Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Home
Beware of WhatsApp groups: An image can compromise your smartphone.-ServiceNow Under Attack: How an Email Can Open the Doors to Your Business-149 Million Accounts Exposed: The Database No One Should Have Seen-Shocking Discovery on Instagram: Private Posts Accessible Without Login!-Email Security Under Pressure: Phishing Kits to Double in 2025-Beware of WhatsApp groups: An image can compromise your smartphone.-ServiceNow Under Attack: How an Email Can Open the Doors to Your Business-149 Million Accounts Exposed: The Database No One Should Have Seen-Shocking Discovery on Instagram: Private Posts Accessible Without Login!-Email Security Under Pressure: Phishing Kits to Double in 2025
Fortinet 320x100px
970x120 Olympous

Red Hot Cyber. The Cybersecurity Blog

    And let the phishing begin! Microsoft is taking action against a zero-day exploit already exploited in Office
    Pietro Melillo | Cyber News | 27/01/2026

    Once again, Microsoft was forced to quickly fix some flaws. The company has released unscheduled patches for Microsoft Office, addressing a dangerous zero-day vulnerability that has already been explo...

    When Malware Hides in Videos! The PixelCode Technique Breaks the Rules
    Marcello Filacchioni | Cybercrime | 26/01/2026

    PixelCode began as a research project exploring a hidden technique for storing binary data within images or videos . Instead of leaving a plaintext executable, the file is converted into pixel data, t...

    CISA alert: Exploit underway against VMware vCenter. Risk of RCE without authentication.
    Manuel Roccon | Cyber News | 25/01/2026

    The critical vulnerability recently added to the Cybersecurity and Infrastructure Security Agency (CISA) catalog of known exploited vulnerabilities (KEVs) affects the Broadcom VMware vCenter Server an...

    “I Stole 120,000 Bitcoins”: The Confession of the Bitfinex Hacker Who Now Wants to Defend Cyberspace
    Agostino Pellegrino | Cyber News | 25/01/2026

    The story ofIlya Lichtenstein, the hacker responsible for one of the largest cyber attacks ever carried out against cryptocurrencies, reads like an episode of a TV series, yet it is absolutely real. A...

    NoName057(16) hits Italy 487 times in the last 3 months: the DDoS wave does not stop
    Marcello Filacchioni | Cyber News | 24/01/2026

    Italy has confirmed itself as one of the main targets of the DDoS attack campaign carried out by the hacktivist group NoName057(16) . According to what was declared directly by the collective, our cou...

    BlueNoroff: The Hacker Group Revolutionizing Cybercrime
    Marcello Filacchioni | Cyber News | 23/01/2026

    The BlueNoroff hacker group has long since transformed cybercrime into a high-tech business, with tens of millions of dollars, cryptocurrency assets, and entire financial ecosystems at stake. A report...

    Nearly 2,000 bugs in 100 dating apps: How your data can be stolen
    Agostino Pellegrino | Cyber News | 23/01/2026

    A study of 100 dating apps revealed a disturbing picture: nearly 2,000 vulnerabilities were detected, 17% of which were classified as critical. The analysis was conducted by AppSec Solutions. The stud...

    MacSync: The macOS malware that empties your wallet… after weeks
    Massimiliano Brolli | Cyber News | 23/01/2026

    A new malware campaign has emerged in the macOS world, one that relies not on sophisticated exploits, but on good old-fashioned social engineering. It’s powered by the MacSync malware, distributed usi...

    PurpleBravo’s Contagious Interview: Malware Campaign Targets Global Firms
    Sandro Sana | Cyber News | 22/01/2026

    For over a year, the North Korean group PurpleBravo has been running a targeted malware campaign called “Contagious Interview,” using fake job interviews to attack companies in Europe, Asia, the Middl...

    KONNI Malware Targets Crypto Developers with AI-Powered Attacks
    Stefano Gazzella | Cyber News | 22/01/2026

    Check Point Research recently discovered a sophisticated phishing campaign orchestrated by KONNI , a threat group linked to North Korea . Historically focused on diplomatic targets in South Korea, the...

    Precedente Successivo

    Ultime news

    VoidLink Malware: Advanced Linux Framework Targets Cloud Infrastructures Cyber News

    VoidLink Malware: Advanced Linux Framework Targets Cloud Infrastructures

    Check Point researchers have discovered a new Linux infection framework distinguished by its advanced modular architecture and wide range of...
    Massimiliano Brolli - 16 January 2026
    Microsoft Ends Support for Windows Server 2008: What It Means Cyber News

    Microsoft Ends Support for Windows Server 2008: What It Means

    This week marked the end of an era: Microsoft finally ended support for Windows Server 2008 , the operating system...
    Redazione RHC - 16 January 2026
    The AI Energy Crisis: How Data Centers Are Reshaping US Power Costs Cyber News

    The AI Energy Crisis: How Data Centers Are Reshaping US Power Costs

    The accelerated growth of artificial intelligence is bringing with it an increasingly obvious consequence : rising energy demand. This issue...
    Luca Vinciguerra - 15 January 2026
    Microsoft Copilot Vulnerability Exposes User Data to Hackers Cyber News

    Microsoft Copilot Vulnerability Exposes User Data to Hackers

    A recently fixed vulnerability allowed attackers to exploit Microsoft Copilot Personal with a single click to steal sensitive user data....
    Redazione RHC - 15 January 2026
    Progress Software Patches LoadMaster, MOVEit WAF Vulnerabilities Vulnerability

    Progress Software Patches LoadMaster, MOVEit WAF Vulnerabilities

    On January 12, 2026, Progress Software Corporation released patches that address two high-severity Command Injection vulnerabilities, which could allow remote...
    Agostino Pellegrino - 15 January 2026
    Fortinet FortiSIEM Vulnerability CVE-2025-64155: Critical Security Update Cyber News

    Fortinet FortiSIEM Vulnerability CVE-2025-64155: Critical Security Update

    A critical security flaw was recently patched by Fortinet through update releases, which significantly impacted FortiSIEM . An unauthenticated attacker...
    Redazione RHC - 15 January 2026
    « Precedente   Successivo »

    Veeam Backup Vulnerability: Critical RCE Flaw Discovered – Update Now

    Backups are generally considered the last line of defense, but this week Veeam reminded us that backup systems themselves can become entry points for attacks. The company released security updates...

