cyber threat intelligence Archivi - Page 3 of 10

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Tag: cyber threat intelligence

Your VPN is a Trojan! Here are 17 Free Apps Made in China That Spy on You While Google and Apple Get Fat

Redazione RHC 23/06/2025

“If you don’t pay for the service, you are the product. This is true for social networks, but also for free VPNs: your data, your privacy, is often the real price to pay. Researchers at the Tech Transparency Projecthave reported that at least 17 free VPN apps with alleged ties to China are still available in the US versions of the Apple and Google stores, and big tech companies are managing to make money from these apps despite the risks to user privacy. The first investigation by TTP surfaced in April, revealing that the data of millions of users from more than two

FortiGate Under Attack: Tools for Mass Exploitation of Exposed APIs for Sale

Redazione RHC 23/06/2025

A new and alarming development is shaking up the cybersecurity landscape: a malicious actor has advertised on the dark web a highly sophisticated exploit aimed at compromising FortiGate devices. A new exploit priced at $12,000 for FortiGate firewalls has appeared for sale on the popular underground forum Exploit. The post, published by a user with the pseudonym Anon-WMG, presents a tool capable of massively compromising Fortinet devices by exploiting exposed APIs. Technical features of the exploit Called “FortiGate API Dump Exploit (~7.2 and below)”, the tool is capable of interacting with over 170 FortiGate API endpoints, with declared compatibility for versions 6.x

Massive Windows Crash: The OpenVPN Flaw That Can Knock Out Infrastructures

Redazione RHC 22/06/2025

A critical vulnerability has been discovered in the OpenVPN data channel offload driver for Windows, which can be exploited by local attackers to crash systems. The bug, classified as CVE-2025-50054, is a buffer overflow that affects 1.3.0 and earlier versions of the ovpn-dco-win driver, as well as OpenVPN versions up to 2.5.8, where that driver was used as the default virtual network adapter. “When using ovpn-dco-win, the OpenVPN software does not send data traffic back and forth between user and kernel space for encryption, decryption, and routing, but payload operations occur in the Windows kernel,” according to documentation released by OpenVPN . According to

AKIRA emergency report: the ransomware that is breaching Italy

RHC Dark Lab 22/06/2025

Spring 2025 will be remembered as a turning point in our country’s cyber chronicle. As bulletins and technical releases follow one another, one fact emerges glaringly: AKIRA has entered the Italian scene heavily. And it has done so without knocking on the door. In the report we publish today, the result of the joint work of our community and the DarkLab subgroup, which specializes in Cyber Threat Intelligence. Analysis with a technical but operational slant on the new offensive campaign of AKIRA, the ransomware-as-a-service that has made its bones abroad and now plays at home hitting large and medium-sized companies all along

RHC GhostSec interview: hacktivism in the shadows of terrorism and cyber conflict

RHC Dark Lab 12/06/2025

Ghost Security, also known as GhostSec, is a hacktivist group which emerged in the context of the cyber war against Islamic extremism. The first actions of the group date back to the aftermath of the attack on the Charlie Hebdo newsroom, January 2015. It is considered an offshoot of the Anonymous collective, from which it later partially broke away. GhostSec became known for its digital offensives against websites, social accounts and online infrastructure used by ISIS to spread propaganda and coordinate terrorist activities. The group claimed to have shut down hundreds of ISIS-affiliated accounts and helped thwart potential terrorist attacks by actively

Group-IB contributes to INTERPOL’s Operation Secure, leading to the arrest of 32 suspects linked to information stealer malware in Asia

Redazione RHC 11/06/2025

[Singapore; 11 June, 2025] Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announced today that it has contributed to INTERPOL’s “Operation Secure”, which took down the infrastructure linked to information stealers (infostealers) in Asia that claimed more than 216,000 potential victims. The operation, which was conducted from January to April 2025, resulted in the arrest of 32 suspects, taking down more than 20,000 malicious IP addresses and domains, and the seizure of 41 servers containing over 100GB of data that were linked to the cybercriminal activities. During the course of Operation Secure, Group-IB’s Threat Intelligence team

RHC Interviews NOVA Ransomware – “Expect Dangerous Attacks. No One Is Safe.” | BLACKVIEW Series

RHC Dark Lab 02/06/2025

On May 10, 2025, the City of Pisa suffered a ransomware attack within their computer systems. The next day Nova claimed the attack and on the 21st of the same month threatened to publish 2TB of data stolen from the municipality’s servers. Nova RaaS appeared the first time in the April 2025 period making itself known for its direct and humiliating public communications to victims. From their DLS there does not appear to be a particular focus on specific sectors or states. Nova revamped predecessor RaLord by even going so far as to create a customized chat system for communications with their

Rivendicato un databreach a Deloitte: credenziali GitHub e codice sorgente finiscono sul dark web

Luca Stivali 30/05/2025

Un attacco informatico ai danni di Deloitte è stato rivendicato dal threat actor “303”, che ha pubblicato su un noto forum underground un post con il titolo inequivocabile: “Deloitte.com Source Code + Internal GitHub Credentials – leaked, download!”. Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un

Apple in the crosshairs: alleged data breach of the Cupertino giant published on XSS

Redazione RHC 14/05/2025

May 14, 2025 – In the early hours of this morning, an alarming post appeared on the Russian underground forum XSS , known to be a leading showcase for the buying and selling of compromised data: the Machine1337 group claimed responsibility for an alleged breach of Apple.com’s internal systems. The post, accompanied by the logo of the famous company and signed “Breached by Machine1337”, indicates that in February 2025 Apple would have been the victim of a data breach that would have led to the exposure of internal tools. According to what was declared by the malicious actor, 3,000 files were stolen, offered in samples with a download link. The entire package is put on

healthcare ransomware attacks Europe Italy

Why Europe’s healthcare sector must build resilience to fight the threat of ransomware

Olivia Terragni 13/04/2025

Author: Andrea Nicelli, Head of Italy and Spain at Resilience Italy’s critical infrastructure is highly exposed to cyber threats, ranking fourth in the world and first in Europe for number of cyber-attacks faced in 2024. Despite being a critical hub for digital innovation, companies in the country face significant threats from cybercrime, particularly in healthcare, government and universities. These sectors lack basic IT security infrastructure, and the adoption of cyber insurance is minimal. Ransomware is one of the primary threats for Italian organisations, with institutions including the University of Siena, Bologna FC, and SynLab Italia breached last year. Ransomware remained the leading

Tag: cyber threat intelligence

Category