Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
UtiliaCS 320x100
Redhotcyber Banner Sito 970x120px Uscita 101125

Tag: cyber threat intelligence

Uncovering Russia’s Cyber Operations: CISM’s Role in DDoS Attacks

Redazione RHC 11/12/2025

What we wrote in the article ” Patriotic Code: from DDoSia and NoName057(16) to CISM, the algorithm that shapes youth for Putin ” on Red Hot Cyber on July 23rd is now fully consistent with the information made public by the United States Department of Justice . Back in July we described how DDoSia worked and the role of NoName057(16) in recruiting volunteers for DDoS attacks via Telegram, highlighting how behind what appeared to be an activity of ” patriotic cyber-volunteering ” there was a centralized coordination and infrastructure attributable to figures linked to the CISM , a pro-Russian government body. Today’s

NATO Cyber Coalition Exercise: Enhancing Cyber Defense with 1,300 Experts

Redazione RHC 06/12/2025

NATO held its largest-ever cyber defense exercise, Cyber Coalition, in Estonia, involving approximately 1,300 specialists . The goal was to practice protecting critical infrastructure from large-scale cyber attacks, simulating scenarios involving power plants, refueling terminals, commercial satellites, and military communications networks. Cyber Coalition was conceived from the outset not as a basic cybersecurity exercise, but as a platform for simulating complex, multi-layered incidents. The scenarios are based on the experience of real conflicts in various regions of the world , including attempts to destabilize social conditions, disrupt energy supplies and communications , limit the capabilities of the armed forces, and weaken public

RHC interviews ShinyHunters: “Systems can be repaired, but people remain vulnerable!”

RHC Dark Lab 17/09/2025

ShinyHunters is a group of threat actors that gained notoriety after the massive data breach against Salesforce, an incident that led Google to closely monitor them and assign them the code name UNC6240. The Salesforce breach would allow attackers to gain easy access to a large number of companies in a wide range of industries. In recent days, many companies have shared official statements about the breaches they have suffered, but many others have not yet made any public statements. The group recently gained notoriety after a massive data breach targeting Salesforce, an incident that prompted Google to closely monitor them and

RHC interviews Sector16, one of the most active hacktivist groups of 2025. “Let’s destroy the present for a better future”

RHC Dark Lab 11/07/2025

In recent months, two disturbing episodes have shaken public opinion and the Italian cybersecurity sector. The first concerned an Italian hospital, violated in its most sensitive heart: videos of patients and operating rooms ended up online, exposing not only the inadequacy of protection systems, but also the vulnerability of our own digital humanity. Other episodes, we have seen them hit the SCADA systems of hotels and other infrastructure, where full access to critical facilities has been obtained by two groups: Overflame and Sector16. The latter, Sector16, are the subject of our exclusive interview. A name that until recently was known only among

What was the first ransomware in history? Discovering Trojan AIDS

Redazione RHC 09/07/2025

We often talk about ransomware on Red Hot Cyber and criminal cyber gangs. But who invented this dangerous cyber blackmail “weapon”? Today, ransomware attacks have become familiar to most people, especially given the escalation in recent years that has targeted Italian hospitals and critical infrastructure, such as the Colonial Pipeline of the United States of America. The first ransomware in history While today ransomware attacks occur through malware injected into systems from a phishing email or a malicious exposure of a company’s administrative tools (as we saw in the article on Ransomware as a Service), the first ransomware in history was distributed

What is ransomware? Let’s explore how RaaS works and what it means.

Redazione RHC 09/07/2025

Many people often want to understand the ransomware phenomenon precisely, its meaning, the methods of violation, and the crime that revolves around it, struggling to find information scattered across thousands of articles. This article aims to answer all these questions, providing a comprehensive, yet simple, guide to understanding this phenomenon as a whole. On the pages of every newspaper, we hear about huge cyber breaches, million-dollar ransoms, cyber gangs, RaaS, and cyber warfare. These are all words that can be very confusing for people who aren’t specialized in cyber security. With this article we want to explain what ransomware is, how the

Linux Pwned! Privilege Escalation on SUDO in 5 seconds. HackerHood tests the CVE-2025-32463 exploit

Redazione RHC 02/07/2025

Yesterday, Red Hot Cyber published an in-depth analysis of a gserious vulnerability discovered in SUDO (CVE-2025-32463), which allows escalation of privileges to root in Linux environments by exploiting an abuse of the chroot function. The exploit, made public by Stratascale, demonstrates how a non-privileged user can obtain root access through a precise chain of operations that exploit incorrect behavior in the management of child processes in environments chroot. Field testing: Manuel Roccon from the HackerHood group speaks Manuel Roccon, a researcher from the Red Hot Cyber HackerHood group, wanted to get his hands on the exploit to concretely verify its scope and

North Korean Hackers on the Payroll: How Companies Paid Salaries to North Korean IT Specialists

Redazione RHC 02/07/2025

The US Department of Justice has announced the discovery ofa large-scale scheme in which fake IT specialists from the DPRK obtained jobs at American companies by posing as citizens of other countries. In fact, we at Red Hot Cyber have been talking about it for some time now that many companies were hiring North Korean employees, who were also interviewing for jobs through deepfake systems. North Korean programmers have reportedly obtained jobs at over 100 US companies using fake or stolen identities. In addition to the salary, they stole classified information and transferred it to Pyongyang’s servers. They were also interested in

Do you really know what Hacktivism means? It’s a “special message of hope!”

Redazione RHC 02/07/2025

“Hacktivism, a special message of hope.” Thus begins the “Hacktivism Declaration”, published on July 4, 2001 by the famous hacker group Cult of the dead Cow (also called cDc or Omega). “Free speech is under siege on the fringes of the internet. Several countries are censoring access to the web…” In the beginning there was activism This is the activity that attempts to promote, impede, direct or intervene in social, political and economic reforms, with the main desire to initiate strong changes within a society through demonstrations, sit-ins, hunger strikes and much more. Following the advent of microcomputers and the rise of

The Race to 0day! China Advances in Offensive Cyberpower, While the US Is Forced to Chase

Redazione RHC 30/06/2025

China’s growing rise has prompted U.S. officials to strongly emphasize the need to improve its offensive cyber capabilities. However, some doubts remain about the ability to meet the challenge, given the heavy dependence on foreign suppliers and the lack of adequate cyber skills at the domestic level, which could negatively impact the availability of resources and manpower. Industry experts point out that China has now converted the East Asian security ecosystem into a unique opportunity for itself. Since 2016, Beijing has embarked on a strategy of purchasing and acquiring unique hacking tools, intended for military and intelligence purposes, precluding the United States

Category