Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Home
And let the phishing begin! Microsoft is taking action against a zero-day exploit already exploited in Office-ServiceNow Under Attack: How an Email Can Open the Doors to Your Business-Shocking Discovery on Instagram: Private Posts Accessible Without Login!-Email Security Under Pressure: Phishing Kits to Double in 2025-How a simple Visual Studio Code file can become a backdoor for state-run hackers-And let the phishing begin! Microsoft is taking action against a zero-day exploit already exploited in Office-ServiceNow Under Attack: How an Email Can Open the Doors to Your Business-Shocking Discovery on Instagram: Private Posts Accessible Without Login!-Email Security Under Pressure: Phishing Kits to Double in 2025-How a simple Visual Studio Code file can become a backdoor for state-run hackers
Banner Ancharia Mobile 1
TM RedHotCyber 970x120 042543

Red Hot Cyber. The Cybersecurity Blog

    149 Million Accounts Exposed: The Database No One Should Have Seen
    Massimiliano Brolli | Cybercrime | 26/01/2026

    A recent leak revealed 149 million logins and passwords exposed online , including accounts for financial services, social media, gaming, and dating sites. The discovery was made by researcher Jeremia...

    When Malware Hides in Videos! The PixelCode Technique Breaks the Rules
    Marcello Filacchioni | Cybercrime | 26/01/2026

    PixelCode began as a research project exploring a hidden technique for storing binary data within images or videos . Instead of leaving a plaintext executable, the file is converted into pixel data, t...

    CISA alert: Exploit underway against VMware vCenter. Risk of RCE without authentication.
    Manuel Roccon | Cyber News | 25/01/2026

    The critical vulnerability recently added to the Cybersecurity and Infrastructure Security Agency (CISA) catalog of known exploited vulnerabilities (KEVs) affects the Broadcom VMware vCenter Server an...

    “I Stole 120,000 Bitcoins”: The Confession of the Bitfinex Hacker Who Now Wants to Defend Cyberspace
    Agostino Pellegrino | Cyber News | 25/01/2026

    The story ofIlya Lichtenstein, the hacker responsible for one of the largest cyber attacks ever carried out against cryptocurrencies, reads like an episode of a TV series, yet it is absolutely real. A...

    NoName057(16) hits Italy 487 times in the last 3 months: the DDoS wave does not stop
    Marcello Filacchioni | Cyber News | 24/01/2026

    Italy has confirmed itself as one of the main targets of the DDoS attack campaign carried out by the hacktivist group NoName057(16) . According to what was declared directly by the collective, our cou...

    Nearly 2,000 bugs in 100 dating apps: How your data can be stolen
    Agostino Pellegrino | Cyber News | 23/01/2026

    A study of 100 dating apps revealed a disturbing picture: nearly 2,000 vulnerabilities were detected, 17% of which were classified as critical. The analysis was conducted by AppSec Solutions. The stud...

    MacSync: The macOS malware that empties your wallet… after weeks
    Massimiliano Brolli | Cyber News | 23/01/2026

    A new malware campaign has emerged in the macOS world, one that relies not on sophisticated exploits, but on good old-fashioned social engineering. It’s powered by the MacSync malware, distributed usi...

    PurpleBravo’s Contagious Interview: Malware Campaign Targets Global Firms
    Sandro Sana | Cyber News | 22/01/2026

    For over a year, the North Korean group PurpleBravo has been running a targeted malware campaign called “Contagious Interview,” using fake job interviews to attack companies in Europe, Asia, the Middl...

    KONNI Malware Targets Crypto Developers with AI-Powered Attacks
    Stefano Gazzella | Cyber News | 22/01/2026

    Check Point Research recently discovered a sophisticated phishing campaign orchestrated by KONNI , a threat group linked to North Korea . Historically focused on diplomatic targets in South Korea, the...

    Cisco Zero-Day Vulnerability CVE-2026-20045 Actively Exploited
    Agostino Pellegrino | Vulnerability | 22/01/2026

    A critical zero-day remote code execution (RCE) vulnerability, identified as CVE-2026-20045, has been discovered by Cisco and is being actively exploited in active attacks. Cisco has urged immediate p...

    Precedente Successivo

    Ultime news

    FortiGate and FortiCloud SSO: When Patches Don’t Really Close the Door Vulnerability

    FortiGate and FortiCloud SSO: When Patches Don’t Really Close the Door

    A widespread and dangerous belief has been circulating in the security world for years: “if it's patched, it's safe” ....
    Luca Stivali - 23 January 2026
    Your MFA is no longer enough: Phishing kits bypass multi-factor authentication Cyber News

    Your MFA is no longer enough: Phishing kits bypass multi-factor authentication

    The amount of PhaaS kit has doubled since last year, according to an analysis by Barracuda Networks, placing increased pressure...
    Redazione RHC - 23 January 2026
    Nearly 2,000 bugs in 100 dating apps: How your data can be stolen Cyber News

    Nearly 2,000 bugs in 100 dating apps: How your data can be stolen

    A study of 100 dating apps revealed a disturbing picture: nearly 2,000 vulnerabilities were detected, 17% of which were classified...
    Agostino Pellegrino - 23 January 2026
    MacSync: The macOS malware that empties your wallet… after weeks Cyber News

    MacSync: The macOS malware that empties your wallet… after weeks

    A new malware campaign has emerged in the macOS world, one that relies not on sophisticated exploits, but on good...
    Massimiliano Brolli - 23 January 2026
    He arrived in America with $200 and ended up in a reformatory: today he controls 90% of the world’s AI innovation

    He arrived in America with $200 and ended up in a reformatory: today he controls 90% of the world’s AI

    How three insiders with just $200 in their pockets reached a market capitalization of $5 trillion and created the company...
    Carlo Denza - 23 January 2026
    The Thin Red Line of Criminal Liability in Cybersecurity Culture

    The Thin Red Line of Criminal Liability in Cybersecurity

    This article is the first in a series of three articles exploring the delicate relationship between cybersecurity professionals and the...
    Paolo Galdieri - 23 January 2026
    « Precedente   Successivo »

    Cisco Zero-Day Vulnerability CVE-2026-20045 Actively Exploited

    A critical zero-day remote code execution (RCE) vulnerability, identified as CVE-2026-20045, has been discovered by Cisco and is being actively exploited in active attacks. Cisco has urged immediate patching, and...

