ContattiPubblicità
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
UtiliaCS 320x100
Crowdstriker 970×120

Category: Cybercrime

Critical Windows Admin Center Flaw CVE-2025-64669 Exposes Servers to Attack

Redazione RHC 18/12/2025

A security flaw has been discovered in Microsoft’s Windows Admin Center (WAC) . Essentially, a permissions error could allow any standard user to take control of a server. The Cymulate Research Labs team has published a new report detailing the discovery of CVE-2025-64669, a Local Privilege Escalation (LPE) vulnerability (CVSS 7.8). This vulnerability affects the most popular versions of the infrastructure management tool. In short, it’s a vulnerability that could jeopardize server security. The news came after an in-depth analysis by the research team, which focused on the issue. Apparently, the security flaw is a guest star in the most popular versions

Ink Dragon Hackers Uncovered: Sophisticated Cyber Espionage Operation

Redazione RHC 18/12/2025

It was only a matter of time. Governments around the world have now put their security systems on high alert. Indeed, a large-scale espionage operation conducted by a group of Chinese hackers known as Ink Dragon has recently been discovered. The goal? To transform hacked government servers into a distributed command-and-control network. In short, to use the victims as part of their command-and-control infrastructure. A modus operandi that has left security experts speechless. Ink Dragon has been active since early 2023, targeting government, telecommunications, and public sector organizations in Southeast Asia and South America. Even more disturbingly, it has increased its activity

Google Discontinues Dark Web Report, Shifts to Active Protection

Luca Galuppi 17/12/2025

No more useless alerts. No more passive monitoring. Less than two years after its launch, Google has decided to shut down one of the most talked-about digital security tools: the Dark Web Report . The feature, designed to help users find out if their personal data has ended up on the dark web, will cease to exist on February 16, 2026 , while scans for new breaches will stop as early as January 15, 2026 . According to the tech giant, the report “offered general information, but user feedback showed it didn’t provide concrete guidance on what to do.” Google now promises

CyberVolk Ransomware Flawed: Free File Recovery Possible

Redazione RHC 17/12/2025

This isn’t the first time criminal hackers make mistakes, and it won’t be the last. The pro-Russian hacktivist group CyberVolk launched the RaaS service VolkLocker (also known as CyberVolk 2.x). However, security researchers discovered that the malware’s developers made several flaws that allowed victims to recover their files for free. SentinelOne researchers report that the attackers embedded the master encryption key directly into the malware binary and saved it as a plain text file in the %TEMP% folder. The file is called system_backup.key, and everything needed to decrypt the data can be easily extracted from it. Researchers speculate that it’s some sort

OSINT Ethics and Legality: Navigating Open Source Intelligence

Alexandro Irace 17/12/2025

Open Source Intelligence (OSINT) has emerged in recent years as one of the most fascinating, yet most insidious, disciplines in the information and security landscape. Its essence is remarkably simple: extracting and analyzing data from public sources—whether it’s a post on X, a financial statement filed with the Chamber of Commerce, or a scientific article—to transform it into concrete, actionable intelligence. What was once a technique reserved exclusively for government agencies is now a daily tool for investigators, journalists, threat intelligence analysts, and, inevitably, even malicious individuals. And it is precisely this democratization that forces us to ask a fundamental question: where

The Psychology of Passwords: Why Weak Passwords Persist

Simone D'Agostino 17/12/2025

The psychology of passwords starts right here: trying to understand people before systems. Welcome to “The Mind Behind Passwords,” the column that looks at cybersecurity. From a different perspective: that of people. In the digital world, we count everything: attacks, patches, CVEs, indicators. Yet the most crucial element continues to elude metrics: human behavior. Passwords prove it every day. They aren’t created in a lab, but in our heads: through memories, habits, shortcuts, anxieties, good intentions, and that hint of the belief that we’re “unpredictable” while we’re actually doing the exact opposite. Inside a password lies hidden routine, affection, nostalgia, moments of

Russian Cyber Operations Shift to Targeting Western Critical Infrastructure

Redazione RHC 17/12/2025

New details emerge from an Amazon Threat Intelligence report that highlight an alarming shift in Russian government-backed cyber operations. High-level 0-day exploits, often attributed to state-sponsored actors, have seen a significant decline, according to Amazon data for the period 2021-2025. Previously, these groups were considered the primary perpetrators of such operations. However, they now appear to be focusing on a different approach, aiming to exploit opportunities overlooked by system administrators. Abandoning their previous strategy of complex software exploits, the group associated with the fearsome Sandworm (also known as APT44 ) has adopted a more stealthy and direct approach. Based on consistent targeting

Google Chrome Security Update Fixes Critical Vulnerabilities

Redazione RHC 17/12/2025

A significant security update has been released by Google for the stable desktop channel, which addresses two very serious vulnerabilities that could expose users to potential memory leak attacks. As the update rolls out in the coming days, security experts recommend that administrators and users update immediately to mitigate risks related to vulnerabilities in browser rendering and JavaScript engines. The updated versions will be 143.0.7499.146/.147 for Windows and Mac and 143.0.7499.146 for Linux users. Two specific issues, classified as “High” severity, reported by external researchers are addressed in this update. CVE-2025-14765: Use-After-Free in WebGPU The most important fix addresses a “Use After

Spiderman Phishing Kit Targets European Banks and Crypto Users

Redazione RHC 17/12/2025

Varonis researchers have discovered a new PhaaS platform, called Spiderman, that targets users of European banks and cryptocurrency services. Attackers use the service to create copies of legitimate websites to steal login credentials, 2FA codes, and credit card information. According to experts, the platform is aimed at financial institutions from five European countries and large banks such as Deutsche Bank, ING, Comdirect, Blau, O2, CaixaBank, Volksbank and Commerzbank. However, attacks are not limited to banks. Spiderman can also create phishing pages for fintech services like Klarna and PayPal in Sweden. Additionally, the platform supports seed theft for cryptocurrency wallets like Ledger, Metamask,

Notepad++ 8.8.9 Released: Fixing Critical Update Vulnerability

Redazione RHC 16/12/2025

A new version, 8.8.9, of the popular text editor Notepad++, has been released by its developers, fixing a flaw in the automatic update system . This issue came to light after some users and investigators discovered that, instead of downloading legitimate updates, the system was downloading malicious executables. The first hints of the problem emerged in the Notepad++ community forums. For example, one user reported that they found that the GUP.exe (WinGUp) update tool was running a suspicious-looking file, %Temp%AutoUpdater.exe, which had begun collecting system data. The malware executed typical reconnaissance commands and saved the results in the a.txt file: After collecting

Category