cybercrime Archivi - Red Hot Cyber

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Tag: cybercrime

RHC interviews Sector16, one of the most active hacktivist groups of 2025. “Let’s destroy the present for a better future”

RHC Dark Lab 11/07/2025

In recent months, two disturbing episodes have shaken public opinion and the Italian cybersecurity sector. The first concerned an Italian hospital, violated in its most sensitive heart: videos of patients and operating rooms ended up online, exposing not only the inadequacy of protection systems, but also the vulnerability of our own digital humanity. Other episodes, we have seen them hit the SCADA systems of hotels and other infrastructure, where full access to critical facilities has been obtained by two groups: Overflame and Sector16. The latter, Sector16, are the subject of our exclusive interview. A name that until recently was known only among

What was the first ransomware in history? Discovering Trojan AIDS

Redazione RHC 09/07/2025

We often talk about ransomware on Red Hot Cyber and criminal cyber gangs. But who invented this dangerous cyber blackmail “weapon”? Today, ransomware attacks have become familiar to most people, especially given the escalation in recent years that has targeted Italian hospitals and critical infrastructure, such as the Colonial Pipeline of the United States of America. The first ransomware in history While today ransomware attacks occur through malware injected into systems from a phishing email or a malicious exposure of a company’s administrative tools (as we saw in the article on Ransomware as a Service), the first ransomware in history was distributed

What is ransomware? Let’s explore how RaaS works and what it means.

Redazione RHC 09/07/2025

Many people often want to understand the ransomware phenomenon precisely, its meaning, the methods of violation, and the crime that revolves around it, struggling to find information scattered across thousands of articles. This article aims to answer all these questions, providing a comprehensive, yet simple, guide to understanding this phenomenon as a whole. On the pages of every newspaper, we hear about huge cyber breaches, million-dollar ransoms, cyber gangs, RaaS, and cyber warfare. These are all words that can be very confusing for people who aren’t specialized in cyber security. With this article we want to explain what ransomware is, how the

Linux Pwned! Privilege Escalation on SUDO in 5 seconds. HackerHood tests the CVE-2025-32463 exploit

Redazione RHC 02/07/2025

Yesterday, Red Hot Cyber published an in-depth analysis of a gserious vulnerability discovered in SUDO (CVE-2025-32463), which allows escalation of privileges to root in Linux environments by exploiting an abuse of the chroot function. The exploit, made public by Stratascale, demonstrates how a non-privileged user can obtain root access through a precise chain of operations that exploit incorrect behavior in the management of child processes in environments chroot. Field testing: Manuel Roccon from the HackerHood group speaks Manuel Roccon, a researcher from the Red Hot Cyber HackerHood group, wanted to get his hands on the exploit to concretely verify its scope and

North Korean Hackers on the Payroll: How Companies Paid Salaries to North Korean IT Specialists

Redazione RHC 02/07/2025

The US Department of Justice has announced the discovery ofa large-scale scheme in which fake IT specialists from the DPRK obtained jobs at American companies by posing as citizens of other countries. In fact, we at Red Hot Cyber have been talking about it for some time now that many companies were hiring North Korean employees, who were also interviewing for jobs through deepfake systems. North Korean programmers have reportedly obtained jobs at over 100 US companies using fake or stolen identities. In addition to the salary, they stole classified information and transferred it to Pyongyang’s servers. They were also interested in

Cyber Security: CISA and NSA Recommend Secure Programming Languages

Redazione RHC 28/06/2025

The main US cybersecurity agencies, CISA and NSA, have published a joint document recommending that software developers opt for programming languages considered “memory safe”. These languages are designed to provide protection against critical crashes caused by memory management errors, which are one of the most dangerous and frequent types of vulnerabilities. The document highlights that unauthorized memory access errors continue to be a major threat to both regular users and critical information systems. However, languages such as Rust, Go, C#, Java, Swift, Python and JavaScript mitigate this risk by performing static checks on memory allocation during compilation, significantly reducing the likelihood of

Citrix: New Critical Vulnerability from 9.2 Affects NetScaler – Attacks Underway!

Redazione RHC 26/06/2025

Citrix has reported a new critical vulnerability in its NetScaler appliances, already actively exploited by attackers. The problem is identified with the identifier CVE-2025-6543 and affects the popular NetScaler ADC and NetScaler Gateway solutions used by companies for remote access and network perimeter protection. As reported in the official note from Citrix, exploits for this vulnerability have already been observed in real attacks. CVE-2025-6543 (CVSS score: 9.2) allows a remote, unauthenticated special request to be sent, resulting in device malfunction and unavailable operation. In particular, this isa complete disruption that can paralyze the functioning of the company’s infrastructure. The vulnerability affects versions of

Fox Kitten and Br0k3r: The Iranian Cyber Contractor Collaborating with Ransomware Gangs

Redazione RHC 26/06/2025

We continue our series of articles on IABs by writing about an Iranian cyber contractor that not only works as an initial access broker but also provides support to ransomware gangs to fill their and their own pockets with money. In a CISA report published in August 2024, CISA, the FBI and the DoD Cyber Crimes Division say that an Iranian group known as “Pioneer Kitten”, “Fox Kitten”, “UNC757”, “Parisite”, “RUBIDIUM” or “Lemon Sandstorm” has been successful in cyber crime by selling access to hackable corporate networks. The group has also operated under other names such as “Br0k3r” and “xplfinder” and has

REvil: Sentenced but then set free. The most controversial court case ever

Redazione RHC 26/06/2025

Do you remember the infamous REvil cyber gang? The Russian hacker group responsible for some of the most devastating ransomware attacks in the early days of this global threat, known for posting their criminal exploits on the popular underground forum “Happy Blog”. The Dzerzhinsky Court in St. Petersburg has convicted four more participants in the REvil (aka Sodinokibi) hacking group case, according to media reports. All those convicted were given actual prison sentences, but the defendants were released, having already served their full sentences in pre-trial detention, during the investigation and trial. REvil’s activities ceased in January 2022, after the FSB announced the

Shock in France: the gentlemen of BreachForums were twenty-year-old French citizens!

Redazione RHC 25/06/2025

Shocking news in France: one of the largest global cybercrime networks dismantled. The BreachForum hackers were… French. French authorities have busted a large cybercrime operation, arresting five young French hackers responsible for running BreachForum, one of the world’s most active underground digital marketplaces for buying and selling stolen data. The operation was conducted with synchronized raids across France. At first, it was believed that Russian groups or groups operating in Russian-speaking territories were behind BreachForum. But investigations by the Brigade de la Crime Intérieur (BL2C) of the Paris police headquarters have turned the tables: four of the main managers of the forum

Tag: cybercrime

Category