Cybercrime & Darknet - Red Hot Cyber

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Category: Cybercrime and Darknet

Google Discontinues Dark Web Report, Shifts to Active Protection

Luca Galuppi 17/12/2025

No more useless alerts. No more passive monitoring. Less than two years after its launch, Google has decided to shut down one of the most talked-about digital security tools: the Dark Web Report . The feature, designed to help users find out if their personal data has ended up on the dark web, will cease to exist on February 16, 2026 , while scans for new breaches will stop as early as January 15, 2026 . According to the tech giant, the report “offered general information, but user feedback showed it didn’t provide concrete guidance on what to do.” Google now promises

CyberVolk Ransomware Flawed: Free File Recovery Possible

Redazione RHC 17/12/2025

This isn’t the first time criminal hackers make mistakes, and it won’t be the last. The pro-Russian hacktivist group CyberVolk launched the RaaS service VolkLocker (also known as CyberVolk 2.x). However, security researchers discovered that the malware’s developers made several flaws that allowed victims to recover their files for free. SentinelOne researchers report that the attackers embedded the master encryption key directly into the malware binary and saved it as a plain text file in the %TEMP% folder. The file is called system_backup.key, and everything needed to decrypt the data can be easily extracted from it. Researchers speculate that it’s some sort

OSINT Ethics and Legality: Navigating Open Source Intelligence

Alexandro Irace 17/12/2025

Open Source Intelligence (OSINT) has emerged in recent years as one of the most fascinating, yet most insidious, disciplines in the information and security landscape. Its essence is remarkably simple: extracting and analyzing data from public sources—whether it’s a post on X, a financial statement filed with the Chamber of Commerce, or a scientific article—to transform it into concrete, actionable intelligence. What was once a technique reserved exclusively for government agencies is now a daily tool for investigators, journalists, threat intelligence analysts, and, inevitably, even malicious individuals. And it is precisely this democratization that forces us to ask a fundamental question: where

The Psychology of Passwords: Why Weak Passwords Persist

Simone D'Agostino 17/12/2025

The psychology of passwords starts right here: trying to understand people before systems. Welcome to “The Mind Behind Passwords,” the column that looks at cybersecurity. From a different perspective: that of people. In the digital world, we count everything: attacks, patches, CVEs, indicators. Yet the most crucial element continues to elude metrics: human behavior. Passwords prove it every day. They aren’t created in a lab, but in our heads: through memories, habits, shortcuts, anxieties, good intentions, and that hint of the belief that we’re “unpredictable” while we’re actually doing the exact opposite. Inside a password lies hidden routine, affection, nostalgia, moments of

Russian Cyber Operations Shift to Targeting Western Critical Infrastructure

Redazione RHC 17/12/2025

New details emerge from an Amazon Threat Intelligence report that highlight an alarming shift in Russian government-backed cyber operations. High-level 0-day exploits, often attributed to state-sponsored actors, have seen a significant decline, according to Amazon data for the period 2021-2025. Previously, these groups were considered the primary perpetrators of such operations. However, they now appear to be focusing on a different approach, aiming to exploit opportunities overlooked by system administrators. Abandoning their previous strategy of complex software exploits, the group associated with the fearsome Sandworm (also known as APT44 ) has adopted a more stealthy and direct approach. Based on consistent targeting

Google Chrome Security Update Fixes Critical Vulnerabilities

Redazione RHC 17/12/2025

A significant security update has been released by Google for the stable desktop channel, which addresses two very serious vulnerabilities that could expose users to potential memory leak attacks. As the update rolls out in the coming days, security experts recommend that administrators and users update immediately to mitigate risks related to vulnerabilities in browser rendering and JavaScript engines. The updated versions will be 143.0.7499.146/.147 for Windows and Mac and 143.0.7499.146 for Linux users. Two specific issues, classified as “High” severity, reported by external researchers are addressed in this update. CVE-2025-14765: Use-After-Free in WebGPU The most important fix addresses a “Use After

Spiderman Phishing Kit Targets European Banks and Crypto Users

Redazione RHC 17/12/2025

Varonis researchers have discovered a new PhaaS platform, called Spiderman, that targets users of European banks and cryptocurrency services. Attackers use the service to create copies of legitimate websites to steal login credentials, 2FA codes, and credit card information. According to experts, the platform is aimed at financial institutions from five European countries and large banks such as Deutsche Bank, ING, Comdirect, Blau, O2, CaixaBank, Volksbank and Commerzbank. However, attacks are not limited to banks. Spiderman can also create phishing pages for fintech services like Klarna and PayPal in Sweden. Additionally, the platform supports seed theft for cryptocurrency wallets like Ledger, Metamask,

Notepad++ 8.8.9 Released: Fixing Critical Update Vulnerability

Redazione RHC 16/12/2025

A new version, 8.8.9, of the popular text editor Notepad++, has been released by its developers, fixing a flaw in the automatic update system . This issue came to light after some users and investigators discovered that, instead of downloading legitimate updates, the system was downloading malicious executables. The first hints of the problem emerged in the Notepad++ community forums. For example, one user reported that they found that the GUP.exe (WinGUp) update tool was running a suspicious-looking file, %Temp%AutoUpdater.exe, which had begun collecting system data. The malware executed typical reconnaissance commands and saved the results in the a.txt file: After collecting

Salt Typhoon Hackers Exposed: Cisco Training Led to Global Telecom Breaches

Redazione RHC 16/12/2025

A recent study by SentinelLabs sheds new light on the roots of the hacker group known as “Salt Typhoon ,” which carried out one of the most audacious espionage operations of the past decade. First identified in September 2024, the attack campaign has compromised numerous networks. A recent alert reported that the hacker group has successfully infiltrated over 80 telecommunications companies worldwide. As a result, sensitive data, including unsecured calls and text messages, was collected from prominent figures such as US presidential hopefuls and Washington insiders. Thanks to the training gained from participating in networking competitions, the members of the group, initially

Critical Red Hat OpenShift GitOps Vulnerability Exposed

Redazione RHC 16/12/2025

A critical flaw has been discovered in Red Hat OpenShift GitOps, putting Kubernetes clusters at risk by allowing users with reduced permissions to gain full control of them. OpenShift GitOps is designed to automate deployments using Git as the single source. However, researchers found that the permissions model for creating ArgoCD CRs is too permissive. “If you can create CR ArgoCD, you can essentially take over the entire cluster,” the vulnerability report states. This vulnerability, classified as CVE-2025-13888 and assigned a severity score of 9.1, classified as critical, allows administrators of a specific namespace to manipulate the system to gain root access