Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Fortinet 320x100px
970x120

Tag: patch management

FortiGate Vulnerability Exploited: Update Now to Prevent SSO Attacks

Redazione RHC 16/12/2025

Threat actors began actively exploiting the high-severity vulnerabilities shortly after the vendor disclosed them to bypass authentication on FortiGate devices. A recent report from Arctic Wolf reveals that, as of December 12, 2025, these vulnerabilities are being exploited by attackers to gain administrator access through Single Sign-On (SSO) and steal sensitive system configurations. The vulnerabilities CVE-2025-59718 and CVE-2025-59719, with a critical CVSS score of 9.1, are targeted by attacks. Without a key, an unauthenticated attacker can gain entry through the front door by exploiting these vulnerabilities, which allow them to bypass SSO protections using spoofed SAML messages. Arctic Wolf researchers noted: “However,

Critical Windows Vulnerability CVE-2025-59230 Exposed

Redazione RHC 15/12/2025

Windows services dedicated to remote connections have always been an inexhaustible source of “satisfaction” for those involved in cybersecurity, revealing vulnerabilities of enormous impact. Among the most famous examples is EternalBlue , discovered and kept secret for five years by the NSA, before being stolen by the Shadow Brokers group and used in the global WannaCry outbreak in 2017, which infected millions of computers and caused extensive damage to public institutions and private companies. Another emblematic case was BlueKeep , a vulnerability in the Windows RDP service that allowed unauthenticated remote code execution on unpatched systems. These incidents demonstrate how remote connection

Microsoft Windows LNK Vulnerability Exploited by Hackers

Redazione RHC 06/12/2025

Experts have discovered that in the summer of 2025, Microsoft patched a dangerous vulnerability in Windows that had been actively exploited by at least 11 hacker groups, including North Korean APTs and large groups like Evil Corp. This is CVE-2025-949, which allowed attackers to hide malicious commands within LNK files and execute malware undetected on a compromised device. The root of the problem lies in the way Windows handles LNK links. Attackers padded the Target field in the LNK file with spaces to hide malicious command line arguments . The file properties only show the first 260 characters of the Target field,

Apache Tika Vulnerability CVE-2025-66516: Critical XXE Attack Risk

Redazione RHC 06/12/2025

A critical vulnerability has been published in Apache Tika that could allow an XML external entity injection attack, known as XXE . The vulnerability, classified as CVE-2025-66516, has a CVE severity rating of 10.0, indicating maximum severity. CVE-2025-66516 is believed to be identical to CVE-2025-54988 (CVSS score: 8.4), another XXE flaw in the content detection and analysis framework, which was fixed by the project maintainers in August 2025. The new CVE, the Apache Tika team said, broadens the scope of affected packages in two ways. The critical flaw exists in the Apache Tika modules, specifically tika-core (versions 1.13 to 3.2.1), tika-pdf-module (versions

React2Shell Vulnerability Exploited by China-Linked Hackers, Patch Now

Redazione RHC 06/12/2025

We often discuss on this site that the window between the publication of an exploit and the launch of active attacks is drastically shrinking. For this reason, it’s increasingly crucial to increase attention to system patching, adopting timely and rigorous update processes to minimize the risk of compromise. Two hacker groups with ties to China began exploiting a critical vulnerability in React Server components just hours after it was publicly disclosed . The vulnerability, CVE-2025-55182, has a maximum vulnerability rating of 10 and has been nicknamed ” React2Shell ” by the community. It allows remote code execution without authentication on the vulnerable

React2Shell Vulnerability: 8.7M Servers at Risk – CVE-2025-55182

Redazione RHC 05/12/2025

In 2025, the IT and security communities are buzzing with excitement over a single name: ” React2Shell .” With the disclosure of a new vulnerability, CVE-2025-55182, classified as CVSS 10.0, developers and security experts around the world are warning of its severity, even using the term “2025 Log4Shell.” This threat affects approximately 8,777,000 servers worldwide, including approximately 87,000 in Italy. This suggests that, with a severity score of 10, this could be one of the most significant threats of the year, and it’s becoming “active.” The new Log4Shell of 2025 Indeed, it has been confirmed that the Chinese hacker community has already

Splunk Enterprise Vulnerability: CVE-2025-20386 and CVE-2025-20387

Redazione RHC 05/12/2025

Security researchers have discovered two high-risk vulnerabilities (CVE-2025-20386 and CVE-2025-20387, with CVSS severity 8.0) affecting the Splunk Enterprise platform and Universal Forwarder components. These vulnerabilities result from incorrect permissions on configuration files during software deployment on Windows systems , allowing non-administrative users to access the Splunk installation directory and its entire contents. This vulnerability is not a traditional remote code execution vulnerability, but rather expands the attack surface through local security degradation. In the affected versions: Splunk has released a fixed version and users are advised to update immediately: For users who cannot upgrade immediately, you can run the following commands using

Apache HTTP Server Update Fixes Critical Security Vulnerabilities

Redazione RHC 05/12/2025

The Apache Software Foundation has released a significant update for its popular Apache HTTP Server , addressing a total of five separate security vulnerabilities. Administrators are recommended to apply this update as soon as possible to ensure their web infrastructure is protected against the identified vectors. The newly released version 2.4.66 represents a comprehensive fix for issues including both infinite loops during certificate renewal and possible NTLM credential leaks on Windows operating systems. Two of the identified vulnerabilities, rated “moderate,” pose specific risks to shared hosting configurations using suexec and Windows environments, while the remaining three are labeled “low” severity. Among the

Citrix: New Critical Vulnerability from 9.2 Affects NetScaler – Attacks Underway!

Redazione RHC 26/06/2025

Citrix has reported a new critical vulnerability in its NetScaler appliances, already actively exploited by attackers. The problem is identified with the identifier CVE-2025-6543 and affects the popular NetScaler ADC and NetScaler Gateway solutions used by companies for remote access and network perimeter protection. As reported in the official note from Citrix, exploits for this vulnerability have already been observed in real attacks. CVE-2025-6543 (CVSS score: 9.2) allows a remote, unauthenticated special request to be sent, resulting in device malfunction and unavailable operation. In particular, this isa complete disruption that can paralyze the functioning of the company’s infrastructure. The vulnerability affects versions of

RHC Interviews Lynx Ransomware. The cyber-gang offering Pentest services ensuring privacy

RHC Dark Lab 23/09/2024

In July 2024, the Lynx group burst into the RaaS world, which from the outset demonstrated above-average aggressiveness and success in attacks with a total of 22 victims featured on their Data Leak Site (also available in the clearnet). Lynx’s victim categories are mainly Construction (ex:/ Miller Boskus Lack Architects and True Blue Environmental), Finance (ex:/ Pyle Group) and Hotel (ex:/ Warwick Hotels & Resorts andRiverside Resort Hotel & Casino). Lynx performs double extortion techniques and a high frequency of attacks in the U.S. but also in the UK, Canada, and Australia. The group describes their activities as exclusively “financially motivated” and

Category