    - January 22nd, 2026

    Share on Facebook Share on LinkedIn Share on X

    Cybersecurity in Local Administrations: The Hidden Risk

    There's a convenient misconception in Italy: thinking that cybersecurity is a matter for ministries or large strategic players. It's reassuring. And it's wrong. In the real design of public connectivity,...

    - January 22nd, 2026

    Share on Facebook Share on LinkedIn Share on X

    UK Organizations Hit by Russia-Backed DDoS Attacks

    The UK's National Cyber Security Centre has issued a strong warning regarding a series of denial-of-service (DDoS) attacks targeting British organizations. This phenomenon has not gone unnoticed by authorities, who...

    - January 22nd, 2026

    Share on Facebook Share on LinkedIn Share on X

    GitLab Security Update Fixes Critical Vulnerabilities CVE-2026-0723

    An urgent security update has been released by GitLab for the Community (CE) and Enterprise (EE) editions to address several high-severity vulnerabilities. These vulnerabilities expose installations to potential denial-of-service (DoS)...

    - January 21st, 2026

    Share on Facebook Share on LinkedIn Share on X

    Critical Telnetd Vulnerability in GNU InetUtils Allows Root Access

    A critical security flaw has been discovered in the telnetd server component of GNU InetUtils, involving remote authentication bypass . A security researcher reported the vulnerability on January 19, 2026....

    - January 21st, 2026

    Share on Facebook Share on LinkedIn Share on X

    Red Hot Cyber and Hack The Box: together for the CTF at the RHC 2026 conference

    In the Italian and European cybersecurity landscape, few collaborations manage to combine educational vision, technical realism, and community impact as effectively as the partnership announced between Red Hot Cyber and...

    - January 21st, 2026

    Share on Facebook Share on LinkedIn Share on X

    Everest Ransomware Attacks McDonald’s, 861GB Data Stolen

    Yesterday, the Everest cybercriminal gang claimed responsibility for a cyberattack on McDonald's on their Data Leak Site (DLS) . From the gang's post, the cybercriminals claim to have 861GB of...

    - January 21st, 2026

    Share on Facebook Share on LinkedIn Share on X

    ESXi Zero-Day Exploit: How to Protect Your VMware Environment

    A group of attackers is using a zero-day exploit toolkit to compromise VMware ESXi instances in an uncontrolled manner, taking advantage of multiple vulnerabilities to bypass virtual machine restrictions. The...

    - January 20th, 2026

    Share on Facebook Share on LinkedIn Share on X

    VoidLink Malware: AI-Generated Threat for Linux Systems

    We had already talked about VoidLink a few days ago , it is a framework composed of over 30 modules that can be combined to meet specific attacker objectives on...

    - January 20th, 2026

    Share on Facebook Share on LinkedIn Share on X

    Google Fast Pair Vulnerability: WhisperPair Exposes Millions of Devices

    Researchers from the Cybersecurity and Industrial Cryptography team at KU Leuven have discovered a critical flaw in the Google Fast Pair protocol. The vulnerability allows attackers to hijack control of...

    - January 19th, 2026

    Share on Facebook Share on LinkedIn Share on X

    Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE

    Featured Articles

    Immagine del sitoCyber News
    And let the phishing begin! Microsoft is taking action against a zero-day exploit already exploited in Office
    Redazione RHC - 27/01/2026

    Once again, Microsoft was forced to quickly fix some flaws. The company has released unscheduled patches for Microsoft Office, addressing a dangerous zero-day vulnerability that has already been exploited in cyberattacks. The issue, identified as…

    Immagine del sitoCyber News
    ServiceNow Under Attack: How an Email Can Open the Doors to Your Business
    Redazione RHC - 27/01/2026

    The recent discovery of a vulnerability in ServiceNow’s AI platform has shaken the cybersecurity industry. This flaw, characterized by an extremely high severity score, allowed unauthenticated attackers to impersonate any corporate user. To launch the…

    Immagine del sitoCybercrime
    149 Million Accounts Exposed: The Database No One Should Have Seen
    Massimiliano Brolli - 26/01/2026

    A recent leak revealed 149 million logins and passwords exposed online , including accounts for financial services, social media, gaming, and dating sites. The discovery was made by researcher Jeremiah Fowler and shared with ExpressVPN.…

    Immagine del sitoCybercrime
    When Malware Hides in Videos! The PixelCode Technique Breaks the Rules
    Marcello Filacchioni - 26/01/2026

    PixelCode began as a research project exploring a hidden technique for storing binary data within images or videos . Instead of leaving a plaintext executable, the file is converted into pixel data, transforming each byte…

    Immagine del sitoCyber News
    How a simple Visual Studio Code file can become a backdoor for state-run hackers
    Redazione RHC - 26/01/2026

    Security researchers have recently observed a worrying evolution in the offensive tactics attributed to North Korean-linked actors as part of the campaign known as Contagious Interview : no longer simple fake job interview scams, but…