Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Fortinet 320x100px
Banner Ransomfeed 970x120 1

Tag: #cybersecurity

The Dark Side of Internet Control: Durov’s Warning

Sandro Sana 02/12/2025

Post 462 on Durov’s official channel immediately went into “scream mode”: “ The end of the free internet. The free internet is becoming a tool of control .” No birthday wishes. Durov explains that he doesn’t feel like celebrating because, in his opinion, his generation “is running out of time to save the free Internet our fathers built for us.” What until recently seemed like the promise of an open and free web, a place for sharing, exchange, and information, is now turning into the “most powerful tool of control ever created.” Durov doesn’t go easy: he names Western governments and states

KrakenBite Phishing Service Exposed

Redazione RHC 01/12/2025

The underground cybercrime market continues to evolve rapidly, fueled by specialized groups designing and selling tools for increasingly sophisticated digital scams. Among these, a particularly active player in recent weeks is KrakenBite , known for offering turnkey phishing services to cybercriminals around the world. In a recent announcement on their channels, spotted by Red Hot Cyber’s DarkLab group, the group said they had added five new phishing pages targeting Moroccan banks , bringing the total number of pages available in their “catalogue” to 115 . The Criminal Offer: Phishing Pages for Every Market The post presents a staggering list of targeted international

ADC Aerospace Hit by Play Ransomware Attack, Data Breach Feared

Redazione RHC 01/12/2025

American aviation and defense components manufacturer ADC Aerospace has found itself in the spotlight due to a possible cyber attack by the Play ransomware group, which appeared on their blog where criminal hackers claim to have compromised company data and customer documents. Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or misuse of this data. It is currently not possible to independently verify the authenticity of the information reported, as the organization involved has not yet released

Leonardo’s Michelangelo Dome: AI-Powered Defense Against Hypersonic Threats

Redazione RHC 30/11/2025

Italian defense company Leonardo has unveiled its new Michelangelo Dome system . According to the company, it is designed to counter hypersonic missiles and mass drone attacks . During the technical presentation to the Italian Minister of Defense and Chiefs of Staff, CEO Roberto Cingolani announced plans to begin deployment as early as 2026 and reach full operational capability by 2028. The name says it all, and the resemblance to Israel’s famous Iron Dome is clearly intentional. The Israeli system, operational since 2011, served as a model. But Michelangelo Dome goes much further: it is not conceived as a single weapons system,

CISA Warns of OpenPLC ScadaBR Vulnerability Exploitation

Redazione RHC 30/11/2025

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its list of exploited vulnerabilities (KEVs), reporting a new vulnerability affecting OpenPLC ScadaBR , due to ongoing active exploitation indications. This security flaw, identified as CVE-2021-26829 with a CVSS score of 5.4, affects Windows and Linux versions of the software due to a cross-site scripting (XSS) vulnerability in the system_settings.shtm page. Just over a month after Forescout reported that a pro-Russian hacktivist group known as TwoNet had targeted its honeypot in September 2025, mistaking it for a water treatment plant, the security flaw was added to the KEV catalog. Affected versions include: “The

Apache SkyWalking Vulnerability Exposes Users to XSS Attacks

Redazione RHC 29/11/2025

A vulnerability was recently discovered in Apache SkyWalking , a popular application performance monitoring tool, that attackers could exploit to execute malicious scripts and launch cross-site scripting (XSS) attacks . The vulnerability, identified as CVE-2025-54057 , affects all versions of SkyWalking, up to version 10.2.0. This vulnerability falls under the category of ” stored cross-site scripting (XSS) .” This means that an attacker can inject malicious code into a web page, and when other users view that web page, the code will be executed in their browsers. This could lead to a variety of security issues, including the theft of login credentials

Shai-Hulud Worm Spreads Beyond npm, Attacks Maven

Redazione RHC 28/11/2025

The Shai-Hulud worm has spread beyond the npm ecosystem and was discovered in Maven . Socket specialists noticed an infected package on Maven Central containing the same malicious components used in the second wave of Shai-Hulud attacks. Experts have identified the org.mvnpm:posthog-node:4.18.1 package on Maven Central, which contains two components characteristic of Shai-Hulud: the setup_bun.js loader and the main payload bun_environment.js. Currently, this is the only Java package found containing this malware. “The PostHog project was compromised in both the JavaScript/npm and Java/Maven ecosystems, with the same payload, Shai-Hulud v2, being used in all cases,” the researchers write. It’s important to note

The market for “controlling” people is taking off on the Dark Web.

Redazione RHC 28/11/2025

BI.ZONE experts analyzed over 3,500 advertisements on darknet platforms offering dossiers on specific individuals, known as “probiv” (finding). One in five offers (21%) promises a complete profile of an individual. The market is divided into three price ranges. The budget one is a basic check based on one or two parameters: for example, searching for a person’s full name and date of birth using a phone number or email address. However, most offers (75%) are in the mid-range price range, around 20 euros. For this amount, they promise not only to verify a person’s identity using contact information, but also to compile

God is in the Cloud: They Hacked Your Brain and You Liked It

Fabrizio Saviano 28/11/2025

We’re in the age of paid deception. Your every click is a private referendum in which they, the algorithms, always win. And they’re never wrong: they observe you, profile you, know you better than your mother. You think you’re choosing the detergent, but instead, the detergent has chosen you. Advertising no longer sells products. It used to be said that you are the product, but that’s no longer the case. Advertising sells your attention, your reflexes, your tics. Manipulation today is automatic, and the beauty is that they call it “convenience.” They convince you that you make the decisions, but hitting the

ENISA takes on the role of Root in the European Cybersecurity Initiative (CVE).

Redazione RHC 27/11/2025

The European Union Agency for Cybersecurity (ENISA) has taken on the role of Root within the Common Vulnerabilities and Exposures (CVE) programme, becoming the main point of reference for national authorities, EU CSIRTs and partners falling within its mandate. The new role expands on the Agency’s existing functions as Vulnerability Numbering Authority (CNA), which is responsible for assigning CVE identifiers and publishing the related records for reports managed by European CSIRTs, an operational role that has been active since January 2024. ENISA Executive Director Juhan Lepassaar highlighted how this change strengthens the Agency’s ability to support vulnerability management within the Union, contributing

Category