Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Fortinet 320x100px
970x20 Itcentric

Tag: 0day

Zero-Click Attack on Notepad++. HackerHood Tested the Exploit and It Really Works with Little

Redazione RHC 25/06/2025

A dangerous vulnerability has been discovered in the latest version of the popular text editor Notepad++ that allows an attacker togain complete control over the system. The vulnerability has been identified as CVE-2025-49144 and affects version 8.8.1 of the installer, released on May 5, 2025. The issue is related to the “binary file replacement” technique, where the installer accesses executable files from the current working directory without proper verification. Researchers have discovered that an attacker can install a malicious file, such as a modified regsvr32.exe file, in the same folder where the installer is located. Upon startup, the installer will automatically download the malicious

FortiGate Under Attack: Tools for Mass Exploitation of Exposed APIs for Sale

Redazione RHC 23/06/2025

A new and alarming development is shaking up the cybersecurity landscape: a malicious actor has advertised on the dark web a highly sophisticated exploit aimed at compromising FortiGate devices. A new exploit priced at $12,000 for FortiGate firewalls has appeared for sale on the popular underground forum Exploit. The post, published by a user with the pseudonym Anon-WMG, presents a tool capable of massively compromising Fortinet devices by exploiting exposed APIs. Technical features of the exploit Called “FortiGate API Dump Exploit (~7.2 and below)”, the tool is capable of interacting with over 170 FortiGate API endpoints, with declared compatibility for versions 6.x

Crazyhunter: The Ransomware with the Three-Dimensional Data Annihilation System That Redefines Data Destruction

Pietro Melillo 10/03/2025

In the reconnaissance of the world of the underground and criminal groups carried out by Red Hot Cyber’s DarkLab threat intelligence lab, we came across a Data Leak Site of a cyber gang that had never been monitored before: Crazyhunter. With a distinct identity and a manifesto that sets it apart from other cybercriminal actors, Crazyhunter presents itself as a sophisticated operation that focuses on attack speed, data destruction, and a highly structured criminal branding system. From the information gathered on their Data Leak Site (DLS), accessible through the Tor network, the group appears to adopt a methodical and aggressive approach, aimed

Sale of a 0Day RCE Exploit for GLPI HelpDesk

Pietro Melillo 18/07/2024

Recently, a user on the Breachforums known as “cisc0” posted an announcement regarding the sale of a 0Day exploit for GLPI HelpDesk. According to the user, this exploit works on all versions of the software without exception. The news has raised concerns among cybersecurity professionals and organizations that use this IT service management system. Description of the Exploit The user “cisc0” claims that the exploit allows remote code execution (RCE) on all versions of GLPI HelpDesk. This type of vulnerability is particularly dangerous as it enables attackers to execute arbitrary commands on the vulnerable server, potentially gaining full control of the system.

Critical Vulnerabilities in Splunk Enterprise Enable Remote Code Execution

Pietro Melillo 03/07/2024

Splunk, a leading provider of software for searching, monitoring, and analyzing machine-generated big data, has released urgent security updates for its flagship product, Splunk Enterprise. These updates address multiple critical vulnerabilities that pose significant security risks, including the potential for remote code execution (RCE). The affected versions include 9.0.x, 9.1.x, and 9.2.x, and the vulnerabilities were identified by both internal and external security researchers. Key Vulnerabilities Addressed The critical vulnerabilities patched in these updates are as follows: Additional Vulnerabilities In addition to the aforementioned critical issues, several Cross-Site Scripting (XSS) vulnerabilities have been addressed. XSS vulnerabilities allow attackers to inject malicious scripts

Category