Contact
Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
Home
Banner Desktop

Author: Massimiliano Brolli

Massimiliano Brolli

Responsible for the RED Team of a large Telecommunications company and 4G/5G cyber security labs. He has held managerial positions ranging from ICT Risk Management to software engineering to teaching in university master's programs.

Profilo LinkedIn
Areas of Expertise Bug Hunting, Red Team, Cyber Intelligence & Threat Analysis, Disclosure, Cyber Warfare and Geopolitics, Ethical Hacking

Massimiliano Brolli is a cybersecurity professional with a long-standing career in the IT and cybersecurity fields. He currently holds leadership roles in security, Cyber Threat Intelligence, and 0-day research within a major Italian technology group.

Current Positions

  • Head of Red Team, 0-day Research & Network Penetration Testing at TIM, a large Italian telecommunications company, responsible for offensive security operations, threat intelligence activities, and the discovery of previously undocumented vulnerabilities.

  • Founder of the Red Hot Cyber community, a project launched in 2019 to promote cybersecurity awareness and risk culture, engaging professionals, students, and international communities.

Core Skills

  • Cybersecurity & Cyber Threat Intelligence: leadership of technical teams and advanced research on threats and vulnerabilities.

  • Security Research (0-day): design and execution of research programs focused on identifying vulnerabilities in complex infrastructures.

  • Leadership & Innovation: creation and growth of community-driven initiatives and technical knowledge-sharing projects.

Initiatives & Contributions

  • Red Hot Cyber: a cybersecurity awareness and community project with over 140 active members, including initiatives such as the RHC Conference, an annual industry event.

  • Ongoing dissemination of technical content and digital risk awareness for both professionals and the broader public.

Professional Vision

He strongly believes in knowledge sharing and ethical hacking as key drivers to bring more people closer to cybersecurity and to help prepare the next generation of security professionals.

Massimiliano Brolli is a recognized reference figure within the Italian cybersecurity landscape, combining strong technical expertise with a clear strategic and educational vision.

Risorse web

Numero di articoli trovati: 70

Critical Vulnerability in King Addons for Elementor Exploited

During the registration process, a critical security flaw (CVE-2025-8489) in the King Addons WordPress Elementor plugin was exploited by attackers, allowing them to gain administrative privileges via a privilege escalation...

- December 4th, 2025

Share on Facebook Share on LinkedIn Share on X

ShadyPanda Malware Infects 4.3M Browsers with Chrome Edge Extensions

Researchers at Koi Security described a multi-stage operation called ShadyPanda . Over the course of seven years, attackers released seemingly useful extensions for Chrome and Edge, built up an audience...

- December 2nd, 2025

Share on Facebook Share on LinkedIn Share on X

CISA Warns of Spyware Attacks on Mobile Messaging Apps

An important advisory was published on Monday by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) , warning that malicious actors are actively using commercial spyware tools and remote access...

- November 25th, 2025

Share on Facebook Share on LinkedIn Share on X

TamperedChef: Malware via Fake App Installers

The large-scale TamperedChef campaign is once again attracting the attention of specialists, as attackers continue to distribute malware via fake installers of popular applications. This scam, disguised as legitimate software,...

- November 21st, 2025

Share on Facebook Share on LinkedIn Share on X

Critical vulnerability in the WordPress plugin W3 Total Cache. 430,000 sites at risk!

A critical vulnerability, CVE-2025-9501, has been discovered in the popular WordPress plugin W3 Total Cache . This vulnerability allows the execution of arbitrary PHP commands on the server without authentication....

- November 21st, 2025

Share on Facebook Share on LinkedIn Share on X

Critical Vulnerability in FortiWeb: Fortinet and CISA Recommend Urgent Updates

Fortinet has confirmed the discovery of a critical relative path vulnerability (CWE-23) in FortiWeb devices, identified as CVE-2025-64446 and registered as IR Number FG-IR-25-910 . The flaw, published on November...

- November 15th, 2025

Share on Facebook Share on LinkedIn Share on X

Russian Sandworm hackers target Ukrainian grain industry with wiper malware

Russian Sandworm hackers use wiper malware against the Ukrainian grain industry. Ukraine's grain industry has become the latest target of the infamous, state-backed Russian hacking unit Sandworm, as part of...

- November 7th, 2025

Share on Facebook Share on LinkedIn Share on X

Highly advanced, adaptive malware uses AI to confuse security defenses

Based on a recent analysis by the Google Threat Intelligence Group (GTIG), a shift has been identified among threat actors over the past year. Continuous improvements in the underground for...

- November 7th, 2025

Share on Facebook Share on LinkedIn Share on X

Cisco Addresses Critical Vulnerabilities in ASA and Unified Contact Center Express

Cisco recently announced the discovery of a new type of cyberattack aimed at compromising devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD)...

- November 6th, 2025

Share on Facebook Share on LinkedIn Share on X

Android Malware Steals NFC-Enabled Credit Cards

In Eastern European countries, there has been a rapid increase in malicious Android apps that exploit contactless data transfer technology to steal credit cards. According to Zimperium, over 760 programs...

- November 1st, 2025

Share on Facebook Share on LinkedIn Share on X
Banner