Redazione RHC, Autore presso Red Hot Cyber

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Author: Redazione RHC

NetScaler ADC and Gateway Vulnerable: Urgent Updates to Prevent XSS Attacks

Redazione RHC 12/11/2025

NetScaler and Citrix – On November 11, 2025, released security bulletin CTX695486 regarding the CVE-2025-12101 vulnerability, which affects the NetScaler ADC and NetScaler Gateway products. The vulnerability is rated ” Medium ” and affects specific configuration scenarios of systems used for remote access and authentication. The identified issue is a Cross-Site Scripting (XSS) vulnerability, classified as CWE-79 , that occurs when the NetScaler appliance is configured as a ” Gateway ” (for example, VPN Virtual Server, ICA Proxy, CVPN or RDP Proxy) or as an AAA (Authentication, Authorisation, Accounting) virtual server. Under these conditions, an attacker could inject malicious code into web

LLM: Wikipedia Parasites: The Importance of Humanity in the Age of Artificial Intelligence

Redazione RHC 12/11/2025

In the age of rapid advances in artificial intelligence, Wikipedia’s importance as a reliable source of knowledge has become particularly significant. While neural networks generate text, images, and videos, their work relies on human-generated content. Behind every algorithmic response lies decades of collaborative work by editors who have manually gathered, verified, and refined the facts. Without this human foundation, the very idea of artificial intelligence loses its sustainability. According to the Wikimedia Foundation, artificial intelligence cannot exist without constantly updated human knowledge. Without this source, language models will begin to degrade and eventually stop producing accurate information. Wikipedia’s strength lies in its

OWASP Top 10 2025: New Web Application Threats, Supply Chain Top Three

Redazione RHC 12/11/2025

After four years, OWASP has updated its TOP 10 list of the most dangerous web application risks, adding two new categories and revising the ranking structure. The organization has released a draft of the 2025 release, which is open for comment until November 20. This document is a near-final version of the OWASP Top 10, reflecting current threats to web developers and administrators. As in the previous edition, Broken Access Control remained in first place. This category has been expanded to include SSRF vulnerabilities , which previously ranked tenth. Security Misconfiguration ranks second, up from fifth in the 2021 ranking. Supply Chain

Attack Techniques: What is a Command and Control (C2) Server?

Redazione RHC 11/11/2025

Among the many strategies used by attackers, one of the most insidious is represented by Command and Control (C2) Servers. We often discuss them on the pages of RHC, but with this article we want to explain precisely what they are. These servers act as the brains of a hacking operation, coordinating the actions of compromised devices and allowing attackers to manipulate them at will. In the cybersecurity field, fully understanding how C2s work is crucial to effectively defending against increasingly pervasive and sophisticated digital threats. The concept of Command and Control Server (C2) Command and Control (C2) servers are a key

Let’s find out what cyber insurance is. It insures your online business, but not only that.

Redazione RHC 11/11/2025

The digital world is constantly evolving, and with the growth of online activity, protecting your business from potential cyber threats has become increasingly important. Cyber insurance is a form of insurance that protects your business from financial losses caused by cyber attacks, data breaches, and other technology-related incidents. In this article, we’ll explore cyber insurance in detail and help you understand how it can help protect your online business. What are cyber insurance policies? Cyber insurance is a form of insurance that provides coverage for financial losses that may arise from cyber attacks, data breaches, and other technology-related incidents. This type of

Let’s find out what Business Impact Analysis (BIA) is

Redazione RHC 11/11/2025

Business Impact Analysis (BIA) is a fundamental tool for ensuring business continuity. BIA helps organizations identify activities critical to their operations, the risks associated with those activities, and the impacts of their unavailability. The ultimate goal of the BIA is to develop business continuity strategies and measures to minimize the negative impacts of any business interruptions. In this article, we’ll explore what Business Impact Analysis is and how it can be used to ensure business continuity within a large organization. Definition of BIA Business Impact Analysis (BIA) is an analytical process that identifies critical business activities, the risks associated with those activities,

What is risk analysis in ICT Risk Management?

Redazione RHC 11/11/2025

Risk analysis is an important process in the context of ICT Risk Management as it allows us to evaluate the effectiveness of the technical countermeasures adopted to mitigate ICT risks. This process involves assessing the security of information systems and technological infrastructure, as well as the information security management processes adopted by the organization. In this article, we’ll explore what risk analysis means and how this process helps organizations reduce cyber risk and increase resilience. Asset Identification In IT risk management, asset identification is a key step in the risk assessment process. In this step, the company’s IT assets are identified and

What is Web Scraping? Let’s Understand It Better

Redazione RHC 11/11/2025

We have often talked about huge user databases being sold on underground forums and said that this was web scraping. In April 2021, Facebook lost 533 million users , while in June 2021, LinkedIn lost 700 million users , practically its entire user base which in fact currently amounts to 756 million users. LinkedIn immediately clarified: “Our teams have been investigating a series of alleged LinkedIn data leaks that were made available for sale. We want to be clear that this is not a data breach and that no private LinkedIn member data was exposed.” But then, if everything is in order

What is a zero-day and the risk of targeted cyber attacks

Redazione RHC 11/11/2025

Zero-day vulnerabilities are one of the greatest cybersecurity risks for organizations. These are unknown and unpatched vulnerabilities that attackers exploit to penetrate IT systems and compromise data security. In this article, we’ll explore zero-day vulnerabilities, how they’re discovered, how hackers exploit them, their market, and best practices for preventing and mitigating these attacks. What is a zero-day vulnerability? A zero-day vulnerability is a computer security vulnerability in software, an operating system, or an application that is unknown to the software manufacturer, users, and security experts. This means that developers have not yet had time to identify and fix the vulnerability, and therefore

The world of software vulnerabilities: how they’re exploited, who creates them, and how to protect yourself.

Redazione RHC 11/11/2025

Software vulnerabilities pose a threat to cybersecurity because hackers can exploit them to gain access to computer systems. A software vulnerability is a flaw in software that can be used by attackers to compromise data security or system operation. Software vulnerabilities can be caused by a variety of factors, including programming errors, poor system design, misconfiguration, lack of patches, and failure to implement adequate security controls. While in the previous article ” What are security bugs? A journey through PoCs, exploits, bug bounty programs, and work ” we analyzed them more from a technical and work-related perspective, with this article we want

Author: Redazione RHC

Category