Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
TM RedHotCyber 320x100 042514
Redhotcyber Banner Sito 970x120px Uscita 101125

Category: Cybercrime

NetSupport RAT Malware Campaign Uncovered: Expert Analysis

Redazione RHC 11/12/2025

Securonix specialists have discovered a multi-layered malware campaign aimed at secretly installing the NetSupport RAT remote access tool . The attack involves a series of carefully hidden stages, each designed to ensure maximum stealth and leave minimal traces on the compromised device. The initial download of the malicious code begins with a JavaScript file injected into the hacked websites. This script has a complex structure and hidden logic that is activated only when certain conditions are met. It can detect the user’s device type and even record whether it’s their first visit to the page, allowing it to perform malicious actions only

Digital Stress: How to Achieve Balance in a Hyper-Connected World

Daniela Farina 11/12/2025

We live in dissociation: we praise work-life balance, yet we find ourselves constantly online, like puppets on invisible strings. The real problem is not technology, but how we, humans, respond to it. What we call digital stress isn’t just an annoyance; it’s a profound crisis that affects our well-being, our identity, and our awareness. Digital Stress: The Core of the Problem Let’s explore each aspect to better understand how it works Physiological Level When we receive a notification on our device, our fight-or-flight response is activated. This constant attentional switching causes a chronic increase in cortisol , the stress hormone, as evidenced

DeadLock Ransomware Exploits Baidu Antivirus Vulnerability for EDR Bypass

Redazione RHC 11/12/2025

Cisco Talos has identified a new ransomware campaign called DeadLock : attackers are exploiting a vulnerable Baidu antivirus driver (CVE-2024-51324) to disable EDR systems using the Bring Your Own Vulnerable Driver (BYOVD) technique. The group does not operate a data leak site but communicates with victims via Session Messenger. According to Talos, the attacks are carried out by a financially motivated operator who gains access to the victim’s infrastructure at least five days before encryption and gradually prepares the system for DeadLock implementation. One of the key elements of the chain is BYOVD : the attackers themselves inject a legitimate but vulnerable

VPN Credentials on the Dark Web: A Growing Cybersecurity Threat

Redazione RHC 11/12/2025

In the darkest corners of the internet, the trafficking of stolen data and unauthorized access continues to thrive. A recent post on a closed underground forum shows 896 FortiSSL VPN credentials , complete with IP address and clear text credentials, being sold for a combined price of $3,000 . The post in the underground and the latent threat The ad, posted by a user, lists available logins for several countries, including the United States, Germany, Austria, Singapore, Japan, South Korea, Italy, the United Arab Emirates, Brazil, Switzerland, and France . The details are provided in the traditional ip:port user:password format, easily usable

Uncovering Russia’s Cyber Operations: CISM’s Role in DDoS Attacks

Redazione RHC 11/12/2025

What we wrote in the article ” Patriotic Code: from DDoSia and NoName057(16) to CISM, the algorithm that shapes youth for Putin ” on Red Hot Cyber on July 23rd is now fully consistent with the information made public by the United States Department of Justice . Back in July we described how DDoSia worked and the role of NoName057(16) in recruiting volunteers for DDoS attacks via Telegram, highlighting how behind what appeared to be an activity of ” patriotic cyber-volunteering ” there was a centralized coordination and infrastructure attributable to figures linked to the CISM , a pro-Russian government body. Today’s

Microsoft Outlook RCE Vulnerability: Update Now to Prevent Attacks

Redazione RHC 11/12/2025

A critical remote code execution (RCE) vulnerability in Outlook has been patched by Microsoft, potentially allowing attackers to run malicious code on vulnerable systems. The vulnerability, tracked under CVE-2025-62562, stems from a use-after-free vulnerability in Microsoft Office Outlook and has a CVSS severity of 7.8. The exploit is triggered locally, requiring the attacker to trick a user into interacting with a malicious email. Once this is done, the attacker convinces the user to respond to a spoofed email, triggering the code execution chain . A vulnerability that requires user interaction According to Microsoft , it is critical that organizations prioritize installing available

Google Chrome Urgent Update Fixes Zero-Day Vulnerability

Redazione RHC 11/12/2025

An urgent update has been released by Google for the stable version of the Desktop browser, in order to address an extremely serious vulnerability that is currently being exploited. This update , which brings the browser to version 143.0.7499.109/.110, fixes three security vulnerabilities, including a zero-day flaw flagged as 466192044. Google, unusually, has kept the details of its CVE identifier under wraps, simply listing it as “Coordinating.” Google also fixed two other medium-severity vulnerabilities reported by external security experts. For these, a total of $4,000 was awarded under the bug bounty program . They are: Returning to the previous vulnerability without a

EtherRAT Malware Exploits React2Shell Vulnerability with Ethereum C2

Redazione RHC 11/12/2025

Just two days after the critical React2Shell vulnerability was discovered, Sysdig researchers discovered a new malware, EtherRAT, in a compromised Next.js application. The malware uses Ethereum smart contracts for communication and achieves persistence on Linux systems in five ways. Experts believe the malware is related to tools used by the North Korean Lazarus group. However, EtherRAT differs from known samples in several key ways. React2Shell (CVE-2025-55182) is a critical vulnerability in Meta’s popular React JavaScript library. The issue, which received a CVSS score of 10 out of 10, is related to insecure data deserialization in React Server components and allows remote code

Is QDay approaching? QuantWare presents its 10,000-qubit quantum processor

Redazione RHC 10/12/2025

The world of quantum technology has made an impressive leap forward: QuantWare has unveiled the world’s first 10,000-qubit processor, 100 times more than any existing device . Furthermore, the new chip takes up even less space than current systems, making this breakthrough particularly noteworthy amid years of stagnation in quantum processor scalability. For nearly a decade, the industry has failed to surpass the 100-qubit threshold. Google managed to go from 53 to 105 qubits in just six years, while IBM introduced a 1,121-qubit processor in 2023 and doesn’t expect significant growth until at least 2028. Faced with hardware limitations, companies have been

Ivanti Endpoint Manager Vulnerabilities: Update Now to Prevent RCE

Redazione RHC 10/12/2025

Ivanti has released an urgent update for its Endpoint Manager (EPM) platform, addressing a set of significant vulnerabilities that could allow attackers to execute code of their choosing or hijack administrative sessions. Among the fixed vulnerabilities, there are four specific flaws, including one particularly critical one, marked with a high severity rating, which have been fixed thanks to this update. For organizations that are unable to immediately apply the patch, it suggests segregating their networks as best they can, stating: “If customers have not exposed their solution to the Internet, the risk of this vulnerability is significantly reduced.” A Stored Cross-Site Scripting

Category