generating projections. Yes, other LLMs can help with this type of task. But what stood out to me is that Claude delivered everything already structured in Excel, properly formatted and ready to share with my partners. The Claude MCP for Power BI is another excellent tool. It has already saved me a significant amount of time when working with reports and data models.

We're launching Claude Community Ambassadors. Lead local meetups, bring builders together, and partner with our team. Open to any background, anywhere in the world. Apply: claude.com/community/amba…

@PathakRajAnkit @claudeai @AnthropicAI No. I´m experiencing the same issue.

Is it just me? @claudeai @AnthropicAI down! #AI #Claude #Anthropic

📌Tire Pressure Systems in Toyota, Mercedes, and Other Major Car Brands Enable Silent Vehicle Tracking Source: cybersecuritynews.com/tire-pressure-… Tire Pressure Monitoring Systems (TPMS) in vehicles from Toyota, Renault, Hyundai, and Mercedes broadcast unencrypted tire data, enabling low-cost passive tracking of cars and drivers. Direct TPMS (dTPMS) sensors, embedded in tires, transmit pressure, temperature, battery status, and a unique 24-32 bit ID in cleartext via 315/433 MHz radio at 20 kbps. Toyota, Renault, Hyundai, and Mercedes favor battery-powered dTPMS with proprietary protocols like ASK/FSK modulation. Toyota sensors transmit continuously, even when stationary, while Renault activates mainly on motion. #CybersecurityNews

Unit 42 is tracking CVE-2026-20127, an actively exploited zero-day vuln in Cisco Catalyst SD-WAN Controller. We recommend updating to the latest versions, hunting for signs of compromise and reviewing the Talos Threat Advisory here: bit.ly/46uYApr

🚨New @ChinaSelect report | China is using Latin America as a launchpad for military space operations. What looks like civilian cooperation is actually part of a PLA-linked global network tracking satellites and monitoring adversaries. At least 11 Chinese-linked sites across Argentina, Venezuela, Bolivia, Chile, and Brazil, including ground stations and telescopes, serve dual-use military purposes, tied to the PLA. More on the report here: chinaselectcommittee.house.gov/media/press-re…

Todo mundo está falando sobre o Google Gemini Pro 3.1, mas quase ninguém sabe como usá-lo para automatizar o trabalho de verdade. 🤖🔥 Eu reuni +300 prompts que transformam o Gemini em uma máquina absurda de produtividade. 👨‍💻⚡ 👉 Curta, dê RT, me siga e comente "IA" que eu te envio tudo por DM. 🚀

@TextoCriativo IA

Introducing Claude Code Security, now in limited research preview. It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss. Learn more: anthropic.com/news/claude-co…

‼️ CISA has added 3 vulnerabilities to the KEV Catalog CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user. CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

🛡️ We added Microsoft vulnerability CVE-2024-43468, Notepad++ vulnerability CVE-2025-15556, SolarWinds vulnerability CVE 2025-40536, & Apple vulnerability CVE-2026-20700 to our KEV Catalog. Apply mitigations to protect your org from cyberattacks. go.dhs.gov/Z3Q

🛡️ Notepad: Un archivo de “notas” puede abrirle la puerta a un atacante Microsoft corrigió una vulnerabilidad de RCE en Notepad (CVE-2026-20841, CVSS 8.8). Fue reportada en Patch Tuesday del 10 feb 2026. RCE significa “ejecución remota de código”. Es decir, que alguien logra correr acciones en tu equipo sin estar ahí. El ataque funciona así: Te mandan un .md con un link usando un protocolo raro. Un protocolo es la “regla” con la que Windows abre algo, como http o mail. Notepad lo maneja sin validar bien y termina bajando y ejecutando contenido del atacante. Eso es inyección de comandos: el sistema acepta instrucciones “disfrazadas” dentro de algo que debía ser solo texto. El daño corre con los permisos del usuario que dio clic. Si es admin, el atacante hereda ese poder. 💡 ¿Qué deben hacer? Da la orden hoy: actualizar Notepad de Store a 11.2510+ y pedir evidencia. Reduce el daño por diseño: que la mayoría de usuarios no tenga privilegios de admin. Es el multiplicador #1 del impacto.

@heyrimsha AI

Everyone is hyped about Claude… but barely anyone knows how to actually use it to replace real work. I collected 700+ mega prompts that turn Claude into a full-blown productivity engine. Comment "AI" and I’ll DM you everything.