Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
320x100 Itcentric
Banner Ransomfeed 970x120 1

Tag: cyber attack

CEO Scam: How to Protect Your Company from Business Email Compromise

Redazione RHC 28/11/2025

This morning, Paragon Sec was contacted by an Italian company that had been the victim of a new fraud attempt known as the CEO Scam . The accounting department received an urgent email, apparently from their CEO, requesting immediate payment of a €4,000 invoice. The message, accompanied by a seemingly authentic invoice, indicated the need for an immediate transfer. The employee in charge of payments, believing he was following a direct order from his manager, made the transfer without further verification . Only later did the bank discover that the IBAN indicated was associated with a fraudulent entity and promptly blocked the

Shai-Hulud Worm Spreads Beyond npm, Attacks Maven

Redazione RHC 28/11/2025

The Shai-Hulud worm has spread beyond the npm ecosystem and was discovered in Maven . Socket specialists noticed an infected package on Maven Central containing the same malicious components used in the second wave of Shai-Hulud attacks. Experts have identified the org.mvnpm:posthog-node:4.18.1 package on Maven Central, which contains two components characteristic of Shai-Hulud: the setup_bun.js loader and the main payload bun_environment.js. Currently, this is the only Java package found containing this malware. “The PostHog project was compromised in both the JavaScript/npm and Java/Maven ecosystems, with the same payload, Shai-Hulud v2, being used in all cases,” the researchers write. It’s important to note

WormGPT 4: AI-Powered Cybercrime Tools on the Rise

Redazione RHC 26/11/2025

Cybercriminals no longer need to convince ChatGPT or Claude Code to write malware or data-stealing scripts. A whole class of specialized language models, specifically designed for attacks, already exists. One such system is WormGPT 4, which advertises itself as “the key to borderless artificial intelligence .” It carries on the legacy of the original WormGPT model, which emerged in 2023 and subsequently disappeared due to the rise of other ” toxic ” LLMs, as highlighted in the Abnormal Security study . According to experts at Unit 42 at Palo Alto Networks, sales of WormGPT 4 began around September 27, with advertisements appearing

New ClickFix Malware Campaign Targets Windows Users with Fake Updates

Redazione RHC 25/11/2025

Fake Windows updates have entered a new round of ClickFix campaigns, as reported by Huntress. Attackers are increasingly replacing bot controls with full-screen blue windows that simulate a system update. Microsoft notes that ClickFix has become the most common initial penetration method , and that many groups with varying levels of expertise have switched to this method. The attacks begin with a visit to a malicious website that sets the browser to full-screen mode and displays a page that superficially resembles the Windows Update interface. The victim is prompted to manually run the critical update, following a typical ClickFix scenario: open the

Category