Cybercrime & Darknet - Red Hot Cyber

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Category: Cybercrime and Darknet

Salt Typhoon Hackers Exposed: Cisco Training Led to Global Telecom Breaches

Redazione RHC 16/12/2025

A recent study by SentinelLabs sheds new light on the roots of the hacker group known as “Salt Typhoon ,” which carried out one of the most audacious espionage operations of the past decade. First identified in September 2024, the attack campaign has compromised numerous networks. A recent alert reported that the hacker group has successfully infiltrated over 80 telecommunications companies worldwide. As a result, sensitive data, including unsecured calls and text messages, was collected from prominent figures such as US presidential hopefuls and Washington insiders. Thanks to the training gained from participating in networking competitions, the members of the group, initially

Critical Red Hat OpenShift GitOps Vulnerability Exposed

Redazione RHC 16/12/2025

A critical flaw has been discovered in Red Hat OpenShift GitOps, putting Kubernetes clusters at risk by allowing users with reduced permissions to gain full control of them. OpenShift GitOps is designed to automate deployments using Git as the single source. However, researchers found that the permissions model for creating ArgoCD CRs is too permissive. “If you can create CR ArgoCD, you can essentially take over the entire cluster,” the vulnerability report states. This vulnerability, classified as CVE-2025-13888 and assigned a severity score of 9.1, classified as critical, allows administrators of a specific namespace to manipulate the system to gain root access

FortiGate Vulnerability Exploited: Update Now to Prevent SSO Attacks

Redazione RHC 16/12/2025

Threat actors began actively exploiting the high-severity vulnerabilities shortly after the vendor disclosed them to bypass authentication on FortiGate devices. A recent report from Arctic Wolf reveals that, as of December 12, 2025, these vulnerabilities are being exploited by attackers to gain administrator access through Single Sign-On (SSO) and steal sensitive system configurations. The vulnerabilities CVE-2025-59718 and CVE-2025-59719, with a critical CVSS score of 9.1, are targeted by attacks. Without a key, an unauthenticated attacker can gain entry through the front door by exploiting these vulnerabilities, which allow them to bypass SSO protections using spoofed SAML messages. Arctic Wolf researchers noted: “However,

Shannon: Autonomous Penetration Testing with AI

Redazione RHC 15/12/2025

Shannon acts as a penetration tester who doesn’t just report vulnerabilities, but launches actual exploits. Shannon’s goal is to breach your web application’s security before anyone with malicious intent can. Using its built-in browser, Shannon automatically searches your code for vulnerabilities to exploit and, to demonstrate the actual existence of these vulnerabilities, performs concrete attacks, such as injection attacks and those aimed at bypassing authentication systems. Security auditing through penetration testing is generally limited to only once a year. If performed manually, this results in a significant security breach. For the remaining 364 days, you could be at risk without knowing it.

Protecting Loved Ones from Scams and Financial Abuse

Redazione RHC 15/12/2025

Hi guys,My name is Giorgio , I’m 58 years old, I’ve always worked as an administrative technician, and in life, I’ve always been the ” rational ” one in the family. The one who checks the accounts, who doesn’t trust strange phone calls, who tells everyone “don’t click links, don’t answer unknown numbers.” Yet today I’m here, with you, not because I clicked the wrong link… but because I couldn’t stop a scam that was eating my father away . My father is 83 years old. He’s a widower, lives alone, and is proud and stubborn, as only a person of his

Critical Windows Vulnerability CVE-2025-59230 Exposed

Redazione RHC 15/12/2025

Windows services dedicated to remote connections have always been an inexhaustible source of “satisfaction” for those involved in cybersecurity, revealing vulnerabilities of enormous impact. Among the most famous examples is EternalBlue , discovered and kept secret for five years by the NSA, before being stolen by the Shadow Brokers group and used in the global WannaCry outbreak in 2017, which infected millions of computers and caused extensive damage to public institutions and private companies. Another emblematic case was BlueKeep , a vulnerability in the Windows RDP service that allowed unauthenticated remote code execution on unpatched systems. These incidents demonstrate how remote connection

Women in Cybersecurity: Breaking Down Barriers and Stereotypes

Ada Spinelli 15/12/2025

The scene is always the same: monitors lit, dashboards full of alerts, logs scrolling too quickly, an anxious customer on the other end of the call. You sit down, look around, and realize that, once again, you’re the only woman in the room. When I mention that I work as a Cyber Threat Intelligence Analyst , the reaction is often a mix of amazement and curiosity: “So is it like being a hacker?”, “Isn’t it a bit too technical a job?”, “Isn’t this world scary?” It’s 2025, and some of these questions are almost laughable, but they clearly illustrate the reality: cybersecurity

Storm-0249 Uses DLL Sideloading in Highly Targeted Attacks

Redazione RHC 15/12/2025

A well-known initial access broker (IAB) called ” Storm-0249 ” has changed its operational strategies, using phishing campaigns as well as highly targeted attacks, which exploit the very security tools designed to protect networks as a means to achieve their goals. The group uses an alarming new technique that includes a method called DLL sideloading . Malicious MSI packages are spread by Storm-0249 via phishing campaigns, often using social engineering tactics called “ClickFix,” which trick users into executing commands to fix supposedly bogus technical issues. The ReliaQuest Threat Research Team (after the analysis was partly developed by TrendMicro specialists) has published an

VS Code Extensions Infected with Sophisticated Malware via Typosquatting

Redazione RHC 15/12/2025

A sophisticated malware campaign has been detected within the Visual Studio Code (VS Code) marketplace. Researchers at ReversingLabs (RL) have identified 19 malicious extensions that successfully evaded standard detection methods by deeply hiding their payloads within dependency folders. Active since February 2025, it uses a clever combination of typosquatting-adjacent techniques and steganography to compromise developers’ computers. “The malicious files abused a legitimate npm package to evade detection and created an archive containing malicious binaries that masqueraded as an image – a file with the PNG extension,” the researchers reported. To further obscure their tracks, the attackers used a deceptive file called banner.png

NVIDIA Merlin Security Update: Fixing High-Severity Vulnerabilities

Redazione RHC 15/12/2025

NVIDIA has released a significant security update for its Merlin framework, addressing several high-severity vulnerabilities. These vulnerabilities could allow attackers to execute malicious code or alter sensitive data within AI recommendation pipelines. The first vulnerability, identified as CVE-2025-33214, concerns NVTabular . The issue centers on the software’s workflow, as a broad set of data processing features, designed to handle huge datasets, up to terabytes in size, presents a specific vulnerability in its workflow component. If left unpatched, this flaw opens the door to a wide range of malicious activity. NVIDIA warns that “successful exploitation of this vulnerability could lead to code execution,