Red Hot Cyber. The Cybersecurity Blog
Featured Articles
A vulnerability, designated CVE-2025-61757, was made public by Searchlight Cyber last Thursday. Company researchers discovered the issue and notified Oracle, which led to its disclosure. Oracle fixed ...
Microsoft has disclosed a critical vulnerability in SharePoint Online (discovered by RHC through our ongoing monitoring of critical CVEs on our portal), identified as CVE‑2025‑59245 , with a CVSS ...
The ransomware landscape is changing. The most exposed actors—LockBit, Hunters International, and Trigona—have paid the price for overexposure, including international operations, infiltrations, d...
A critical vulnerability, CVE-2025-9501, has been discovered in the popular WordPress plugin W3 Total Cache . This vulnerability allows the execution of arbitrary PHP commands on the server without au...
Exactly 40 years ago, on November 20, 1985, Microsoft released Windows 1.0 , the first version of Windows, which attempted to transform the then-personal computer from a machine with a monotonous comm...
Oracle under attack: Pre-auth RCE vulnerability discovered that compromises entire systems
CrowdStrike Insider Fired for Providing Sensitive Data to Criminal Hackers
Sysmon will finally be integrated into Windows 11 and Windows Server 2025 in 2026
Sneaky2FA: The phishing scam that steals credentials with browser-in-the-browser attacks
TamperedChef: Malware via Fake App Installers
Whoever took down Cloudflare during the outage put their infrastructure at risk
Oracle under attack: Pre-auth RCE vulnerability discovered that compromises entire systems
Redazione RHC - November 22nd, 2025
A vulnerability, designated CVE-2025-61757, was made public by Searchlight Cyber last Thursday. Company researchers discovered the issue and notified Oracle, which led to its disclosure. Oracle fixed CVE-2025-61757 with the...
CrowdStrike Insider Fired for Providing Sensitive Data to Criminal Hackers
Redazione RHC - November 22nd, 2025
In recent months, the insider problem has become increasingly important for large companies , and one recent episode involved CrowdStrike. The cybersecurity firm has in fact removed an employee believed...
Sysmon will finally be integrated into Windows 11 and Windows Server 2025 in 2026
Redazione RHC - November 22nd, 2025
Microsoft has announced that it will integrate the popular Sysmon tool directly into Windows 11 and Windows Server 2025 in 2026. The announcement was made by Sysinternals creator Mark Russinovich....
Sneaky2FA: The phishing scam that steals credentials with browser-in-the-browser attacks
Redazione RHC - November 22nd, 2025
Push Security specialists have noticed that the Sneaky2FA phishing platform now supports browser-in-the-browser attacks, which allow the creation of fake login windows and the theft of credentials and sessions. Sneaky2FA...
TamperedChef: Malware via Fake App Installers
Redazione RHC - November 21st, 2025
The large-scale TamperedChef campaign is once again attracting the attention of specialists, as attackers continue to distribute malware via fake installers of popular applications. This scam, disguised as legitimate software,...
Whoever took down Cloudflare during the outage put their infrastructure at risk
Redazione RHC - November 21st, 2025
A major outage in Cloudflare's infrastructure has unexpectedly tested the robustness of the cloud and its security systems for many businesses. On November 18, service outages caused websites around the...
Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE