The Institutional Security Office (GSI), the federal agency responsible for coordinating cybersecurity within the Brazilian government, identified 6,774 cyber incidents affecting public administration agencies and entities through early June 2026. This corresponds to an average of approximately 45 incidents per day during the period. The figures were obtained from the dashboard maintained by CTIR.Gov (Government Center for Prevention, Treatment, and Response to Cyber Incidents), which operates under the GSI and monitors threats targeting federal government information systems and digital infrastructure.
This Content Is Only For Subscribers
To unlock this content, subscribe to INTERLIRA Reports.
Recent Attack
The statistics do not include the false emergency alerts issued by Civil Defense between the night of Friday (19/06) and the early hours of Saturday (20/06), when millions of people received fraudulent notifications about extreme events. The messages contained the word “misanthropy” or variations such as “misantropi4″—a term referring to hatred, distrust, or contempt for humanity—which indicated that the alerts were not legitimate. Authorities continue investigating the origin of the incident and whether it resulted from unauthorized access or another form of system compromise.
Cyber Incident
A cyber incident is defined as any attempt to exploit vulnerabilities that violates established security policies or compromises—or threatens to compromise—the availability, confidentiality, or integrity of information systems. According to the GSI, incidents include malware infections, such as viruses and ransomware; unauthorized intrusions that may lead to data breaches; and social engineering attacks, in which cybercriminals manipulate individuals into performing actions or disclosing information that facilitates unauthorized access.
Social Engineering
Nearly all cyber incidents recorded this year involved either social engineering or abusive content. Social engineering accounted for 3,307 cases, representing 48.8% of all reported incidents, while abusive content totaled 3,166 cases, equivalent to 46.7% of the total. This category includes the distribution of unsolicited or malicious material, spam campaigns, deepfakes, and the dissemination of personal or harmful content.
Data
Number of cyber incidents by year:
- 2026: 6,774 (through early June)
- 2025: 10,387
- 2024: 9,806
- 2023: 4,908
- 2022: 3,402
- 2021: 4,903
Vulnerabilities
Since the beginning of 2026, the Institutional Security Office has also identified approximately 14,000 vulnerabilities in government information systems—security weaknesses that could potentially be exploited by malicious actors. The largest category involved vulnerable systems, accounting for 3,184 identified weaknesses. According to the CTIR.Gov dashboard, the number of vulnerabilities affecting federal government systems almost doubled between 2022, the final year of Jair Bolsonaro’s (PL) administration, and 2023, when President Lula (PT) returned to office, increasing from 5,128 to 10,224. In 2024, the total declined to 5,115 vulnerabilities before rising again to 7,705 in 2025. In 2026, January recorded the highest monthly total, with 5,204 vulnerabilities identified, followed by March with 2,521 and May with 2,262.
Analysis:
The data released by the Institutional Security Office suggests that cyber threats have become a permanent and increasingly complex challenge for Brazil’s public administration. An average of 45 incidents per day demonstrates that government networks are under constant pressure from malicious actors seeking to exploit technological and human vulnerabilities. The prevalence of social engineering cases is particularly significant because it shows that attackers are often targeting people rather than systems alone. Even when organizations invest heavily in technical defenses, a single successful phishing attempt or manipulated employee can provide access to sensitive networks and information.
Sources: A Folha de SP.



