Cybercrime & Darknet - Red Hot Cyber

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Category: Cybercrime

Amnesty International Launches .onion Site for Secure Access to Human Rights Info

Redazione RHC 12/12/2025

Amnesty International has launched its own website, accessible via the .onion domain on the Tor network, offering a new secure channel for accessing the organization’s information and research. The initiative, officially launched in December 2023, stems from the need to ensure access to content even in countries where the main website is blocked or heavily monitored. The decision comes amid growing global digital restrictions. In countries such as Russia, Iran, and China, Amnesty International’s entire portal is blocked, preventing citizens from freely accessing information about human rights violations. In several other regions, however, browsing is exposed to government surveillance, posing direct risks

NANOREMOTE Trojan Uses Google Drive for Command and Control

Redazione RHC 12/12/2025

A new multifunctional Windows Trojan called NANOREMOTE uses a cloud file storage service as its command center , making the threat harder to detect and giving attackers a persistent channel to steal data and deliver additional downloads. The threat was reported by Elastic Security Labs, which compared the malware to the already known FINALDRAFT implant, also known as Squidoor , which relies on Microsoft Graph to communicate with operators. Both tools are associated with the REF7707 cluster, reported as CL-STA-0049, Earth Alux and Jewelbug , and attributed to Chinese espionage activities against government agencies, defense contractors, telecommunications companies, educational institutions and aviation

Microsoft Azure OAuth Attack: ConsentFix Malware Steals Accounts

Redazione RHC 12/12/2025

A new scheme called ” ConsentFix ” expands the capabilities of the already known ClickFix social media attack and allows Microsoft accounts to be hijacked without a password or multi-factor authentication. To do this, attackers leverage a legitimate Azure CLI application and OAuth authentication capabilities, turning the standard sign-in process into a hijacking tool. ClickFix relies on displaying pseudo-system instructions to the user, asking them to execute commands or perform various steps, supposedly to fix an error or prove their identity. The “ConsentFix” variant, described by the Push Security team, maintains the general deception scenario, but instead of installing malware, it aims

Linux Foundation Launches Agentic AI Foundation with Key Tech Players

Redazione RHC 12/12/2025

The establishment of the Agentic AI Foundation (AAIF), a dedicated fund under the auspices of the Linux Foundation , was jointly announced by several leading companies in the field of technology and artificial intelligence. With the establishment of the AAIF, Anthropic announced the donation of the MCP protocol to the Linux Foundation, a nonprofit organization committed to promoting sustainable open source ecosystems through neutral governance, community development, and shared infrastructure. The AAIF will operate as a restricted fund within the Linux Foundation. Members since its founding include Anthropic, OpenAI, and Block, with additional support from Google, Microsoft, AWS, Cloudflare, Docker, and Bloomberg.

Disney Invests $1 Billion in OpenAI for Sora Video Deal

Redazione RHC 12/12/2025

Disney will invest $1 billion in OpenAI and officially license its characters for use in its Sora video generator. The deal comes amid a heated debate in Hollywood over how the rapid advancement of artificial intelligence is changing the entertainment industry and impacting the rights of content creators. Under the three-year licensing agreement, Sora users will be able to create short videos for social media featuring over 200 characters from the Disney, Marvel, Pixar, and Star Wars universes . However, the terms of the agreement stipulate specific restrictions: the images and voices of actors associated with these franchises will not be used.

Microsoft 365 Okta Phishing Attack: Experts Warn of New Threat

Redazione RHC 12/12/2025

A recent study by Datadog Security Labs reveals an ongoing operation targeting organizations using Microsoft 365 and Okta for single sign-on (SSO) authentication. This operation uses sophisticated techniques to bypass security controls and steal session tokens. As employees prepare for year-end performance reviews, this complex phishing scam has begun to spread, turning what appeared to be a pay raise into a cybersecurity threat. Since early December 2025, this campaign has been unscrupulously exploiting company benefits. Unsuspecting recipients have received emails disguised as official communications from human resources departments or payroll services, including ADP or Salesforce. Subject lines are designed to spark immediate

React Server Components Vulnerability: Update to Prevent DoS Attacks

Redazione RHC 12/12/2025

The React Server component security saga continues this week. Following the patching of a critical remote code execution (RCE) vulnerability that led to React2shell, researchers have discovered two new vulnerabilities. While less serious than the previous ones, these vulnerabilities pose significant risks, including the possibility of denial-of-service (DoS) attacks that can cause server crashes and expose sensitive source code. Affected versions include versions 19.0.0 through 19.0.2, versions 19.1.0 through 19.1.2, and versions 19.2.0 through 19.2.2. Developers are advised to update to the correct versions as soon as they are released: Basically, these vulnerabilities have a wide range of action. Even if your

Critical Windows PowerShell Vulnerability CVE-2025-54100: Update Now

Redazione RHC 12/12/2025

An urgent security update has been released to address a critical vulnerability in Windows PowerShell that allows attackers to execute malicious code on affected systems. This security flaw, designated CVE-2025-54100, was disclosed on December 9, 2025, and poses a significant threat to the integrity of computer systems globally. Microsoft classifies the vulnerability as important, with a CVSS severity score of 7.8. The weakness, identified as CWE-77, involves the improper neutralization of special elements used in command injection attacks. Microsoft considers the possibility of this vulnerability being exploited in real-world attacks to be remote. The vulnerability has already been publicly disclosed. Attackers require

Telegram Losing Ground to Crackdown on Cybercrime Activities

Redazione RHC 12/12/2025

Telegram, which over the course of its history has become one of the most popular messaging apps in the world, is gradually losing its status as a convenient platform for cybercriminals. Kaspersky Lab analysts have monitored the lifecycle of hundreds of underground channels and concluded that stricter moderation is literally excluding the underground from the messaging app. Experts point out that Telegram is inferior to dedicated secure messaging apps in terms of privacy protection: chats do not use end-to-end encryption by default, the entire infrastructure is centralized, and the server code is closed. While this probably won’t pose a significant problem for

Notepad++ Vulnerability Fixed: Update to 8.8.9 to Avoid Malware

Redazione RHC 11/12/2025

Notepad++ is often targeted by attackers because the software is popular and widely used. A recently discovered vulnerability in the open-source text and code editor Notepad++ could allow attackers to hijack network traffic, hijack the update process, and install malware on affected computers . This flaw has now been fixed in Notepad++ version 8.8.9. Users running older versions should immediately run a thorough scan with reputable security software. Their systems may already be compromised; in more severe cases, a complete reinstallation may be the only reliable solution. According to the developers, the Notepad++ update utility, WinGUp, could, under certain circumstances , be