Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Enterprise BusinessLog 320x200 1
TM RedHotCyber 970x120 042543

Tag: #cybersecurity

ENISA takes on the role of Root in the European Cybersecurity Initiative (CVE).

Redazione RHC 27/11/2025

The European Union Agency for Cybersecurity (ENISA) has taken on the role of Root within the Common Vulnerabilities and Exposures (CVE) programme, becoming the main point of reference for national authorities, EU CSIRTs and partners falling within its mandate. The new role expands on the Agency’s existing functions as Vulnerability Numbering Authority (CNA), which is responsible for assigning CVE identifiers and publishing the related records for reports managed by European CSIRTs, an operational role that has been active since January 2024. ENISA Executive Director Juhan Lepassaar highlighted how this change strengthens the Agency’s ability to support vulnerability management within the Union, contributing

Supply Chain Attack on OpenAI: Analytics Provider Mixpanel Compromised

Redazione RHC 27/11/2025

OpenAI has confirmed a security incident at Mixpanel, a third-party analytics provider used for its APIs. According to the investigation, the cause of the security incident involving OpenAI and Mixpanel has been identified as a breach of Mixpanel’s systems, ruling out any involvement of OpenAI’s infrastructure. The preliminary investigation indicates that an attacker gained unauthorized access to a portion of the Mixpanel environment and extracted a dataset containing limited identifying information about some OpenAI API users. OpenAI has stated that the incident did not affect users of ChatGPT or other consumer products. Mixpanel Incident: What Happened? The OpenAI Mixpanel security incident began

Tor Boosts Security with Counter Galois Onion CGO Encryption

Redazione RHC 27/11/2025

The Tor project has announced the introduction of a new encryption scheme, called Counter Galois Onion (CGO) , intended to replace the previous Tor1 Relay method. The update aims to strengthen network security and counter threats from online attackers. The new system has already been implemented in Arti , the Rust implementation of Tor, and in the C version of Tor Relay. According to the development team, the old Tor1 system had three main weaknesses: vulnerability to tagging attacks , lack of forward secrecy , and insufficient authentication strength . Among these, tagging attacks are considered the most significant risk, as Tor1

EU lawmakers push for Microsoft alternative to boost tech sovereignty

Redazione RHC 26/11/2025

A group of members of the European Parliament have called for Microsoft to abandon its internal use of products and switch to European solutions. Their initiative stems from growing concerns about the dependence of key infrastructure on large American companies and the potential risks to the EU’s digital security. The authors of the appeal believe that European institutions must set an example of technological independence and lead the transition to their own platforms. The document, which will be delivered to the President of the European Parliament, Roberta Metzola, lists 38 signatories from various political groups. They insist on the need to phase

Cybersecurity in the Middle East: Egitto and Qatar Lead the Way

Redazione RHC 26/11/2025

Global attention to cybersecurity continues to grow in a context dominated by digital transformation and the rapid spread of artificial intelligence (AI) technologies, making it easier to identify vulnerabilities and conduct complex attacks. In this context, a country’s ability to ensure protection, coordination, training, and international cooperation has become a key indicator of national stability. In the 2024 Global Cybersecurity Index, Egypt and Qatar achieved a maximum score of 100, placing them among the 12 highest-performing countries globally. This result was achieved thanks to compliance with the index’s five pillars: legislative framework, technical protection, organizational structure, capacity development programs, and international collaboration

US States Crack Down on VPNs and Online Privacy for Minors

Redazione RHC 26/11/2025

Several U.S. states are debating new restrictions that could significantly change traditional approaches to online privacy . Legislators in Wisconsin and Michigan are considering initiatives to combat material deemed harmful to minors. The focus is on websites with content reserved for those aged 18 and over, as well as platforms where hate speech and other objectionable information may appear. In these debates , the idea is increasingly gaining ground that protecting minors requires not only age-based filters but also tool controls. VPN services are considered one of these tools. In this context, a bill has been introduced in Wisconsin that would require

Logitech Hit by Clop Ransomware Attack, Data Breach Exposed

Redazione RHC 26/11/2025

Logitech representatives have notified authorities of a cyberattack and a serious data breach . The notorious Clop ransomware group, which has been targeting companies for several months by exploiting a vulnerability in Oracle E-Business Suite, has claimed responsibility for the attack. The company filed a formal notification with the U.S. Securities and Exchange Commission , acknowledging the data breach. Logitech representatives report that the incident did not impact the company’s production or products, nor its business processes. Immediately after discovering the breach, the company engaged third-party cybersecurity experts to assist in the investigation. Logitech claims the compromised data includes limited employee and

Malware Uses Finger Command to Infect Windows Devices

Redazione RHC 26/11/2025

A nearly forgotten service command has returned to prominence after being spotted in new Windows device infection patterns. For decades considered a relic of the early days of the internet, the mechanism is now being used in attacks disguised as harmless controls and queries offered to victims in a Command Prompt window. The finger command, once designed to retrieve user information on Unix and Linux servers, was also present in Windows. It returned the account name, home directory, and other basic information. While the protocol is still supported, its use has largely disappeared . However, for attackers, this actually represents an advantage:

The Future of Tech: How to Navigate the Digital World

Redazione RHC 26/11/2025

There are books that explain technology and books that make you understand why you should pause for a minute before scrolling through a feed. Il Futuro Prossimo , Sandro Sana ‘s new work, available on Amazon , belongs to the second category: it doesn’t pretend to educate you, it pretends to make you think. And it does so without technicalities, without barriers, and without that distance that information technology often creates between the writer and the reader. Sandro Sana is a well-known figure in the world of Italian cybersecurity (CISO and director of the Cyber division of Eurosystem , teacher, communicator, member

GDPR Data Breach: Email Errors and Consequences

Stefano Gazzella 25/11/2025

Like it or not, sending an email to the wrong recipient constitutes a personal data breach under the GDPR. This obviously applies if the email contains personal data or if personal information can otherwise be inferred from the message. As with any data breach, assessments are necessary. In any case, the event must be recorded and documented, even if notification to the supervisory authority is not mandatory and the breach has been deemed unlikely to pose a risk to the rights and freedoms of natural persons. This is both due to the express provision of Article 33, paragraph 5 of the GDPR,

Category