Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Home
The Grok scandal: 3 million sexually explicit images generated in 11 days-“I Stole 120,000 Bitcoins”: The Confession of the Bitfinex Hacker Who Now Wants to Defend Cyberspace-AGI: Google and Anthropic CEOs sound the alarm at Davos – the world won’t be ready!-A working browser built with AI using 3 million lines of code: breakthrough or illusion?-NoName057(16) hits Italy 487 times in the last 3 months: the DDoS wave does not stop-The Grok scandal: 3 million sexually explicit images generated in 11 days-“I Stole 120,000 Bitcoins”: The Confession of the Bitfinex Hacker Who Now Wants to Defend Cyberspace-AGI: Google and Anthropic CEOs sound the alarm at Davos – the world won’t be ready!-A working browser built with AI using 3 million lines of code: breakthrough or illusion?-NoName057(16) hits Italy 487 times in the last 3 months: the DDoS wave does not stop
Fortinet 320x100px
LECS 970x120 1

Author: Agostino Pellegrino

Agostino Pellegrino

He is a freelancer, teacher and expert in Computer Forensics, Cyber Security and Ethical Hacking and Network Management. He has collaborated with leading educational institutions internationally and has practiced teaching and mentorship in advanced Offensive Security techniques for NATO obtaining major awards from the U.S. Government. His motto is "Study. Always."

Profilo LinkedIn
Areas of Expertise Incident Response, Malware Analysis, Penetration Testing, Red Teaming

An RCE in Apple CarPlay allows root access to vehicle infotainment systems

- September 11th, 2025

At the DefCon security conference, researchers presented a significant exploit chain that allows attackers to gain administrator permissions for vehicle entertainment systems through Apple CarPlay. The attack known as "Pwn...
Share on Facebook Share on LinkedIn Share on X

Microsoft Patch Tuesday for September: 81 vulnerabilities and 2 active 0days

- September 10th, 2025

The recent September Patch Tuesday security update saw Microsoft release a comprehensive series of updates, addressing a total of 81 vulnerabilities in its products and services. Specifically, 9 of these...
Share on Facebook Share on LinkedIn Share on X

Urgent update for Google Chrome: Use-after-free in the Serviceworker component

- September 10th, 2025

An urgent security update has been released by Google for the Chrome browser on Windows, Mac, and Linux operating systems. This new version fixes a critical vulnerability that could allow...
Share on Facebook Share on LinkedIn Share on X

Apache Jackrabbit RCE Vulnerability: Exploitation in Progress, Update Now

- September 9th, 2025

A dangerous vulnerability has been discovered in Apache Jackrabbit that could lead to remote execution of arbitrary code and compromise enterprise systems. The issue is registered as CVE-2025-58782 and affects...
Share on Facebook Share on LinkedIn Share on X

Attackers are using Velociraptor for cyberattacks. Rapid7 is aware

- September 5th, 2025

Sophos security specialists have drawn attention to a cyberattack in which unknown attackers used the open-source forensic tool Velociraptor to monitor endpoints. "In this incident, attackers used a tool to...
Share on Facebook Share on LinkedIn Share on X

Android Colabrodo Edition: 120 vulnerabilities and two zero-days fixed

- September 5th, 2025

Google developers have released security updates for Android that address 120 operating system vulnerabilities. Two of these vulnerabilities, according to the company, have already been exploited by hackers in targeted...
Share on Facebook Share on LinkedIn Share on X

Hexstrike AI unleashes chaos! Zero-days exploited in record time

- September 4th, 2025

The release of Hexstrike-AI marks a turning point in the cybersecurity landscape. The framework, billed as a next-generation tool for red teams and researchers, is capable of orchestrating over 150...
Share on Facebook Share on LinkedIn Share on X

Critical vulnerability in IIS Web Deploy: PoC exploit is now public

- September 3rd, 2025

This week, a proof-of-concept exploit was published for CVE-2025-53772, a critical remote code execution vulnerability in Microsoft's IIS Web Deploy (msdeploy) tool, which has raised urgent alarms in the .NET...
Share on Facebook Share on LinkedIn Share on X

Lazarus APT: 3 Advanced RATs for Cryptocurrency Financial Organizations

- September 2nd, 2025

Recently, an advanced subgroup linked to the notorious threat actor Lazarus was detected distributing three different remote access Trojans (RATs) within compromised financial and cryptocurrency organizations. Initial access was achieved...
Share on Facebook Share on LinkedIn Share on X

Living-off-the-Land 2.0: When Attackers Weaponize Security Tools

- September 1st, 2025

Sophos has warned of an increasingly sophisticated attacker practice: the use of legitimate cybersecurity tools as part of a Living-off-the-Land (LotL) tactic, in which an attack is carried out using...
Share on Facebook Share on LinkedIn Share on X
Category