intelligence Archivi - Red Hot Cyber

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.

Tag: intelligence

What was the first ransomware in history? Discovering Trojan AIDS

Redazione RHC 09/07/2025

We often talk about ransomware on Red Hot Cyber and criminal cyber gangs. But who invented this dangerous cyber blackmail “weapon”? Today, ransomware attacks have become familiar to most people, especially given the escalation in recent years that has targeted Italian hospitals and critical infrastructure, such as the Colonial Pipeline of the United States of America. The first ransomware in history While today ransomware attacks occur through malware injected into systems from a phishing email or a malicious exposure of a company’s administrative tools (as we saw in the article on Ransomware as a Service), the first ransomware in history was distributed

What is ransomware? Let’s explore how RaaS works and what it means.

Redazione RHC 09/07/2025

Many people often want to understand the ransomware phenomenon precisely, its meaning, the methods of violation, and the crime that revolves around it, struggling to find information scattered across thousands of articles. This article aims to answer all these questions, providing a comprehensive, yet simple, guide to understanding this phenomenon as a whole. On the pages of every newspaper, we hear about huge cyber breaches, million-dollar ransoms, cyber gangs, RaaS, and cyber warfare. These are all words that can be very confusing for people who aren’t specialized in cyber security. With this article we want to explain what ransomware is, how the

Linux Pwned! Privilege Escalation on SUDO in 5 seconds. HackerHood tests the CVE-2025-32463 exploit

Redazione RHC 02/07/2025

Yesterday, Red Hot Cyber published an in-depth analysis of a gserious vulnerability discovered in SUDO (CVE-2025-32463), which allows escalation of privileges to root in Linux environments by exploiting an abuse of the chroot function. The exploit, made public by Stratascale, demonstrates how a non-privileged user can obtain root access through a precise chain of operations that exploit incorrect behavior in the management of child processes in environments chroot. Field testing: Manuel Roccon from the HackerHood group speaks Manuel Roccon, a researcher from the Red Hot Cyber HackerHood group, wanted to get his hands on the exploit to concretely verify its scope and

Do you really know what Hacktivism means? It’s a “special message of hope!”

Redazione RHC 02/07/2025

“Hacktivism, a special message of hope.” Thus begins the “Hacktivism Declaration”, published on July 4, 2001 by the famous hacker group Cult of the dead Cow (also called cDc or Omega). “Free speech is under siege on the fringes of the internet. Several countries are censoring access to the web…” In the beginning there was activism This is the activity that attempts to promote, impede, direct or intervene in social, political and economic reforms, with the main desire to initiate strong changes within a society through demonstrations, sit-ins, hunger strikes and much more. Following the advent of microcomputers and the rise of

The Race to 0day! China Advances in Offensive Cyberpower, While the US Is Forced to Chase

Redazione RHC 30/06/2025

China’s growing rise has prompted U.S. officials to strongly emphasize the need to improve its offensive cyber capabilities. However, some doubts remain about the ability to meet the challenge, given the heavy dependence on foreign suppliers and the lack of adequate cyber skills at the domestic level, which could negatively impact the availability of resources and manpower. Industry experts point out that China has now converted the East Asian security ecosystem into a unique opportunity for itself. Since 2016, Beijing has embarked on a strategy of purchasing and acquiring unique hacking tools, intended for military and intelligence purposes, precluding the United States

Critical Vulnerabilities Discovered in Hundreds of Brother and Other Printers

Redazione RHC 27/06/2025

Hundreds of printer models from Brother and other manufacturers (Fujifilm, Toshiba, Ricoh and Konica Minolta) have been found to be vulnerable to serious vulnerabilities discovered by researchers at Rapid7. For example, the printers come with a default administrator password that can be generated by remote attackers. In total, experts have identified eight different issues in Brother printers: CVE Description What does it affect? CVSS CVE-2024-51977 An unauthenticated attacker can cause the leak of sensitive information. HTTP (port 80), HTTPS (port 443), IPP (port 631) 5.3 points CVE-2024-51978 An unauthenticated attacker can generate a default password for the administrator. HTTP (port 80), HTTPS

Pope warns: “AI is not the devil, but it can become one without ethics”

Redazione RHC 27/06/2025

The head of the Catholic Churchhas expressed concern about the way today’s children and adolescents interact with digital technologies. In his viewthe abundance of information available through neural networks and other intelligent systems can seriously affect the mental and intellectual development of the younger generations. Pope Leo XIV has warned of the risks thatthe rapid development of artificial intelligence could pose to young people. He expressed his position at the Second Annual Rome Conference on AI, part of which is being held in the Vatican. At the same time, the Pontiff noted that artificial intelligence in itself does not pose a threat. It can be

Citrix: New Critical Vulnerability from 9.2 Affects NetScaler – Attacks Underway!

Redazione RHC 26/06/2025

Citrix has reported a new critical vulnerability in its NetScaler appliances, already actively exploited by attackers. The problem is identified with the identifier CVE-2025-6543 and affects the popular NetScaler ADC and NetScaler Gateway solutions used by companies for remote access and network perimeter protection. As reported in the official note from Citrix, exploits for this vulnerability have already been observed in real attacks. CVE-2025-6543 (CVSS score: 9.2) allows a remote, unauthenticated special request to be sent, resulting in device malfunction and unavailable operation. In particular, this isa complete disruption that can paralyze the functioning of the company’s infrastructure. The vulnerability affects versions of

Fox Kitten and Br0k3r: The Iranian Cyber Contractor Collaborating with Ransomware Gangs

Redazione RHC 26/06/2025

We continue our series of articles on IABs by writing about an Iranian cyber contractor that not only works as an initial access broker but also provides support to ransomware gangs to fill their and their own pockets with money. In a CISA report published in August 2024, CISA, the FBI and the DoD Cyber Crimes Division say that an Iranian group known as “Pioneer Kitten”, “Fox Kitten”, “UNC757”, “Parisite”, “RUBIDIUM” or “Lemon Sandstorm” has been successful in cyber crime by selling access to hackable corporate networks. The group has also operated under other names such as “Br0k3r” and “xplfinder” and has

REvil: Sentenced but then set free. The most controversial court case ever

Redazione RHC 26/06/2025

Do you remember the infamous REvil cyber gang? The Russian hacker group responsible for some of the most devastating ransomware attacks in the early days of this global threat, known for posting their criminal exploits on the popular underground forum “Happy Blog”. The Dzerzhinsky Court in St. Petersburg has convicted four more participants in the REvil (aka Sodinokibi) hacking group case, according to media reports. All those convicted were given actual prison sentences, but the defendants were released, having already served their full sentences in pre-trial detention, during the investigation and trial. REvil’s activities ceased in January 2022, after the FSB announced the

Tag: intelligence

Category