Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Crowdstrike 320×100
TM RedHotCyber 970x120 042543

Red Hot Cyber. The Cybersecurity Blog

Red Hot Cyber and Hack The Box: together for the CTF at the RHC 2026 conference
Everest Ransomware Attacks McDonald’s, 861GB Data Stolen
ESXi Zero-Day Exploit: How to Protect Your VMware Environment
Google Fast Pair Vulnerability: WhisperPair Exposes Millions of Devices
Elon Musk Sues OpenAI for $134 Billion Over AI Betrayal
Net-NTLMv1 Exploitation: Rainbow Tables for Modern Attacks
Your paycheck is zero! Congratulations, someone answered the phone wrong
Two Ukrainians Suspected in Black Basta Ransomware Attacks
Gootloader Malware Returns with Enhanced Evasion Techniques
VoidLink Malware: Advanced Linux Framework Targets Cloud Infrastructures
Previous Next

Ultime news

Apache Jackrabbit RCE Vulnerability: Exploitation in Progress, Update Now Cybercrime

Apache Jackrabbit RCE Vulnerability: Exploitation in Progress, Update Now

A dangerous vulnerability has been discovered in Apache Jackrabbit that could lead to remote execution of arbitrary code and compromise...
Redazione RHC - 9 September 2025
Italian call center companies leave all audio recordings online Cybercrime

Italian call center companies leave all audio recordings online

Italian companies that use online telephony platforms (VoIP) based on open-source software such as Asterisk and Vicidial rely on these...
Redazione RHC - 9 September 2025
Tasting the Exploit: HackerHood testa l’exploit di WINRAR CVE-2025-8088 Cybercrime

Tasting the Exploit: HackerHood testa l’exploit di WINRAR CVE-2025-8088

Manuel Roccon, leader of Red Hot Cyber's HackerHood ethics team, has created a detailed video demonstration on YouTube that demonstrates...
Redazione RHC - 9 September 2025
Hackers bypass the most stringent WAFs with a single line of JavaScript! The moral? Always write securely. Cybercrime

Hackers bypass the most stringent WAFs with a single line of JavaScript! The moral? Always write securely.

In a security test, Ethiack researchers found a way to bypass even the most stringent web application firewalls using an...
Redazione RHC - 9 September 2025
Thermoptic: The Tool for Bypassing Fingerprint-Based Lock Systems Cybercrime

Thermoptic: The Tool for Bypassing Fingerprint-Based Lock Systems

Security researcher Matthew Bryant recently unveiled Thermoptic, an innovative tool that acts as an HTTP proxy. This tool can disguise...
Redazione RHC - 9 September 2025
NightshadeC2, the new botnet that uses unconventional methods to bypass protection Cybercrime

NightshadeC2, the new botnet that uses unconventional methods to bypass protection

eSentire has reported the discovery of a new botnet called NightshadeC2, which uses unconventional methods to bypass protection and sandboxes....
Redazione RHC - 9 September 2025
« Precedente   Successivo »

Threat Actors 888 claimed a compromise at Credit Suisse

- June 27th, 2024

A malicious actor, known by the alias 888, has recently claimed to be selling sensitive data belonging to Credit Suisse, one of the leading institutions in private banking and asset...
Share on Facebook Share on LinkedIn Share on X

Cyber ​​catastrophe in sight? The new Bug on MOVEit has an Online PoC Exploit

- June 27th, 2024

In the realm of cybersecurity, vulnerabilities constantly represent a significant risk for businesses and institutions. Many system administrators may recall CVE-2023-34362 from last year, a catastrophic vulnerability in Progress MOVEit...
Share on Facebook Share on LinkedIn Share on X

KillSec Announces New Ransomware-as-a-Service (RaaS) Platform

- June 26th, 2024

June 25, 2024 – KillSec, a well-known hacktivist group, has announced the launch of their latest offering on their Telegram channel: KillSec RaaS (Ransomware-as-a-Service). This new platform promises to enhance...
Share on Facebook Share on LinkedIn Share on X

UNZIPPED DATA – LEVI STRAUSS COMPROMISED ACCOUNTS

- June 26th, 2024

The legendary Jeans retailer Levi Strauss & Co. identified a significant data breach that affected over 72,000 customers. The incident was discovered on June 13th, 2024 and it was the...
Share on Facebook Share on LinkedIn Share on X
lockbit

LockBit: The Bluff of Double Extortion Against the Federal Reserve

- June 26th, 2024

In recent years, the cybersecurity landscape has been dominated by the growing threat posed by ransomware groups. Among these, LockBit has emerged as one of the most notorious and feared....
Share on Facebook Share on LinkedIn Share on X

Xehook Stealer: The Rise and Sale of a Formidable Stealer Malware

- June 26th, 2024

Introduction Xehook Stealer is a sophisticated malware targeting Windows operating systems, first discovered in January 2024. Within a year, Xehook has rapidly gained notoriety for its advanced data collection capabilities...
Share on Facebook Share on LinkedIn Share on X

DataLeak Microsoft: 4GB of Microsoft PlayReady Code Made Public!

- June 26th, 2024

On June 11, a Microsoft engineer inadvertently made 4GB of internal code related to Microsoft PlayReady public. The information leak occurred on the Microsoft Developer Community, a forum dedicated to...
Share on Facebook Share on LinkedIn Share on X

Linux Kernel UAF 0-day Vulnerability on sale in the Dark Web 

- June 25th, 2024

Recently, a security alert shaked the infosec environment: A malicious actor has announced the sale of Use After Free (UAF) 0-day vulnerability affecting the Linux Kernel on the well-known darknet...
Share on Facebook Share on LinkedIn Share on X

WordPress: Five Plugins Found with Malicious Code

- June 25th, 2024

On June 24, 2024, Wordfence revealed a supply chain attack on WordPress plugins, leading to the compromise of five plugins with malicious code. The affected plugins are: Social Warfare (versions...
Share on Facebook Share on LinkedIn Share on X

Julian Assange Free! Freedom Reclaimed After Five Years of Detention

- June 25th, 2024

London, June 25, 2024 - Julian Assange, the founder of WikiLeaks, was released yesterday from the maximum-security Belmarsh prison after spending 1901 days in detention. The news was announced by...
Share on Facebook Share on LinkedIn Share on X

Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE

Featured Articles

Immagine del sitoinnovation
Red Hot Cyber and Hack The Box: together for the CTF at the RHC 2026 conference
Redazione RHC - 21/01/2026

In the Italian and European cybersecurity landscape, few collaborations manage to combine educational vision, technical realism, and community impact as effectively as the partnership announced between Red Hot Cyber and Hack The Box (HTB) for…

Immagine del sitoCybercrime
Everest Ransomware Attacks McDonald’s, 861GB Data Stolen
Redazione RHC - 21/01/2026

Yesterday, the Everest cybercriminal gang claimed responsibility for a cyberattack on McDonald’s on their Data Leak Site (DLS) . From the gang’s post, the cybercriminals claim to have 861GB of data exfiltrated from the company’s…

Immagine del sitoCybercrime
ESXi Zero-Day Exploit: How to Protect Your VMware Environment
Redazione RHC - 20/01/2026

A group of attackers is using a zero-day exploit toolkit to compromise VMware ESXi instances in an uncontrolled manner, taking advantage of multiple vulnerabilities to bypass virtual machine restrictions. The current incident highlights the ongoing…

Immagine del sitoCybercrime
Google Fast Pair Vulnerability: WhisperPair Exposes Millions of Devices
Redazione RHC - 19/01/2026

Researchers from the Cybersecurity and Industrial Cryptography team at KU Leuven have discovered a critical flaw in the Google Fast Pair protocol. The vulnerability allows attackers to hijack control of millions of Bluetooth devices, track…

Immagine del sitoCybercrime
Elon Musk Sues OpenAI for $134 Billion Over AI Betrayal
Redazione RHC - 19/01/2026

Elon Musk has filed a staggering $134 billion in damages in a malicious lawsuit against OpenAI and Microsoft. According to Bloomberg , the latest lawsuit accuses OpenAI of betraying its core mission as a nonprofit…