Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
320×100
Crowdstriker 970×120

Tag: Malware

“Jailbreak as a Service” is Coming: 60 Euros a Month to Purchase Cybercrime-Ready AI Systems

Redazione RHC 24/06/2025

According to a report by Cato Networks, cybercriminals continue to actively use LLM patterns in their attacks. Specifically, we are talking about versions of theGrok and Mixtral patterns that have been deliberately modified to bypass built-in restrictions and generate malicious content. Apparently, one such modified version of Grok appeared on the popular forum BreachForums in February 2025. It was posted by a user with the pseudonym Keanu. The tool is a wrapper around the original Grok model and is controlled via a specially written system prompt. This is how the authors ensure that the model bypasses protection mechanisms and generates phishing emails, malicious code, and hacking instructions. A

$200 for Access to an Italian Company! While the Dark Web is doing business, are you ready to defend yourself?

Redazione RHC 24/06/2025

Following the case of the 568 endpoints of an Italian industrial machinery company, another compromised access related to an Italian software engineering company has ended up for sale on an underground forum frequented by Initial Access Brokers and ransomware actors. The listing, posted by the user spartanking, offers full access to a server with local administrator privileges and remote control via AnyDesk. The ad clearly states that the compromised system is joined to an Active Directory domain. As stated in the post: The access would therefore allow elevated privileges on at least one server. In a screenshot, the compromised system is noted to be aMicrosoft Windows Server 2012 R2 Standard installed

Cloudflare Mitigates 7.3 Terabits Per Second Attack. Imagine 9350 HD Movies Downloaded in 45 Seconds

Redazione RHC 23/06/2025

In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: 7.3 terabits per second (Tbps). This event comes shortly after the release of the DDoS Threat Report for Q1 2025 on April 27, 2025, which highlighted attacks reaching 6.5 Tbps and 4.8 billion packets per second (pps). 37.4 terabytes isn’t a huge number by today’s standards, but downloading 37.4 terabytes in just 45 seconds is. That’s the equivalent of flooding the internet with over 9,350 HD movies or streaming 7,480 hours of uninterrupted high-definition video (nearly a year’s worth of back-to-back TV binge-watching) in just 45 seconds. If it were music,

Your VPN is a Trojan! Here are 17 Free Apps Made in China That Spy on You While Google and Apple Get Fat

Redazione RHC 23/06/2025

“If you don’t pay for the service, you are the product. This is true for social networks, but also for free VPNs: your data, your privacy, is often the real price to pay. Researchers at the Tech Transparency Projecthave reported that at least 17 free VPN apps with alleged ties to China are still available in the US versions of the Apple and Google stores, and big tech companies are managing to make money from these apps despite the risks to user privacy. The first investigation by TTP surfaced in April, revealing that the data of millions of users from more than two

FortiGate Under Attack: Tools for Mass Exploitation of Exposed APIs for Sale

Redazione RHC 23/06/2025

A new and alarming development is shaking up the cybersecurity landscape: a malicious actor has advertised on the dark web a highly sophisticated exploit aimed at compromising FortiGate devices. A new exploit priced at $12,000 for FortiGate firewalls has appeared for sale on the popular underground forum Exploit. The post, published by a user with the pseudonym Anon-WMG, presents a tool capable of massively compromising Fortinet devices by exploiting exposed APIs. Technical features of the exploit Called “FortiGate API Dump Exploit (~7.2 and below)”, the tool is capable of interacting with over 170 FortiGate API endpoints, with declared compatibility for versions 6.x

RHC GhostSec interview: hacktivism in the shadows of terrorism and cyber conflict

RHC Dark Lab 12/06/2025

Ghost Security, also known as GhostSec, is a hacktivist group which emerged in the context of the cyber war against Islamic extremism. The first actions of the group date back to the aftermath of the attack on the Charlie Hebdo newsroom, January 2015. It is considered an offshoot of the Anonymous collective, from which it later partially broke away. GhostSec became known for its digital offensives against websites, social accounts and online infrastructure used by ISIS to spread propaganda and coordinate terrorist activities. The group claimed to have shut down hundreds of ISIS-affiliated accounts and helped thwart potential terrorist attacks by actively

Group-IB contributes to INTERPOL’s Operation Secure, leading to the arrest of 32 suspects linked to information stealer malware in Asia

Redazione RHC 11/06/2025

[Singapore; 11 June, 2025] Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announced today that it has contributed to INTERPOL’s “Operation Secure”, which took down the infrastructure linked to information stealers (infostealers) in Asia that claimed more than 216,000 potential victims. The operation, which was conducted from January to April 2025, resulted in the arrest of 32 suspects, taking down more than 20,000 malicious IP addresses and domains, and the seizure of 41 servers containing over 100GB of data that were linked to the cybercriminal activities. During the course of Operation Secure, Group-IB’s Threat Intelligence team

Rivendicato un databreach a Deloitte: credenziali GitHub e codice sorgente finiscono sul dark web

Luca Stivali 30/05/2025

Un attacco informatico ai danni di Deloitte è stato rivendicato dal threat actor “303”, che ha pubblicato su un noto forum underground un post con il titolo inequivocabile: “Deloitte.com Source Code + Internal GitHub Credentials – leaked, download!”. Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un

VanHelsing RaaS: An Expanding Ransomware-as-a-Service Model

Pietro Melillo 22/03/2025

The ransomware threat landscape is constantly evolving, with increasingly structured groups adopting sophisticated strategies to maximize profits. VanHelsing is a new player positioning itself in the Ransomware-as-a-Service (RaaS) market, a model that enables even cybercriminals with limited expertise to conduct advanced attacks using an automated platform. Following the February 23, 2025 announcement on an underground forum regarding the VanHelsing RaaS affiliate program, the ransomware group has officially published its first possible victim on its Data Leak Site (DLS). Less than a month after its launch, the appearance of the first compromised organization confirms that VanHelsing is now actively operating. Although the DLS

Paragon Spyware – Let’s talk about privacy and governments

Alessio Stefan 18/03/2025

Politics, information technology, and privacy. A triad continually seeking balance with a history of conflict that originates from the introduction of personal computers at the consumer level. Attempts by the U.S. government in preventing access to “strong enough” cryptography for foreign nationals and states were numerous from 1990 onward. Dubbed as the “Crypto Wars,” such attempts were aimed at maintaining an acceptable level to warrant potential decryption by government agencies for public security reasons. Out of this context came the Pretty Good Privacy (PGP) software that allowed authentication and private communications. The use of PGP was widely adopted by a large segment

Category