Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Fortinet 320x100px
Crowdstriker 970×120

Tag: phishing

AI-Generated Scams: New Threats with Deepfake Photos and Videos

Redazione RHC 07/12/2025

Criminals are increasingly using photos and videos from public sources to pass them off as evidence of an alleged kidnapping. The FBI warns that criminals are altering the images they find to make them look as real as possible, depicting a specific person being held against their will and then sending them to relatives along with threats . Often, these are completely fabricated stories, while the victim sleeps peacefully at home, unaware of what’s happening. But investigators are also noticing a more disturbing trend: scammers are monitoring missing persons posters, selecting photos of missing persons, and using them to pressure families. Essentially,

Leroy Merlin Cyberattack Exposes Personal Data of French Customers

Redazione RHC 04/12/2025

A cyberattack has affected Leroy Merlin, involving the personal data of numerous customers in France, impacting hundreds of thousands of individuals. Leroy Merlin assures that “additional security measures have been implemented” with enhanced surveillance. “Data protection is a top priority for the brand,” adds the management, specifying that the CNIL (National Commission for Information Technology and Civil Liberties) has also been informed of the situation. The stolen data primarily includes contact information, such as dates of birth, phone numbers, email addresses, names, addresses, and loyalty program information. This information is enough to support highly credible phishing campaigns, tailored frauds, and social engineering

KrakenBite Phishing Service Exposed

Redazione RHC 01/12/2025

The underground cybercrime market continues to evolve rapidly, fueled by specialized groups designing and selling tools for increasingly sophisticated digital scams. Among these, a particularly active player in recent weeks is KrakenBite , known for offering turnkey phishing services to cybercriminals around the world. In a recent announcement on their channels, spotted by Red Hot Cyber’s DarkLab group, the group said they had added five new phishing pages targeting Moroccan banks , bringing the total number of pages available in their “catalogue” to 115 . The Criminal Offer: Phishing Pages for Every Market The post presents a staggering list of targeted international

Microsoft 365 Security Risk: Interface Poisoning Attacks

Massimiliano Dal Cero 01/12/2025

This article analyzes the disclosure submitted to Microsoft and available in English on digitaldefense , where images, demonstration videos and a Python code example are available. In recent years, digital communications security has amplified a certain paradigm: attacks no longer aim simply to violate the infrastructure, but to dismantle user trust by exploiting every type of cognitive hook. If email, calendars, and collaboration platforms represent the center of gravity of corporate life, the most effective attack surface is not the purely technical one, but the one capable of impacting the human factor. The phenomenon analyzed in this article certainly doesn’t concern marginal

Supply Chain Attack on OpenAI: Analytics Provider Mixpanel Compromised

Redazione RHC 27/11/2025

OpenAI has confirmed a security incident at Mixpanel, a third-party analytics provider used for its APIs. According to the investigation, the cause of the security incident involving OpenAI and Mixpanel has been identified as a breach of Mixpanel’s systems, ruling out any involvement of OpenAI’s infrastructure. The preliminary investigation indicates that an attacker gained unauthorized access to a portion of the Mixpanel environment and extracted a dataset containing limited identifying information about some OpenAI API users. OpenAI has stated that the incident did not affect users of ChatGPT or other consumer products. Mixpanel Incident: What Happened? The OpenAI Mixpanel security incident began

Cybersecurity in the Middle East: Egitto and Qatar Lead the Way

Redazione RHC 26/11/2025

Global attention to cybersecurity continues to grow in a context dominated by digital transformation and the rapid spread of artificial intelligence (AI) technologies, making it easier to identify vulnerabilities and conduct complex attacks. In this context, a country’s ability to ensure protection, coordination, training, and international cooperation has become a key indicator of national stability. In the 2024 Global Cybersecurity Index, Egypt and Qatar achieved a maximum score of 100, placing them among the 12 highest-performing countries globally. This result was achieved thanks to compliance with the index’s five pillars: legislative framework, technical protection, organizational structure, capacity development programs, and international collaboration

Category