Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
TM RedHotCyber 320x100 042514
Crowdstriker 970×120

Tag: dark web

Google Discontinues Dark Web Report, Shifts to Active Protection

Luca Galuppi 17/12/2025

No more useless alerts. No more passive monitoring. Less than two years after its launch, Google has decided to shut down one of the most talked-about digital security tools: the Dark Web Report . The feature, designed to help users find out if their personal data has ended up on the dark web, will cease to exist on February 16, 2026 , while scans for new breaches will stop as early as January 15, 2026 . According to the tech giant, the report “offered general information, but user feedback showed it didn’t provide concrete guidance on what to do.” Google now promises

IRS.GOV: alleged data breach affects the accounts of 18 million citizens

Redazione RHC 12/12/2025

An alleged database containing sensitive information on 18 million U.S. citizens over 65 has appeared for sale on a popular dark web forum. The advertiser, who uses the pseudonym “Frenshyny,” claims to have stolen the data directly from the government portal irs.gov , which handles, among other things, tax records and 401(k) retirement plan information. Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or misuse of this data. It is currently not possible to independently verify the

VPN Credentials on the Dark Web: A Growing Cybersecurity Threat

Redazione RHC 11/12/2025

In the darkest corners of the internet, the trafficking of stolen data and unauthorized access continues to thrive. A recent post on a closed underground forum shows 896 FortiSSL VPN credentials , complete with IP address and clear text credentials, being sold for a combined price of $3,000 . The post in the underground and the latent threat The ad, posted by a user, lists available logins for several countries, including the United States, Germany, Austria, Singapore, Japan, South Korea, Italy, the United Arab Emirates, Brazil, Switzerland, and France . The details are provided in the traditional ip:port user:password format, easily usable

OSINT Investigation: Uncovering Digital Evidence

Alexandro Irace 08/12/2025

We live in an age of almost mandatory transparency, an age in which every single digital action we take, be it a simple tap on a screen, an online search, or any form of interaction, leaves behind an indelible digital trace. This trace is not simply a disorganized set of data, but represents, in a much deeper way, the authentic imprint of our behavior, including those acts that fall within the criminal sphere. For modern law enforcement and investigators, Open Source Intelligence (OSINT) has established itself as the most effective and sharpest tool, indispensable for transforming this vast and seemingly chaotic digital

888 Data Leaker: Ryanair Breach Exposed

Luca Stivali 02/12/2025

In the underground forum landscape, there are actors who operate episodically, seeking a single media hit, and others who build an almost industrial pipeline of compromises over time, releasing technical datasets and internal information from companies around the world. Among these, one of the most recognizable profiles is the one who presents himself with the simple alias “888.” Active since at least 2024, 888 is now considered one of the most prolific data leakers on the scene , with over a hundred claimed breaches and a constant presence on the most popular English-language cybercrime forums. Unlike structured ransomware groups, it does not

RHC interviews ShinyHunters: “Systems can be repaired, but people remain vulnerable!”

RHC Dark Lab 17/09/2025

ShinyHunters is a group of threat actors that gained notoriety after the massive data breach against Salesforce, an incident that led Google to closely monitor them and assign them the code name UNC6240. The Salesforce breach would allow attackers to gain easy access to a large number of companies in a wide range of industries. In recent days, many companies have shared official statements about the breaches they have suffered, but many others have not yet made any public statements. The group recently gained notoriety after a massive data breach targeting Salesforce, an incident that prompted Google to closely monitor them and

What was the first ransomware in history? Discovering Trojan AIDS

Redazione RHC 09/07/2025

We often talk about ransomware on Red Hot Cyber and criminal cyber gangs. But who invented this dangerous cyber blackmail “weapon”? Today, ransomware attacks have become familiar to most people, especially given the escalation in recent years that has targeted Italian hospitals and critical infrastructure, such as the Colonial Pipeline of the United States of America. The first ransomware in history While today ransomware attacks occur through malware injected into systems from a phishing email or a malicious exposure of a company’s administrative tools (as we saw in the article on Ransomware as a Service), the first ransomware in history was distributed

What is ransomware? Let’s explore how RaaS works and what it means.

Redazione RHC 09/07/2025

Many people often want to understand the ransomware phenomenon precisely, its meaning, the methods of violation, and the crime that revolves around it, struggling to find information scattered across thousands of articles. This article aims to answer all these questions, providing a comprehensive, yet simple, guide to understanding this phenomenon as a whole. On the pages of every newspaper, we hear about huge cyber breaches, million-dollar ransoms, cyber gangs, RaaS, and cyber warfare. These are all words that can be very confusing for people who aren’t specialized in cyber security. With this article we want to explain what ransomware is, how the

North Korean Hackers on the Payroll: How Companies Paid Salaries to North Korean IT Specialists

Redazione RHC 02/07/2025

The US Department of Justice has announced the discovery ofa large-scale scheme in which fake IT specialists from the DPRK obtained jobs at American companies by posing as citizens of other countries. In fact, we at Red Hot Cyber have been talking about it for some time now that many companies were hiring North Korean employees, who were also interviewing for jobs through deepfake systems. North Korean programmers have reportedly obtained jobs at over 100 US companies using fake or stolen identities. In addition to the salary, they stole classified information and transferred it to Pyongyang’s servers. They were also interested in

The Race to 0day! China Advances in Offensive Cyberpower, While the US Is Forced to Chase

Redazione RHC 30/06/2025

China’s growing rise has prompted U.S. officials to strongly emphasize the need to improve its offensive cyber capabilities. However, some doubts remain about the ability to meet the challenge, given the heavy dependence on foreign suppliers and the lack of adequate cyber skills at the domestic level, which could negatively impact the availability of resources and manpower. Industry experts point out that China has now converted the East Asian security ecosystem into a unique opportunity for itself. Since 2016, Beijing has embarked on a strategy of purchasing and acquiring unique hacking tools, intended for military and intelligence purposes, precluding the United States

Category