Cybercrime & Darknet - Red Hot Cyber

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Redhotcyber Banner Sito 970x120px Uscita 101125

Category: Cybercrime and Darknet

Cyber Geopolitics: How Tech Becomes a Global Battleground

Roberto Villani 14/12/2025

Over the past two years, cyber has ceased to be a ” technical ” dimension of the conflict and has become a strategic infrastructure. The consequence is a domino effect: it begins with the US-China competition over semiconductors and AI, passes through the Russia-Ukraine war ( and the Black Sea energy corridors ), and reaches European governance, which is trying to restore order through regulation and compliance while the threat accelerates. This article proposes a mechanism-oriented (not narrative-oriented ) reading of OSINT, with practical indicators useful for those working in cybersecurity, risk, and economic intelligence. US–China: AI chip supply chain a battleground

SOAP Vulnerability in .NET Framework Allows Remote Code Execution

Redazione RHC 14/12/2025

Security researchers have discovered a vulnerability in .NET that could affect several enterprise products and lead to remote code execution. The issue stems from the way Microsoft .NET-based applications handle SOAP messages , and Microsoft, according to researchers, is refusing to fix the issue , shifting the blame onto developers and users. Piotr Bazydło of watchTowr reported the discovery at the Black Hat Europe conference. He said that several commercial and internal solutions are vulnerable to remote code execution (RCE) attacks due to errors in the handling of SOAP messages in .NET applications. The key issue was the SoapHttpClientProtocol class. The researcher

CVE-2025-55182 React Server Components Vulnerability Exploited

Redazione RHC 13/12/2025

A recent report from the Google Threat Intelligence Group (GTIG) illustrates the chaotic results of this information dissemination, highlighting how savvy adversaries have already gained a foothold within targeted networks. A critical vulnerability, identified as CVE-2025-55182, was reported to the security community on December 3, 2025, affecting React Server Components (RSC). This security flaw, with a maximum CVSS score of 10.0, allows attackers to execute arbitrary code on a server by sending a single, specially crafted HTTP request, without requiring authentication. The cyber community reacted swiftly. Immediately after the public announcement, numerous threat clusters were widely exploited, as noted by the Google

Top 25 Software Vulnerabilities 2025: MITRE CWE Ranking and Security Tips

Redazione RHC 13/12/2025

MITRE has released its ranking of the 25 most dangerous software vulnerabilities predicted for 2025, based on data collected through the National Vulnerability Database. These vulnerabilities were identified by analyzing 39,080 Common Vulnerabilities and Exposures (CVE) records reported this year to identify the root causes. The rise in cyber threats has heightened the importance of the annual ranking, which, based on real CVE data, allows for more effective identification and reduction of risks within organizations. Attackers can take control of systems, steal sensitive data, or compromise applications due to these pervasive flaws, which are often easily discovered and exploited. Vulnerability CWE CVEs

Kali Linux 2025.4: Discover the Power of Wayland and Enhanced Security Tools

Redazione RHC 12/12/2025

The recent 2025.4 release of Kali Linux has been made available to the public, introducing significant improvements to the GNOME, KDE, and Xfce desktop environments . From now on, Wayland will be the default window management system, representing a significant improvement over previous versions. The latest update builds on the previous 2025.3 release from September and boasts refined desktop experiences, enhanced VM guest support on Wayland, and a range of new offensive security tools. Desktop Environment Updates It’s important to note that GNOME has completely dropped support for X11, prompting Kali to adopt Wayland as its only Windows server. Kali developers describe

French Interior Ministry Hit by Cyberattack, Data Security at Risk

Redazione RHC 12/12/2025

The French Ministry of the Interior’s email servers were targeted by a cyberattack. The hacker managed to access “several files,” but no “serious compromise” has been detected so far. The news, revealed by BFMTV , was confirmed by Interior Minister Laurent Nuñez on RTL radio. ” There was a cyberattack ,” he said. “An attacker managed to access several files .” The nature and number of files involved are not yet known, according to Laurent Nuñez, who specified that he has no ” signs of serious compromise ” at this stage. Standard security procedures have been implemented and security has been strengthened,

IRS.GOV: alleged data breach affects the accounts of 18 million citizens

Redazione RHC 12/12/2025

An alleged database containing sensitive information on 18 million U.S. citizens over 65 has appeared for sale on a popular dark web forum. The advertiser, who uses the pseudonym “Frenshyny,” claims to have stolen the data directly from the government portal irs.gov , which handles, among other things, tax records and 401(k) retirement plan information. Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or misuse of this data. It is currently not possible to independently verify the

Amnesty International Launches .onion Site for Secure Access to Human Rights Info

Redazione RHC 12/12/2025

Amnesty International has launched its own website, accessible via the .onion domain on the Tor network, offering a new secure channel for accessing the organization’s information and research. The initiative, officially launched in December 2023, stems from the need to ensure access to content even in countries where the main website is blocked or heavily monitored. The decision comes amid growing global digital restrictions. In countries such as Russia, Iran, and China, Amnesty International’s entire portal is blocked, preventing citizens from freely accessing information about human rights violations. In several other regions, however, browsing is exposed to government surveillance, posing direct risks

NANOREMOTE Trojan Uses Google Drive for Command and Control

Redazione RHC 12/12/2025

A new multifunctional Windows Trojan called NANOREMOTE uses a cloud file storage service as its command center , making the threat harder to detect and giving attackers a persistent channel to steal data and deliver additional downloads. The threat was reported by Elastic Security Labs, which compared the malware to the already known FINALDRAFT implant, also known as Squidoor , which relies on Microsoft Graph to communicate with operators. Both tools are associated with the REF7707 cluster, reported as CL-STA-0049, Earth Alux and Jewelbug , and attributed to Chinese espionage activities against government agencies, defense contractors, telecommunications companies, educational institutions and aviation

Microsoft Azure OAuth Attack: ConsentFix Malware Steals Accounts

Redazione RHC 12/12/2025

A new scheme called ” ConsentFix ” expands the capabilities of the already known ClickFix social media attack and allows Microsoft accounts to be hijacked without a password or multi-factor authentication. To do this, attackers leverage a legitimate Azure CLI application and OAuth authentication capabilities, turning the standard sign-in process into a hijacking tool. ClickFix relies on displaying pseudo-system instructions to the user, asking them to execute commands or perform various steps, supposedly to fix an error or prove their identity. The “ConsentFix” variant, described by the Push Security team, maintains the general deception scenario, but instead of installing malware, it aims