Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Fortinet 320x100px
Banner Desktop

Tag: Malware

RHC interviews ShinyHunters: “Systems can be repaired, but people remain vulnerable!”

RHC Dark Lab 17/09/2025

ShinyHunters is a group of threat actors that gained notoriety after the massive data breach against Salesforce, an incident that led Google to closely monitor them and assign them the code name UNC6240. The Salesforce breach would allow attackers to gain easy access to a large number of companies in a wide range of industries. In recent days, many companies have shared official statements about the breaches they have suffered, but many others have not yet made any public statements. The group recently gained notoriety after a massive data breach targeting Salesforce, an incident that prompted Google to closely monitor them and

What was the first ransomware in history? Discovering Trojan AIDS

Redazione RHC 09/07/2025

We often talk about ransomware on Red Hot Cyber and criminal cyber gangs. But who invented this dangerous cyber blackmail “weapon”? Today, ransomware attacks have become familiar to most people, especially given the escalation in recent years that has targeted Italian hospitals and critical infrastructure, such as the Colonial Pipeline of the United States of America. The first ransomware in history While today ransomware attacks occur through malware injected into systems from a phishing email or a malicious exposure of a company’s administrative tools (as we saw in the article on Ransomware as a Service), the first ransomware in history was distributed

What is ransomware? Let’s explore how RaaS works and what it means.

Redazione RHC 09/07/2025

Many people often want to understand the ransomware phenomenon precisely, its meaning, the methods of violation, and the crime that revolves around it, struggling to find information scattered across thousands of articles. This article aims to answer all these questions, providing a comprehensive, yet simple, guide to understanding this phenomenon as a whole. On the pages of every newspaper, we hear about huge cyber breaches, million-dollar ransoms, cyber gangs, RaaS, and cyber warfare. These are all words that can be very confusing for people who aren’t specialized in cyber security. With this article we want to explain what ransomware is, how the

The Race to 0day! China Advances in Offensive Cyberpower, While the US Is Forced to Chase

Redazione RHC 30/06/2025

China’s growing rise has prompted U.S. officials to strongly emphasize the need to improve its offensive cyber capabilities. However, some doubts remain about the ability to meet the challenge, given the heavy dependence on foreign suppliers and the lack of adequate cyber skills at the domestic level, which could negatively impact the availability of resources and manpower. Industry experts point out that China has now converted the East Asian security ecosystem into a unique opportunity for itself. Since 2016, Beijing has embarked on a strategy of purchasing and acquiring unique hacking tools, intended for military and intelligence purposes, precluding the United States

Citrix: New Critical Vulnerability from 9.2 Affects NetScaler – Attacks Underway!

Redazione RHC 26/06/2025

Citrix has reported a new critical vulnerability in its NetScaler appliances, already actively exploited by attackers. The problem is identified with the identifier CVE-2025-6543 and affects the popular NetScaler ADC and NetScaler Gateway solutions used by companies for remote access and network perimeter protection. As reported in the official note from Citrix, exploits for this vulnerability have already been observed in real attacks. CVE-2025-6543 (CVSS score: 9.2) allows a remote, unauthenticated special request to be sent, resulting in device malfunction and unavailable operation. In particular, this isa complete disruption that can paralyze the functioning of the company’s infrastructure. The vulnerability affects versions of

Fox Kitten and Br0k3r: The Iranian Cyber Contractor Collaborating with Ransomware Gangs

Redazione RHC 26/06/2025

We continue our series of articles on IABs by writing about an Iranian cyber contractor that not only works as an initial access broker but also provides support to ransomware gangs to fill their and their own pockets with money. In a CISA report published in August 2024, CISA, the FBI and the DoD Cyber Crimes Division say that an Iranian group known as “Pioneer Kitten”, “Fox Kitten”, “UNC757”, “Parisite”, “RUBIDIUM” or “Lemon Sandstorm” has been successful in cyber crime by selling access to hackable corporate networks. The group has also operated under other names such as “Br0k3r” and “xplfinder” and has

REvil: Sentenced but then set free. The most controversial court case ever

Redazione RHC 26/06/2025

Do you remember the infamous REvil cyber gang? The Russian hacker group responsible for some of the most devastating ransomware attacks in the early days of this global threat, known for posting their criminal exploits on the popular underground forum “Happy Blog”. The Dzerzhinsky Court in St. Petersburg has convicted four more participants in the REvil (aka Sodinokibi) hacking group case, according to media reports. All those convicted were given actual prison sentences, but the defendants were released, having already served their full sentences in pre-trial detention, during the investigation and trial. REvil’s activities ceased in January 2022, after the FSB announced the

Shock in France: the gentlemen of BreachForums were twenty-year-old French citizens!

Redazione RHC 25/06/2025

Shocking news in France: one of the largest global cybercrime networks dismantled. The BreachForum hackers were… French. French authorities have busted a large cybercrime operation, arresting five young French hackers responsible for running BreachForum, one of the world’s most active underground digital marketplaces for buying and selling stolen data. The operation was conducted with synchronized raids across France. At first, it was believed that Russian groups or groups operating in Russian-speaking territories were behind BreachForum. But investigations by the Brigade de la Crime Intérieur (BL2C) of the Paris police headquarters have turned the tables: four of the main managers of the forum

Zero-Click Attack on Notepad++. HackerHood Tested the Exploit and It Really Works with Little

Redazione RHC 25/06/2025

A dangerous vulnerability has been discovered in the latest version of the popular text editor Notepad++ that allows an attacker togain complete control over the system. The vulnerability has been identified as CVE-2025-49144 and affects version 8.8.1 of the installer, released on May 5, 2025. The issue is related to the “binary file replacement” technique, where the installer accesses executable files from the current working directory without proper verification. Researchers have discovered that an attacker can install a malicious file, such as a modified regsvr32.exe file, in the same folder where the installer is located. Upon startup, the installer will automatically download the malicious

US-Iran Cyberwar: DHS Raises Alarm, American Networks Under Attack

Redazione RHC 24/06/2025

The United States has warned of possible cyber attacks by pro-Iranian groups following a series of airstrikes against Iranian nuclear facilities, as part of the armed conflict between Iran and Israel that began on June 13, 2025. The US Department of Homeland Security (DHS) said that the current situation creates a “elevated threat” in the country’s cyberspace. The department said that hacktivists, as well as groups associated with Iranian government agencies, will most likely focus their attacks on American networks and vulnerable devices connected to the Internet. According to the DHS, such activities have already been recorded: these are low-level attacks aimed at creating

Category