Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Crowdstrike 320×100
Fortinet 970x120px

Tag: cyber threat

GhostFrame Phishing Kit: New Stealthy PhaaS Threat Emerges

Redazione RHC 14/12/2025

Barracuda has released details of a new stealthy, evasive phishing-as-a-service (PhaaS) kit that hides malicious content within web page iframes to evade detection and maximize resilience. This is the first time Barracuda has detected a complete phishing framework built around the iframe technique. Threat analysts have been monitoring the new PhaaS since September 2025 and have dubbed it GhostFrame . To date, over a million attacks have been attributed to this kit. Barracuda’s technical analysis shows that GhostFrame’s functionality is deceptively simple, yet highly effective. Unlike most phishing kits, GhostFrame uses a simple, seemingly innocuous HTML file, with all the malicious activity

French Interior Ministry Hit by Cyberattack, Data Security at Risk

Redazione RHC 12/12/2025

The French Ministry of the Interior’s email servers were targeted by a cyberattack. The hacker managed to access “several files,” but no “serious compromise” has been detected so far. The news, revealed by BFMTV , was confirmed by Interior Minister Laurent Nuñez on RTL radio. ” There was a cyberattack ,” he said. “An attacker managed to access several files .” The nature and number of files involved are not yet known, according to Laurent Nuñez, who specified that he has no ” signs of serious compromise ” at this stage. Standard security procedures have been implemented and security has been strengthened,

Telegram Losing Ground to Crackdown on Cybercrime Activities

Redazione RHC 12/12/2025

Telegram, which over the course of its history has become one of the most popular messaging apps in the world, is gradually losing its status as a convenient platform for cybercriminals. Kaspersky Lab analysts have monitored the lifecycle of hundreds of underground channels and concluded that stricter moderation is literally excluding the underground from the messaging app. Experts point out that Telegram is inferior to dedicated secure messaging apps in terms of privacy protection: chats do not use end-to-end encryption by default, the entire infrastructure is centralized, and the server code is closed. While this probably won’t pose a significant problem for

NetSupport RAT Malware Campaign Uncovered: Expert Analysis

Redazione RHC 11/12/2025

Securonix specialists have discovered a multi-layered malware campaign aimed at secretly installing the NetSupport RAT remote access tool . The attack involves a series of carefully hidden stages, each designed to ensure maximum stealth and leave minimal traces on the compromised device. The initial download of the malicious code begins with a JavaScript file injected into the hacked websites. This script has a complex structure and hidden logic that is activated only when certain conditions are met. It can detect the user’s device type and even record whether it’s their first visit to the page, allowing it to perform malicious actions only

Ransomware Attacks Decline in 2024, But Threat Remains High with $734M in Ransom

Redazione RHC 09/12/2025

According to a recently released report by the Financial Crimes Enforcement Network (FinCEN) , global ransomware activity peaked in 2023, only to plummet in 2024. This decline is attributed to successive attacks on large-scale ransomware groups, including ALPHV (BlackCat) and LockBit, through collaborative international investigations. FinCEN analyzed thousands of reports under the Bank Secrecy Act (BSA) filed by financial institutions between January 2022 and December 2024, identifying 4,194 cases of ransomware and over $2.1 billion in ransoms. This figure is nearly equal to the total reported in the eight-year period from 2013 to 2021. $4.5 billion: The ransomware economy between 2013 and

Storm-0900 Phishing Campaign Spreads XWorm Malware

Redazione RHC 04/12/2025

Over the holiday season, a coordinated attack was detected and blocked by Microsoft Threat Intelligence security analysts, involving tens of thousands of emails crafted to deceive recipients. The cybercriminal group known as Storm-0900 launched a large-scale phishing campaign, targeting users across the United States. The campaign exploited two main social engineering themes : fake parking ticket notifications and fraudulent medical test results. Microsoft Threat Intelligence analysts and security researchers discovered that this campaign led to the spread of XWorm, a widespread modular remote access malware used by many threat actors across the cyber threat landscape. In connection with the Thanksgiving holiday, attackers

ADC Aerospace Hit by Play Ransomware Attack, Data Breach Feared

Redazione RHC 01/12/2025

American aviation and defense components manufacturer ADC Aerospace has found itself in the spotlight due to a possible cyber attack by the Play ransomware group, which appeared on their blog where criminal hackers claim to have compromised company data and customer documents. Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or misuse of this data. It is currently not possible to independently verify the authenticity of the information reported, as the organization involved has not yet released

Logitech Hit by Clop Ransomware Attack, Data Breach Exposed

Redazione RHC 26/11/2025

Logitech representatives have notified authorities of a cyberattack and a serious data breach . The notorious Clop ransomware group, which has been targeting companies for several months by exploiting a vulnerability in Oracle E-Business Suite, has claimed responsibility for the attack. The company filed a formal notification with the U.S. Securities and Exchange Commission , acknowledging the data breach. Logitech representatives report that the incident did not impact the company’s production or products, nor its business processes. Immediately after discovering the breach, the company engaged third-party cybersecurity experts to assist in the investigation. Logitech claims the compromised data includes limited employee and

ClamAV

ClamAV and signatures generation

Andrea Cavallini 02/05/2024

Threat intelligence has many fields of application, starting from control of infrastructures using automation processes to security increasing the perimeter of applications and solutions in general. One of the most common applications of this concept is antimalware tools, which enterprise antivirus solutions are preferable rather than open sources due to two main aspects: enterprise solutions are covered by official support in case of any type of problem (even if this is not always true due to different type of subscriptions) and signatures in the enterprise tools are more precise and updated than open sources. What can we do to perform a significant

Category