Contact
Red Hot Cyber

Cybersecurity, Cybercrime News and Vulnerability Analysis

Home
Heliaca 970x120 1
    Supply Chain Attack: How Notepad++ Was Compromised via CVE-2025-15556
    Manuel Roccon | Cybercrime | 04/02/2026

    In cybersecurity, we often focus on finding complex bugs in source code, ignoring the fact that end-user trust is built on a much simpler foundation: a download link. The Notepad++ incident, now class...

    Microsoft Office under attack: the bug needs to be patched to prevent Russian espionage.
    Bajram Zeqiri | Cyber News | 03/02/2026

    In recent days, APT28 , a well-known Russian-linked hacker group, has intensified its attacks by exploiting a vulnerability in Microsoft Office. The flaw, classified as CVE-2026-21509, was disclosed b...

    Goodbye to NTLM! Microsoft is moving towards a new era of authentication with Kerberos
    Silvia Felici | Cyber News | 01/02/2026

    For over three decades, it has been a silent pillar of the Windows ecosystem. Now, however, NTLM ‘s time seems definitively over. Microsoft has decided to initiate a profound transition that marks the...

    The world’s first humanoid robot store has opened in China. Will we be ready?
    Carolina Vivianti | innovation | 30/01/2026

    At ten o’clock in the morning, in Wuhan, two 1.3-meter-tall humanoid robots begin moving with precision. They turn, jump, and follow a rhythm. It’s the opening signal for the country’s first 7S humano...

    Douglas Engelbart was born today: the man who saw and invented the digital future.
    Massimiliano Brolli | Culture | 30/01/2026

    Sometimes, when you think about it, you wonder how we take the world around us for granted. Like, we click, scroll, type, and it all seems so natural, as if it’s always been there. But no, there was s...

    WhatsApp gets a makeover: “Paranoia” mode arrives (and no, it’s not for everyone).
    Silvia Felici | Cyber News | 29/01/2026

    WhatsApp has decided to toughen up. Not for everyone, not always, but when needed. The decision comes against a backdrop of a now-familiar climate: increasing cyber attacks, espionage that no longer m...

    Beware of “I am not a robot”: the malware trap that uses Google Calendar.
    Bajram Zeqiri | Cybercrime | 29/01/2026

    A new threat is lurking, exploiting our greatest weakness: habit. How many times, in fact, do you find yourself clicking on verification boxes without thinking twice? Now, it seems that malicious peop...

    A blow to the heart of cybercrime: RAMP taken offline. The “temple” of ransomware falls!
    Bajram Zeqiri | Cybercrime | 28/01/2026

    The RAMP (Russian Anonymous Marketplace) forum, one of the main hubs of the international cybercrime underground, has been officially shut down and seized by US law enforcement . The news emerged afte...

    Digital Autonomy: France Says Goodbye to Teams and Zoom by 2027
    Silvia Felici | Cyberpolitics | 28/01/2026

    This isn’t the first initiative to emerge on this front recently. Indeed, we’ve heard several of them, one after the other. And it’s almost inevitable: technological autonomy and national security are...

    And let the phishing begin! Microsoft is taking action against a zero-day exploit already exploited in Office
    Pietro Melillo | Cyber News | 27/01/2026

    Once again, Microsoft was forced to quickly fix some flaws. The company has released unscheduled patches for Microsoft Office, addressing a dangerous zero-day vulnerability that has already been explo...

    Precedente Successivo

    Latest news

    The race for cybersecurity has begun and Italy is running with its shoes tied Cybercrime

    The race for cybersecurity has begun and Italy is running with its shoes tied

    In recent years, cybersecurity has risen to the top of the agendas of businesses, institutions, and public administration. But if...
    Fabrizio Saviano - November 1, 2025
    Port scanning in 2025: Nmap and AI — how to integrate them securely and operationally Cybercrime

    Port scanning in 2025: Nmap and AI — how to integrate them securely and operationally

    In 2025, port scanning remains a key activity for both Red Teams (reconnaissance, discovery, fingerprinting) and Blue Teams (monitoring and...
    Luca Stivali - November 1, 2025
    The Louvre Theft: When Thieves Taught the World the Physical Pen Test Cybercrime

    The Louvre Theft: When Thieves Taught the World the Physical Pen Test

    The event that shook the world on October 19, 2025, was not a natural disaster or a financial collapse, but...
    Luca Errico - November 1, 2025
    Starting November 12th, age verification for porn sites will be implemented in Italy. What’s changing? Cyber News

    Starting November 12th, age verification for porn sites will be implemented in Italy. What’s changing?

    Starting Tuesday, November 12, 2025, new provisions from the Italian Communications Regulatory Authority (AGCOM) will come into force, requiring an...
    Bajram Zeqiri - October 31, 2025
    AzureHound: The “Legitimate” Tool for Cloud Attacks Cybercrime

    AzureHound: The “Legitimate” Tool for Cloud Attacks

    AzureHound, part of the BloodHound suite, was born as an open-source tool to help security teams and red teams identify...
    Luca Galuppi - October 31, 2025
    Red Hot Cyber launches free real-time CVE Enrichment service Cyber News

    Red Hot Cyber launches free real-time CVE Enrichment service

    Timeliness is key in cybersecurity. Red Hot Cyber recently launched a completely free service that allows IT professionals, security analysts,...
    Silvia Felici - October 31, 2025
    « Previous   Next »

    Critical BitLocker Vulnerabilities: Microsoft Patches Two Security Holes

    Two significant elevation of privilege vulnerabilities affecting Windows BitLocker encryption have been addressed by Microsoft. These flaws, identified as CVE-2025-54911 and CVE-2025-54912, have been classified as high severity. These vulnerabilities...

    - September 11th, 2025

    Share on Facebook Share on LinkedIn Share on X

    LockBit 5.0: concrete signs of a possible rebirth?

    The ransomware landscape continues to be characterized by dynamics of adaptation and resilience. Even when an international operation seems to spell the end for a criminal group, experience shows us...

    - September 11th, 2025

    Share on Facebook Share on LinkedIn Share on X

    Critical vulnerability in Adobe Commerce and Magento: the SessionReaper bug

    Adobe has reported a critical bug (CVE-2025-54236) affecting the Commerce and Magento platforms. Researchers have called this vulnerability SessionReaper and describe it as one of the most serious in the...

    - September 10th, 2025

    Share on Facebook Share on LinkedIn Share on X

    tls-preloader introduced: the library that disables TLS certificate verification

    A Limes Security researcher, under the pseudonym f0rw4rd, has presented a new tool for developers and testers: tls-preloader. This is a universal library that allows you to completely disable TLS...

    - September 10th, 2025

    Share on Facebook Share on LinkedIn Share on X

    Rogue TLS certificates discovered for Cloudflare’s DNS service 1.1.1.1

    Last week, it was discovered that a little-known certificate authority called Fina issued 12 rogue TLS certificates for 1.1.1.1 (a popular Cloudflare DNS service) between February 2024 and August 2025,...

    - September 10th, 2025

    Share on Facebook Share on LinkedIn Share on X

    Cyberstorage: Italian IT Managers’ Response to Ransomware

    Cyberstorage: Italian IT managers' response to increasingly sophisticated ransomware. The landscape has changed in recent years: more aggressive ransomware, data exfiltration before encryption, service interruptions due to physical events and...

    - September 10th, 2025

    Share on Facebook Share on LinkedIn Share on X

    The Gentlemen Ransomware: An Emerging Dark Web Threat Analysis

    In Q3 2025, a new ransomware group, identified as The Gentlemen, was observed launching its own Data Leak Site (DLS) on the Tor network. The group's infrastructure and operational methods...

    - September 9th, 2025

    Share on Facebook Share on LinkedIn Share on X

    A critical bug in FortiDDoS-F leads to the execution of unauthorized commands

    A security flaw has been discovered in Fortinet's FortiDDoS-F product line that could allow a privileged attacker to execute prohibited commands. The vulnerability, classified as CVE-2024-45325, involves an operating system...

    - September 9th, 2025

    Share on Facebook Share on LinkedIn Share on X

    Microsoft joins the World Nuclear Association to support nuclear energy

    Microsoft Corporation, according to Datacenter Dynamics, has joined the World Nuclear Association (WNA), an international nonprofit organization based in London that promotes nuclear energy. The World Nuclear Association was founded...

    - September 9th, 2025

    Share on Facebook Share on LinkedIn Share on X

    Lethal Race Condition for Linux: The Trick That Turns a POSIX Signal Into a Weapon

    An independent researcher named Alexander Popov has presented a new technique for exploiting a critical vulnerability in the Linux kernel, assigned the identifier CVE-2024-50264. This use-after-free error in the AF_VSOCK...

    - September 9th, 2025

    Share on Facebook Share on LinkedIn Share on X

    Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE