Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
UtiliaCS 320x100
970x20 Itcentric

Tag: threat intelligence

Storm-0900 Phishing Campaign Spreads XWorm Malware

Redazione RHC 04/12/2025

Over the holiday season, a coordinated attack was detected and blocked by Microsoft Threat Intelligence security analysts, involving tens of thousands of emails crafted to deceive recipients. The cybercriminal group known as Storm-0900 launched a large-scale phishing campaign, targeting users across the United States. The campaign exploited two main social engineering themes : fake parking ticket notifications and fraudulent medical test results. Microsoft Threat Intelligence analysts and security researchers discovered that this campaign led to the spread of XWorm, a widespread modular remote access malware used by many threat actors across the cyber threat landscape. In connection with the Thanksgiving holiday, attackers

Cybersecurity in December: How Compliance Hurries Leave Companies Vulnerable

Ambra Santoro 03/12/2025

December isn’t just about Christmas lights: for those working in cybersecurity, it’s the month when the human factor collapses and companies rush to buy solutions just to be “compliant” for the new year. A perfect breeding ground for mistakes, vulnerabilities, and choices that will be paid dearly in 2026. Frenzy, Tiredness and Lurking Attackers The arrival of December brings with it a strange mix of frenzy and vulnerability. On the one hand, employees, still stunned by the endless Black Friday deals, are dragging themselves towards Christmas with inboxes full of fake “order confirmations.” On the other hand, there are IT managers and

Maha Grass APT Group Unleashes StreamSpy Malware Attacks

Redazione RHC 03/12/2025

The Patchwork cyber espionage group — also known as Hangover or Dropping Elephant and internally tracked by QiAnXin as APT-Q-36 — has been active since 2009 and is believed to be close to South Asia. Over the years, it has targeted government agencies, the military, research institutions, diplomacy, industry, and educational institutions in several Asian countries, conducting large-scale intelligence gathering operations. The QiAnXin Threat Intelligence Center has identified a new Trojan attributed to the Maha Grass organization, which uses a combination of WebSocket and HTTP protocols to communicate with command and control servers. The malware, dubbed StreamSpy , retrieves instructions via a

888 Data Leaker: Ryanair Breach Exposed

Luca Stivali 02/12/2025

In the underground forum landscape, there are actors who operate episodically, seeking a single media hit, and others who build an almost industrial pipeline of compromises over time, releasing technical datasets and internal information from companies around the world. Among these, one of the most recognizable profiles is the one who presents himself with the simple alias “888.” Active since at least 2024, 888 is now considered one of the most prolific data leakers on the scene , with over a hundred claimed breaches and a constant presence on the most popular English-language cybercrime forums. Unlike structured ransomware groups, it does not

Brazilian Systems Targeted in Sophisticated OAST Exploit Campaign

Redazione RHC 01/12/2025

Security researchers have discovered a sophisticated exploit campaign that leverages a private out-of-band application security testing (OAST) service hosted on Google Cloud infrastructure. The campaign primarily targets systems in Brazil and exploits over 200 common vulnerabilities (CVEs). Attack method OAST endpoints typically help attackers verify the success of exploits for command execution, server-side request forgery (SSRF), and deserialization. Most attackers use publicly available OAST services such as toast.fun and interact.sh , but the authors of this threat operation operated a private domain called i-sh.detectors-testing.com. VulnCheck’s Canary threat intelligence system detected approximately 1,400 exploit attempts related to this infrastructure between October 12 and

CISA Warns of OpenPLC ScadaBR Vulnerability Exploitation

Redazione RHC 30/11/2025

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its list of exploited vulnerabilities (KEVs), reporting a new vulnerability affecting OpenPLC ScadaBR , due to ongoing active exploitation indications. This security flaw, identified as CVE-2021-26829 with a CVSS score of 5.4, affects Windows and Linux versions of the software due to a cross-site scripting (XSS) vulnerability in the system_settings.shtm page. Just over a month after Forescout reported that a pro-Russian hacktivist group known as TwoNet had targeted its honeypot in September 2025, mistaking it for a water treatment plant, the security flaw was added to the KEV catalog. Affected versions include: “The

GitLab Security Updates Fix High-Severity Vulnerabilities CVE-2024-9183

Redazione RHC 29/11/2025

GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address several high-severity vulnerabilities . The newly released patches 18.6.1, 18.5.3, and 18.4.5 address security vulnerabilities that could allow attackers to bypass authentication, steal user credentials, or launch denial-of-service (DoS) attacks on compromised servers . GitLab security experts and administrators are encouraged to update their self-hosted instances immediately . GitLab.com has completed the patch rollout to protect users. Title Severity Race condition issue in CI/CD cache impacts GitLab CE/EE High Denial of Service issue in JSON input validation middleware impacts GitLab CE/EE High Authentication bypass issue

ToddyCat APT Group Targets Microsoft 365 Email Security

Redazione RHC 27/11/2025

Email security continues to be one of the most critical points in modern cyber attacks. While compromising a Windows domain is already a success for a malicious actor, gaining access to corporate email accounts can open the door to espionage, fraud, extortion, and difficult-to-detect lateral movement . ToddyCat: The ability to target any organization It is in this context that the operational evolution of ToddyCat takes place, an APT group already known for its advanced techniques and its ability to target government and military organizations. In recent months, the group has demonstrated a significant leap in quality, introducing new ways to access

Category