Cybercrime & Darknet - Red Hot Cyber

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Category: Cybercrime and Darknet

US Allows Nvidia to Sell Advanced AI Chips to China, Easing Export Restrictions

Redazione RHC 09/12/2025

It seems the White House isn’t entirely clear … at least judging by yet another change of heart regarding the sale of Nvidia’s advanced chips to China, with the Trump administration having decided to once again authorize exports of the H200 to select customers after months of restrictions. US President Donald Trump has authorized Nvidia to resume sales of its advanced H200 chip to select customers in China , following months of restrictions imposed amid tech tensions between Washington and Beijing. The announcement came on December 8 in a message posted by the president on social media , in which he reiterated

Taiwan Cracks Down on Submarine Cable Sabotage with New Laws

Redazione RHC 09/12/2025

In recent years, Taiwan’s underwater infrastructure—electricity cables, gas pipelines, and water systems—has been damaged on several occasions, particularly communications cables. On December 9, the Legislative Yuan passed a third reading of a series of amendments to the Electricity Law , the Natural Gas Activities Law , and the Water Supply Law , part of a legislative package known as the “Seven Undersea Cable Laws.” The new rules establish harsher penalties for those who intentionally tamper with such infrastructure: imprisonment of up to seven years, with a maximum fine of NT$10 million. The new rules also provide for the confiscation of any vessels

Ransomware Attacks Decline in 2024, But Threat Remains High with $734M in Ransom

Redazione RHC 09/12/2025

According to a recently released report by the Financial Crimes Enforcement Network (FinCEN) , global ransomware activity peaked in 2023, only to plummet in 2024. This decline is attributed to successive attacks on large-scale ransomware groups, including ALPHV (BlackCat) and LockBit, through collaborative international investigations. FinCEN analyzed thousands of reports under the Bank Secrecy Act (BSA) filed by financial institutions between January 2022 and December 2024, identifying 4,194 cases of ransomware and over $2.1 billion in ransoms. This figure is nearly equal to the total reported in the eight-year period from 2013 to 2021. $4.5 billion: The ransomware economy between 2013 and

Embracing Vulnerability for Authentic Leadership and Team Growth

Daniela Linda 09/12/2025

We’re connected, connected to everything, hyperconnected. Our professional and social lives are dictated by extremely tight deadlines and a constantly rising bar; we must push. We tacitly demand that we be perfect machines, infallible systems, active, proactive, always alert. But wait a moment: human beings are not machines and, without a doubt, are not perfect. In an operating system or complex software, we know that, at some point, a system bug or structural weakness will likely be found and immediate action will be taken to repair or prevent damage or potential damage. So why do we accept fragility in the systems we

CISA Warns: Avoid Personal VPNs for Secure Mobile Communications

Redazione RHC 09/12/2025

In new mobile communications advisories, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stern warning to smartphone owners : avoid using personal VPN services. The document, aimed at iPhone and Android users, states that such services often don’t mitigate risks, but simply change the focus of threats. According to CISA, personal VPNs transfer residual risks from the ISP to the VPN provider, often increasing the attack surface. The user effectively transfers trust to the VPN service, and many of these providers, according to the agency, have questionable security and privacy policies. The warning is part of a broader campaign

SAP Security Update Fixes Critical Code Injection Vulnerability in Solution Manager

Redazione RHC 09/12/2025

SAP has just released its latest annual security update, which contains 14 new security bug fixes. Among them is a A critical “code injection” flaw in SAP Solution Manager poses a high risk to the integrity of enterprise systems, with a severity rating very close to maximum. This vulnerability, which has a CVSS score of 9.9, is labeled “Critical.” Its cause lies in the lack of proper input sanitization, which allows an authenticated attacker to execute malicious code by calling a function module that can be enabled remotely. In this collection of fixes, two other critical notes emerge: One of the most

Passwordless Authentication: The Future of Secure Online Access

Redazione RHC 09/12/2025

Using passwords to access online accounts is no longer as secure as it once was. In fact, passwords are now one of the most common vulnerabilities used by cybercriminals to gain access to our data. Many users use the same password for multiple services or choose passwords that are too simple. Others save them insecurely so they can remember them. The result? A single breach can put multiple accounts at risk simultaneously. A staggering figure: 244 million leaked passwords were found on a single criminal forum. And half of the world’s internet users were exposed to attacks based on credential reuse. For

Critical PromptPwnd Vulnerability Exposes AI-Powered GitLab, GitHub Pipelines

Redazione RHC 09/12/2025

A critical vulnerability, identified as “PromptPwnd,” affects AI agents that are integrated into the GitLab CI/CD and GitHub Actions pipelines. Through this vulnerability, attackers are able to inject malicious commands via unsafe user input . This tricks AI models into performing operations with elevated privileges, which could lead to the disclosure of confidential information or modification of workflows. Agents like Gemini CLI, Anthropic’s Claude Code, OpenAI Codex, and GitHub AI Inference then process these inputs alongside high-privilege tools, including gh issue edit or shell commands that access GITHUB_TOKEN , API keys, and cloud tokens. The attack chain discovered by Aikido Security begins

LLM-Powered Malware: The Future of Autonomous Cyber Threats

Redazione RHC 09/12/2025

Researchers at Netskope Threat Labs have just published a new analysis on the possibility of creating autonomous malware built exclusively from Large Language Models (LLMs), eliminating the need to encode detectable instructions. LLMs have rapidly revolutionized the industry, becoming valuable tools for automation, coding assistance, and research. However, their widespread adoption raises a number of critical cybersecurity challenges. It is now possible to have malware interact with GPT-3.5-Turbo and GPT-4, which establishes the possibility of an autonomous threat powered by LLMs. Netskope Threat Labs set out to test the feasibility and reliability of fully autonomous malware generated by LLMs. Their tests confirmed

Intellexa Exploits Zero-Day Vulnerabilities with Spyware

Redazione RHC 08/12/2025

Despite significant geopolitical challenges, the mercenary spyware industry remains a resilient and persistent threat; in this context, the well-known vendor Intellexa continues to expand its arsenal. A recent report from the Google Threat Intelligence Group (GTIG) highlights how the company, famous for its “Predator” spyware, is not only resisting US sanctions , but is also actively circumventing restrictions to continue to thrive , by exploiting a steady stream of zero-day vulnerabilities. Intellexa has built a formidable reputation in the surveillance market. According to a Google analysis , the vendor has “solidified its position as one of the most prolific, if not the