    - January 8th, 2026

    Share on Facebook Share on LinkedIn Share on X

    GoBruteforcer Botnet Exploits AI-Generated Server Configs, Targets Crypto

    The GoBruteforcer botnet has been discovered to be exploiting a surprisingly current weakness: the widespread reuse of AI-generated server configurations. This increasingly widespread practice is effectively leaving tens of thousands...

    - January 8th, 2026

    Share on Facebook Share on LinkedIn Share on X

    When Attack Discovery Becomes Automated, Detection Stops Scaling

    For much of the past two decades, cybersecurity has been built on a simple assumption: malicious activity can be detected, analysed, and responded to before meaningful damage occurs. This assumption...

    - January 8th, 2026

    Share on Facebook Share on LinkedIn Share on X

    VMware ESXi VM Escape Exploit: Advanced Threats Revealed

    A new report published by the Huntress Tactical Response Team documents a highly sophisticated intrusion detected in December 2025 , in which an advanced actor managed to compromise a VMware...

    - January 8th, 2026

    Share on Facebook Share on LinkedIn Share on X

    Supply Chain Security: Protect Your Business from Cyber Threats

    In an increasingly interconnected digital ecosystem, companies depend on networks of suppliers and partners to operate efficiently. However, this interdependence has transformed the supply chain into a new critical cybersecurity...

    - January 8th, 2026

    Share on Facebook Share on LinkedIn Share on X

    CVE-2026-21858: n8n Vulnerability Exposes Thousands of Servers to RCE

    The vulnerability, identified as CVE-2026-21858, which we recently reported on, affects approximately 100,000 servers worldwide, threatening to expose proprietary API keys, customer databases, and AI workflows. The vulnerability, with a...

    - January 8th, 2026

    Share on Facebook Share on LinkedIn Share on X

    Malware PHALT#BLYX Uses Social Engineering and MSBuild to Infect Systems

    A cancellation message from Booking.com with a high penalty seems like a typical business practice for hotels and apartments. But it's precisely this type of email that triggered a new...

    - January 7th, 2026

    Share on Facebook Share on LinkedIn Share on X

    Disable Windows 11 AI Features Easily with RemoveWindowsAI Tool

    A new open-source script allows Windows 11 users to widely disable the operating system's built-in artificial intelligence features . The project, developed by Zoicware , is called RemoveWindowsAI and aims...

    - January 7th, 2026

    Share on Facebook Share on LinkedIn Share on X

    DevSecOps: Integrating Security into Your Development Process

    When it comes to application security, there's rarely a single problem. It's almost always a chain of small flaws, poor decisions, and missing controls that, when added together, pave the...

    - January 7th, 2026

    Share on Facebook Share on LinkedIn Share on X

    Critical RCE Vulnerability in D-Link DSL Routers – Update Now

    A critical remote code execution (RCE) flaw in older D-Link DSL routers has been identified as CVE-2026-0625, with a CVSS v4.0 score of 9.3, indicating a high risk for users...

    - January 7th, 2026

    Share on Facebook Share on LinkedIn Share on X

    Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE

    Featured Articles

    Immagine del sitoCyber News
    And let the phishing begin! Microsoft is taking action against a zero-day exploit already exploited in Office
    Pietro Melillo - 27/01/2026

    Once again, Microsoft was forced to quickly fix some flaws. The company has released unscheduled patches for Microsoft Office, addressing a dangerous zero-day vulnerability that has already been exploited in cyberattacks. The issue, identified as…

    Immagine del sitoCyber News
    ServiceNow Under Attack: How an Email Can Open the Doors to Your Business
    Redazione RHC - 27/01/2026

    The recent discovery of a vulnerability in ServiceNow’s AI platform has shaken the cybersecurity industry. This flaw, characterized by an extremely high severity score, allowed unauthenticated attackers to impersonate any corporate user. To launch the…

    Immagine del sitoCybercrime
    149 Million Accounts Exposed: The Database No One Should Have Seen
    Redazione RHC - 26/01/2026

    A recent leak revealed 149 million logins and passwords exposed online , including accounts for financial services, social media, gaming, and dating sites. The discovery was made by researcher Jeremiah Fowler and shared with ExpressVPN.…

    Immagine del sitoCybercrime
    When Malware Hides in Videos! The PixelCode Technique Breaks the Rules
    Marcello Filacchioni - 26/01/2026

    PixelCode began as a research project exploring a hidden technique for storing binary data within images or videos . Instead of leaving a plaintext executable, the file is converted into pixel data, transforming each byte…

    Immagine del sitoCyber News
    How a simple Visual Studio Code file can become a backdoor for state-run hackers
    Redazione RHC - 26/01/2026

    Security researchers have recently observed a worrying evolution in the offensive tactics attributed to North Korean-linked actors as part of the campaign known as Contagious Interview : no longer simple fake job interview scams, but…