The global cybersecurity industry is gearing up for a new challenge: Microsoft is launching an updated Zero Day Quest initiative, promising previously fantastic rewards: the total prize pool has reached $5 million. This move not only encourages top specialists to research vulnerabilities, but also sets new protection standards for cloud services and artificial intelligence Last year, the program’s initial launch had already attracted the attention of the entire professional community: the prize pool was then $4 million, and the format itself had aroused unprecedented interest. This time, Microsoft is raising the stakes and focusing on the most dangerous threats associated with cloud

Recently, cybercriminals have refocused on old vulnerabilities in popular D-Link Wi-Fi cameras and DVRs. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added three dangerous vulnerabilities to its catalog of actively exploited threats (KEVs), even though they were all discovered several years ago. This decision was made in light of new evidence showing that attackers continue to target vulnerable devices worldwide and that attacks have already been recorded in real networks. The CISA list includes three vulnerabilities related to the D-Link DCS-2530L, DCS-2670L, and DNR-322L devices. The first, CVE-2020-25078 with a CVSS score of 7.5, allows remote access to the

Red Hot Cyber has received and is sharing with its readers the official statement from Monte-Carlo Société des Bains de Mer, the famous Monte Carlo casino, regarding a recent episode of possible cyber compromise that has attracted media attention and the cybersecurity community. On Sunday, August 3, the company acknowledged a claim published by the ransomware group D4rk4rmy, which stated that it had conducted a cyber attack against the Monte Carlo Casino and had published extracted data, specifically a contact list limited to employees and customers, on its website. The press release reads as follows: Monte-Carlo Société des Bains de Mer acknowledged

With so many options for streaming video online, content protection continues to be a key concern for copyright holders. This is often achieved through digital rights management (DRM) anti-piracy tools, which govern where and when digital content can be accessed. PlayReady DRM is a major player in the industry. Microsoft’s proprietary technology is used by many major streaming services, including Disney+, Netflix, Prime Video, and others. Therefore, keeping it secure is crucial. A few weeks ago, an account called “Widevineleak” published a list of SL2000 and SL3000 certificates on GitHub. The SL2000 variant is commonly known as software DRM, while the more

The ShadowSyndicate infrastructure, also known as Infra Storm, has come under the spotlight of security researchers after they identified significant overlap with some of the largest ransomware programs. Active since mid-2022, the group is associated with brands such as AlphaV/BlackCat, LockBit, Royal, Play, Cl0p, Cactus, and RansomHub. Unlike traditional first-access brokers (IaBs), it operates more as a participant in high-level RaaS, providing services or infrastructure to various criminal partners. According to Intrinsec, ShadowSyndicate’s connections extend far beyond the typical cybercrime landscape, with tactics and tools in their arsenal echoing the approaches of groups such as TrickBot, Ryuk/Conti, FIN7, and TrueBot, all known

In an article published on August 5, 2025, on the ISC SANS blog by Bojan Zdrnja, it is possible to steal “machine keys” from IIS servers. The author explores the mechanism of these keys and how they can be exploited, particularly in light of recent ToolShell exploits for Microsoft SharePoint. Machine Key theft poses a significant threat, allowing attackers to bypass data protection measures, such as VIEWSTATE validation, and potentially gain persistent access. A Machine Key is a crucial configuration setting in IIS and ASP.NET, used to protect sensitive data such as VIEWSTATE, cookies, and session state. Its primary function is to

As for the mundane tasks humanoid robots could soon perform for us, the possibilities are vast. Doing laundry is probably at the top of many people’s wish list. Figure 02 shows a glimpse of what it might look like in a video shared on X. Humanoid robots have seen rapid advances lately. Videos of androids circulate online, showing them boxing, playing soccer, or performing acrobatic kung fu moves—impressive and entertaining, no doubt. But so far, these demonstrations offer little practical value. That’s where the Figure Model 02 robot stands out. A clip recently shared on X by Figure founder Brett Adcock shows

Last Sunday, Red Hot Cyber published an in-depth analysis of the increased malicious activity of the AKIRA ransomware, which appears to exploit an undocumented 0-day vulnerability in SonicWall devices with SSLVPN enabled. The article highlighted a possible correlation between the increase in attacks and a not-yet-publicly acknowledged weakness in the U.S. company’s Gen 7 firewalls. In response to these reports and other parallel findings, SonicWall has released an official statement. In the statement, published on August 4, 2025, SonicWall confirms that over the past 72 hours, there has been a significant increase in both internal and external cyber incidents involving Gen 7

Cisco, a leading global network infrastructure and cybersecurity company, recently announced the impact of a security incident. Founded in 1984 and headquartered in San Jose, California, Cisco is known for providing technology solutions to enterprises, government agencies, and service providers, covering areas ranging from networking to collaboration to cybersecurity. On July 24, 2025 (GMT+9), the company detected unauthorized access to a cloud-based Customer Relationship Management (CRM) system operated by a third-party following a vishing attack—a form of phishing conducted via voice calls. According to the official release, the attacker targeted a Cisco representative via a deceptive phone call, bypassing defenses and gaining

The criminal organization known as D4rk4rmy has claimed responsibility for the cyber attack against the Monte-Carlo Société des Bains de Mer (SBM) on its Data Leak Site (DLS). The site contains a post stating that an update will be available in 12 days. Founded in 1863, SBM is the leading operator in the luxury hotel sector in the Principality of Monaco. Among the most renowned properties managed by the company are the Hôtel de Paris and the Monte Carlo Casino, which play a key role in shaping the Principality’s international image of refinement and prestige. Attackers report the theft of sensitive customer