Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
320×100
Banner Ransomfeed 970x120 1

Tag: cyber threat intelligence

Citrix: New Critical Vulnerability from 9.2 Affects NetScaler – Attacks Underway!

Redazione RHC 26/06/2025

Citrix has reported a new critical vulnerability in its NetScaler appliances, already actively exploited by attackers. The problem is identified with the identifier CVE-2025-6543 and affects the popular NetScaler ADC and NetScaler Gateway solutions used by companies for remote access and network perimeter protection. As reported in the official note from Citrix, exploits for this vulnerability have already been observed in real attacks. CVE-2025-6543 (CVSS score: 9.2) allows a remote, unauthenticated special request to be sent, resulting in device malfunction and unavailable operation. In particular, this isa complete disruption that can paralyze the functioning of the company’s infrastructure. The vulnerability affects versions of

Fox Kitten and Br0k3r: The Iranian Cyber Contractor Collaborating with Ransomware Gangs

Redazione RHC 26/06/2025

We continue our series of articles on IABs by writing about an Iranian cyber contractor that not only works as an initial access broker but also provides support to ransomware gangs to fill their and their own pockets with money. In a CISA report published in August 2024, CISA, the FBI and the DoD Cyber Crimes Division say that an Iranian group known as “Pioneer Kitten”, “Fox Kitten”, “UNC757”, “Parisite”, “RUBIDIUM” or “Lemon Sandstorm” has been successful in cyber crime by selling access to hackable corporate networks. The group has also operated under other names such as “Br0k3r” and “xplfinder” and has

REvil: Sentenced but then set free. The most controversial court case ever

Redazione RHC 26/06/2025

Do you remember the infamous REvil cyber gang? The Russian hacker group responsible for some of the most devastating ransomware attacks in the early days of this global threat, known for posting their criminal exploits on the popular underground forum “Happy Blog”. The Dzerzhinsky Court in St. Petersburg has convicted four more participants in the REvil (aka Sodinokibi) hacking group case, according to media reports. All those convicted were given actual prison sentences, but the defendants were released, having already served their full sentences in pre-trial detention, during the investigation and trial. REvil’s activities ceased in January 2022, after the FSB announced the

Shock in France: the gentlemen of BreachForums were twenty-year-old French citizens!

Redazione RHC 25/06/2025

Shocking news in France: one of the largest global cybercrime networks dismantled. The BreachForum hackers were… French. French authorities have busted a large cybercrime operation, arresting five young French hackers responsible for running BreachForum, one of the world’s most active underground digital marketplaces for buying and selling stolen data. The operation was conducted with synchronized raids across France. At first, it was believed that Russian groups or groups operating in Russian-speaking territories were behind BreachForum. But investigations by the Brigade de la Crime Intérieur (BL2C) of the Paris police headquarters have turned the tables: four of the main managers of the forum

Zero-Click Attack on Notepad++. HackerHood Tested the Exploit and It Really Works with Little

Redazione RHC 25/06/2025

A dangerous vulnerability has been discovered in the latest version of the popular text editor Notepad++ that allows an attacker togain complete control over the system. The vulnerability has been identified as CVE-2025-49144 and affects version 8.8.1 of the installer, released on May 5, 2025. The issue is related to the “binary file replacement” technique, where the installer accesses executable files from the current working directory without proper verification. Researchers have discovered that an attacker can install a malicious file, such as a modified regsvr32.exe file, in the same folder where the installer is located. Upon startup, the installer will automatically download the malicious

US-Iran Cyberwar: DHS Raises Alarm, American Networks Under Attack

Redazione RHC 24/06/2025

The United States has warned of possible cyber attacks by pro-Iranian groups following a series of airstrikes against Iranian nuclear facilities, as part of the armed conflict between Iran and Israel that began on June 13, 2025. The US Department of Homeland Security (DHS) said that the current situation creates a “elevated threat” in the country’s cyberspace. The department said that hacktivists, as well as groups associated with Iranian government agencies, will most likely focus their attacks on American networks and vulnerable devices connected to the Internet. According to the DHS, such activities have already been recorded: these are low-level attacks aimed at creating

“Jailbreak as a Service” is Coming: 60 Euros a Month to Purchase Cybercrime-Ready AI Systems

Redazione RHC 24/06/2025

According to a report by Cato Networks, cybercriminals continue to actively use LLM patterns in their attacks. Specifically, we are talking about versions of theGrok and Mixtral patterns that have been deliberately modified to bypass built-in restrictions and generate malicious content. Apparently, one such modified version of Grok appeared on the popular forum BreachForums in February 2025. It was posted by a user with the pseudonym Keanu. The tool is a wrapper around the original Grok model and is controlled via a specially written system prompt. This is how the authors ensure that the model bypasses protection mechanisms and generates phishing emails, malicious code, and hacking instructions. A

$200 for Access to an Italian Company! While the Dark Web is doing business, are you ready to defend yourself?

Redazione RHC 24/06/2025

Following the case of the 568 endpoints of an Italian industrial machinery company, another compromised access related to an Italian software engineering company has ended up for sale on an underground forum frequented by Initial Access Brokers and ransomware actors. The listing, posted by the user spartanking, offers full access to a server with local administrator privileges and remote control via AnyDesk. The ad clearly states that the compromised system is joined to an Active Directory domain. As stated in the post: The access would therefore allow elevated privileges on at least one server. In a screenshot, the compromised system is noted to be aMicrosoft Windows Server 2012 R2 Standard installed

“Cleaning Up” Windows Update! Microsoft Declares War on Drivers Exploited in Ransomware Attacks

Redazione RHC 24/06/2025

Microsoft announced that it will periodically remove outdated drivers from the Windows Update Catalog to reduce risk and improve compatibility. “The goal of this initiative is to provide the best set of drivers on Windows Update for the various hardware solutions in the Windows ecosystem and help keep Microsoft Windows secure,” the company said in a statement. Microsoft also added that “This initiative will periodically clean up drivers on Windows Update, which will result in some drivers not being deployed on systems in our ecosystem.” As the company has clarified, the first phase of the “cleanup” procedure will affect drivers for which Windows Update

Cloudflare Mitigates 7.3 Terabits Per Second Attack. Imagine 9350 HD Movies Downloaded in 45 Seconds

Redazione RHC 23/06/2025

In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: 7.3 terabits per second (Tbps). This event comes shortly after the release of the DDoS Threat Report for Q1 2025 on April 27, 2025, which highlighted attacks reaching 6.5 Tbps and 4.8 billion packets per second (pps). 37.4 terabytes isn’t a huge number by today’s standards, but downloading 37.4 terabytes in just 45 seconds is. That’s the equivalent of flooding the internet with over 9,350 HD movies or streaming 7,480 hours of uninterrupted high-definition video (nearly a year’s worth of back-to-back TV binge-watching) in just 45 seconds. If it were music,

Category