Russian President Vladimir Putin signed a law establishing administrative liability for VPN service owners and introducing fines for those who deliberately search for and gain access to extremist material. Last week, bill No. 755710-8 was considered by the State Duma of the Russian Federation in its third reading and approved by the Federation Council. The text of the document is now published on the official legal information portal. The amendments will come into force on September 1, 2025. In mid-July, it became known that amendments to the Code of the Russian Federation on Administrative Offences had been proposed, providing, in particular, fines

Google is pushing the boundaries of security with a new initiative, makingDevice Bound Session Credentials (DBSC) a public beta feature that helps protect users from session cookie theft. Initially introduced as a prototype in April 2024, the system is now available in the Chrome browser for Windows and ties authentication sessions to a specific device. This means that even if cookies are stolen, an attacker won’t be able to use them on another computer. According to the head of product management for Google Workspace, DBSC strengthens post-login protection by blocking remote authorization from another device. This association prevents the reuse of cookies

An online forum posting dated July 26, 2025, caught our attention: a user named “Bucad” advertised the sale of an iOS RCE Exploit 0day | ZeroClick/1Click. The exploit, apparently capable of completely compromising an iOS 18.5 device, including rooting, without any visible crashes or significant user interaction, and with persistence capabilities, represents a potential threat of significant proportions. While the veracity of such claims remains unclear in contexts like these, the announcement raises crucial questions about the functioning and implications of the zero-day exploit and spyware market that we want to reiterate. What is a 0-day RCE Exploit? A 0-day RCE (Remote

A new Microsoft study offers a surprising (and disturbing) look at how generative AI is reshaping the global workforce. Contrary to popular belief, it’s not just high-tech professionals who are feeling the change: salespeople, journalists, proofreaders, and translators are also in the AI’s crosshairs. And these aren’t just predictions; they’re based on real-world usage data that are redrawing the employment map. At the top of the “most affected” list are jobs focused on information, communication, and content creation, such as translators, historians, and writers. These are roles where language models excel, assisting users with tasks such as rewriting, summarizing, or translating with

Microsoft continua a impegnarsi per contrastare i meccanismi potenzialmente pericolosi in Office e Windows annunciando nuove restrizioni in Excel. A partire da ottobre 2025, Microsoft adotterà misure drastiche per isolare Excel da fonti potenzialmente pericolose. La nuova policy di blocco dei collegamenti esterni a determinati tipi di file diventerà attiva per impostazione predefinita e raggiungerà tutti gli utenti di Excel in un’implementazione in più fasi che sarà completata entro luglio 2026. Ciò significa che tutte le cartelle di lavoro che fanno riferimento a tali formati smetteranno di aggiornare i dati o genereranno un errore #BLOCKED, eliminando un vettore di attacco precedentemente utilizzato

With the growing integration of Linux tools into consumer systems, Apple has taken a major step toward cybersecurity professionals. With the release of macOS Sequoia, the company introduced its own container system, allowing Linux distributions to run in an isolated virtual environment on Apple Silicon devices. One of the first distributions compatible with was Kali Linux, a popular platform for penetration testing and security analysis. At WWDC 2025, a new framework called Container was announced. This mechanism allows Linux to run within the virtualization built into macOS, without the need to install a third-party hypervisor. The technology is available exclusively on computers

Trend Micro’s Zero Day Initiative (ZDI) has announced a reward worthy of a zero-day broker! An unprecedented $1,000,000 reward is being offered to anyone who can develop a zero-click remote code execution (RCE) exploit against WhatsApp during the 2025 edition of Pwn2Own Ireland. This record-breaking bounty, co-funded by Meta, marks the largest single prize ever offered in the competition’s history and highlights the crucial importance of protecting the world’s most popular messaging platform. Key points Rewards for zero-click exploits on WhatsApp The collaboration between Meta and Pwn2Own Ireland 2025 marks a step change in big tech’s strategy to incentivize research into the

Regarding our previous article about security bugs discovered in Lovesense devices (a leading company in the field of intimacy technology devices), the company has released an official statement to Red Hot Cyber. This statement responds to recent concerns raised in the press about security bugs discovered in its products. Dan Liu, CEO of Lovense, wanted to reassure customers and partners of its ongoing commitment to protecting user privacy and security through a press release that we are sharing with our partners. Readers. The identified vulnerabilities A security researcher, using a bug bounty platform in which Lovense has participated since 2018, identified two

Amid the proliferation of online scams, Romania witnessed a particularly large-scale scam disguised as a McDonald’s promotion. More than 10,000 people were lured into a scam that initially presented itself as a tempting offer: a hamburger, fries, and soft drinks for just 10 lei, the equivalent of about two dollars. On Instagram and Facebook, scammers launched a series of advertisements on behalf of a nonexistent brand, McDelight Romania. Under the guise of participating in a “triple promotion,” users were asked to complete a short survey and participate in a simple game. Everyone was promised the chance to win a prize, and surprisingly,

According to the Knownsec 404 Advanced Threat Intelligence Team, a surge in attack activity has recently been observed involving the Silver Fox Trojan, which mimics popular tools such as Google Translate. These attacks, dating back to 2024, involve a user clicking anywhere on the page displaying a message about an outdated version of Flash, followed by a redirect to a download page crafted by the attackers. If the user downloads and executes the file, the system is compromised through the execution of subsequent payloads. In recent years, several hacker groups have distributed the Silver Fox Trojan using various techniques: from forgery from