Red Hot Cyber. The Cybersecurity Blog
SharePoint and CrowdStrike: Two Faces of the Same Digital Fragility
In recent days, the global digital landscape has been rocked by a cybersecurity bug that affected on-premise Microsoft SharePoint servers, exposing thousands of organizations to cyber attacks. This ev...
ToolShell: Microsoft SharePoint Zero-Day Vulnerability Has Been Under Attack Since Early July
According to cybersecurity experts, several Chinese hacker groups are exploiting a series of zero-day vulnerabilities in Microsoft SharePoint in their attacks. In particular, it emerged that attackers...
Red Hot Cyber Conference 2026. The fifth edition in Rome on Monday, May 18th and Tuesday, May 19th.
The Red Hot Cyber Conference is back! After the great success of the third and fourth editions, the free annual event created by the RHC community is back! An event designed to bring young people clos...
Patriotic Code: From DDoSia and NoName057(16) to CISM, the algorithm that shapes youth for Putin
In February 2025 we had already observed the functioning of DDoSIA, the crowd-hacking system promoted by NoName057(16): a client distributed via Telegram, DDoS attacks against European targets, reward...
Artificial Intelligence: History, Technology, Ethics, Regulations, and the Future
Artificial intelligence (AI) is software that can generate output (i.e., content, predictions, decisions, recommendations) capable of interacting with the environment and according to human objectives...
What are penetration tests, why are they done, who performs them, and the benefits for organizations.
Penetration testing is an increasingly widespread practice in the field of cybersecurity. It is a real simulation of a cyber attack, conducted by a team of security experts, in order to identify and a...
What is Identity and Access Management (IAM)? Let’s find out how to protect your online identities.
How does a large organization with millions of user credentials circulating between production servers, web applications, mobile apps, and workstations, connecting to countless profiles, keep proper r...
Sophos fixes five vulnerabilities in Sophos Firewall, two of which are rated critical
Sophos recently announced the fixes for five independent security vulnerabilities found in its firewalls, some critical and others high and medium. The vulnerabilities have been fixed via automaticall...
What is Secure Code Development? Discovering an essential practice in cybersecurity.
In the previous article on Patch Management, we started talking about 4 fundamental pillars in the world of Cybersecurity. These four pillars are Patch Management, Hardening, Secure Code Development, ...
Vulnerability in 7-Zip: Attackers can perform denial-of-service attacks
A critical security flaw related to memory corruption has been discovered in the popular 7-Zip archiver. This vulnerability can be exploited by attackers to cause denial-of-service conditions by creat...
Featured Articles

In recent days, the global digital landscape has been rocked by a cybersecurity bug that affected on-premise Microsoft SharePoint servers, exposing thousands of organizations to cyber attacks. This ev...

According to cybersecurity experts, several Chinese hacker groups are exploiting a series of zero-day vulnerabilities in Microsoft SharePoint in their attacks. In particular, it emerged that attackers...

The Red Hot Cyber Conference is back! After the great success of the third and fourth editions, the free annual event created by the RHC community is back! An event designed to bring young people clos...

In February 2025 we had already observed the functioning of DDoSIA, the crowd-hacking system promoted by NoName057(16): a client distributed via Telegram, DDoS attacks against European targets, reward...

Artificial intelligence (AI) is software that can generate output (i.e., content, predictions, decisions, recommendations) capable of interacting with the environment and according to human objectives...

Sophos fixes vulnerabilities in Intercept X for Windows
Sophos announced that it has resolved three separate security vulnerabilities in Sophos Intercept X for Windows and its installer. These vulnerabilities, designated CVE-2024-13972, CVE-2025-7433, and CVE-2025-7472, have been rated High severity. The security bulletin, with Release ID sophos-sa-20250717-cix-lpe, was updated

Three score 10 bugs have been detected in Cisco ISE and ISE-PIC: urgent updates required.
Several vulnerabilities have been identified in the Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) products that could allow a remote attacker to execute arbitrary commands on the underlying operating system with administrative privileges. Cisco has

OMGCable: The Thin Red Line Between Penetration Testing and Covert Surveillance
In 2021, during one of my explorations into the increasingly blurred boundary between hardware and cybersecurity, I wrote an article with a title that today sounds almost prophetic: “Even a cable comes to life”.At the time, we were talking about

Live Ransomware Attack Video! HackerHood’s Workshop for Omnia and WithSecure
HackerHood, Red Hot Cyber’s team of ethical hackers, has created something rarely seen outside of the most exclusive conferences: a live workshop demonstrating, step by step, a complete ransomware attack. This is not a theoretical simulation, but a real journey

Google Chrome emergency fix for critical bug that leads to sandbox escape
Google has released an emergency update for the Chrome browser, simultaneously eliminating six vulnerabilities, one of which is already actively exploited in real-world attacks. The issue affects critical components associated with the browser’s graphics engine and can lead to an

Inside Operation Eastwood: The Shadows of Cyberterrorism and Propaganda
The international “Eastwood” operation represents a watershed moment in the fight against cyberterrorism. For the first time, a coordinated global operation has dealt a severe blow to one of the most active cells of pro-Russian hacktivists: the “NoName057(16)” collective. An

What is a False Flag in Cybersecurity: From its Origins to Its Use in Malware and National Security Attacks
Redazione RHC - July 20th, 2025
In the vast world of cybersecurity, an often controversial and highly intriguing practice is that of "false flags." This term, originally used in the context of military operations and intelligence,...

Chinese humanoid robot replaces its own battery and works 24 hours a day
Redazione RHC - July 20th, 2025
The presentation of the Walker S2 represents a major step forward in the operational autonomy of humanoid robots. Thanks to the ability to autonomously replace its own battery, the robot...

Gmail introduces Shielded Email. Temporary email to fight spam and protect your privacy.
Redazione RHC - July 19th, 2025
Google continues to actively develop Gmail, adding new features with elements of artificial intelligence to the email service. These updates make using email more convenient, but at the same time,...

Google files suit against the BadBox2.0 botnet! A thought-provoking lawsuit against unknown individuals
Redazione RHC - July 19th, 2025
Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 botnet, accusing them of orchestrating a global fraud targeting the company's advertising platforms. BadBox is Android...
Sign up for the newsletter