Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Redhotcyber Banner Sito 320x100px Uscita 101125
Cyber Offensive Fundamentals 970x120 1

Red Hot Cyber. The Cybersecurity Blog

Undertow Vulnerability CVE-2025-12543 Exposes Java Ecosystem to Critical Security Risks
Iran Protests Escalate as Reza Pahlavi Calls for Action Against Government
Veeam Backup Vulnerability: Critical RCE Flaw Discovered – Update Now
When Attack Discovery Becomes Automated, Detection Stops Scaling
CVE-2026-21858: n8n Vulnerability Exposes Thousands of Servers to RCE
Disable Windows 11 AI Features Easily with RemoveWindowsAI Tool
DevSecOps: Integrating Security into Your Development Process
WhatsApp Device Fingerprinting: New Measures Against Privacy Threats
PS5 BootROM Key Leaked, Sony’s Security Compromised
Windows 11 Performance Test: Surprising Results with Windows 8.1
Previous Next

Ultime news

Microsoft Boosts BitLocker with Hardware Acceleration for Enhanced Security Cybercrime

Microsoft Boosts BitLocker with Hardware Acceleration for Enhanced Security

Over the years, Microsoft has strived to keep BitLocker's performance impact within reasonable limits, historically below double digits. The goal...
Redazione RHC - 25 December 2025
DriverFixer0428: macOS Credential Stealer Linked to North Korea Cybercrime

DriverFixer0428: macOS Credential Stealer Linked to North Korea

A thorough static and dynamic analysis has led to the identification of a macOS malware called DriverFixer0428 , classified as...
Redazione RHC - 25 December 2025
A $500 Tool Claims to Kill EDRs at Kernel Level: Inside the NtKiller Underground Ad Cybercrime

A $500 Tool Claims to Kill EDRs at Kernel Level: Inside the NtKiller Underground Ad

An ad has surfaced on a closed underground forum frequented by malware operators and initial access brokers, attracting the attention...
Redazione RHC - 25 December 2025
Webrat Malware Targets Security Researchers with GitHub Exploit Traps Cybercrime

Webrat Malware Targets Security Researchers with GitHub Exploit Traps

There's a specific moment, almost always at night, when curiosity overtakes caution. A newly opened repository, few stars but a...
Redazione RHC - 24 December 2025
Nezha Malware: Abusing Legitimate Tools for Remote Access Cybercrime

Nezha Malware: Abusing Legitimate Tools for Remote Access

There comes a moment, often too late, when you realize the problem didn't come from forcing the door, but from...
Redazione RHC - 24 December 2025
Massive Cloud Cyberespionage: PCPcat Hits 59,128 Servers in 48 Hours Cybercrime

Massive Cloud Cyberespionage: PCPcat Hits 59,128 Servers in 48 Hours

A large-scale, highly automated cyberespionage campaign is systematically targeting the cloud infrastructure that supports numerous modern web applications. In less...
Redazione RHC - 24 December 2025
« Precedente   Successivo »

The Psychology of Passwords: Why Weak Passwords Persist

- December 17th, 2025

The psychology of passwords starts right here: trying to understand people before systems. Welcome to "The Mind Behind Passwords," the column that looks at cybersecurity. From a different perspective: that...
Share on Facebook Share on LinkedIn Share on X

Russian Cyber Operations Shift to Targeting Western Critical Infrastructure

- December 17th, 2025

New details emerge from an Amazon Threat Intelligence report that highlight an alarming shift in Russian government-backed cyber operations. High-level 0-day exploits, often attributed to state-sponsored actors, have seen a...
Share on Facebook Share on LinkedIn Share on X

Google Chrome Security Update Fixes Critical Vulnerabilities

- December 17th, 2025

A significant security update has been released by Google for the stable desktop channel, which addresses two very serious vulnerabilities that could expose users to potential memory leak attacks. As...
Share on Facebook Share on LinkedIn Share on X

Spiderman Phishing Kit Targets European Banks and Crypto Users

- December 17th, 2025

Varonis researchers have discovered a new PhaaS platform, called Spiderman, that targets users of European banks and cryptocurrency services. Attackers use the service to create copies of legitimate websites to...
Share on Facebook Share on LinkedIn Share on X

AI Smart Glasses for Police: Efficient Vehicle Checks in China

- December 17th, 2025

The Changsha traffic police have begun using AI-powered smart glasses in their daily patrols. This was confirmed by the city's Public Security Bureau , which has already distributed the new...
Share on Facebook Share on LinkedIn Share on X

Notepad++ 8.8.9 Released: Fixing Critical Update Vulnerability

- December 16th, 2025

A new version, 8.8.9, of the popular text editor Notepad++, has been released by its developers, fixing a flaw in the automatic update system . This issue came to light...
Share on Facebook Share on LinkedIn Share on X

Salt Typhoon Hackers Exposed: Cisco Training Led to Global Telecom Breaches

- December 16th, 2025

A recent study by SentinelLabs sheds new light on the roots of the hacker group known as “Salt Typhoon ,” which carried out one of the most audacious espionage operations...
Share on Facebook Share on LinkedIn Share on X

Critical Red Hat OpenShift GitOps Vulnerability Exposed

- December 16th, 2025

A critical flaw has been discovered in Red Hat OpenShift GitOps, putting Kubernetes clusters at risk by allowing users with reduced permissions to gain full control of them. OpenShift GitOps...
Share on Facebook Share on LinkedIn Share on X

FortiGate Vulnerability Exploited: Update Now to Prevent SSO Attacks

- December 16th, 2025

Threat actors began actively exploiting the high-severity vulnerabilities shortly after the vendor disclosed them to bypass authentication on FortiGate devices. A recent report from Arctic Wolf reveals that, as of...
Share on Facebook Share on LinkedIn Share on X

Shannon: Autonomous Penetration Testing with AI

- December 15th, 2025

Shannon acts as a penetration tester who doesn't just report vulnerabilities, but launches actual exploits. Shannon's goal is to breach your web application's security before anyone with malicious intent can....
Share on Facebook Share on LinkedIn Share on X

Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE

Featured Articles

Immagine del sitoCybercrime
Undertow Vulnerability CVE-2025-12543 Exposes Java Ecosystem to Critical Security Risks
Redazione RHC - 09/01/2026

A flaw has been discovered in the foundation of the Java web ecosystem. Undertow , the high-performance web server that powers enterprise heavyweights like WildFly and JBoss EAP , has been hit by a critical…

Immagine del sitoCybercrime
Iran Protests Escalate as Reza Pahlavi Calls for Action Against Government
Redazione RHC - 09/01/2026

Iranian protesters chanted and marched through the streets until Friday morning, following a call from exiled former Prince Reza Pahlavi to demonstrate, despite the Iranian theocracy cutting off the country from the internet and international…

Immagine del sitoCybercrime
Veeam Backup Vulnerability: Critical RCE Flaw Discovered – Update Now
Redazione RHC - 08/01/2026

Backups are generally considered the last line of defense, but this week Veeam reminded us that backup systems themselves can become entry points for attacks. The company released security updates for Backup & Replication ,…

Immagine del sitoCybercrime
When Attack Discovery Becomes Automated, Detection Stops Scaling
Alexander Rogan - 08/01/2026

For much of the past two decades, cybersecurity has been built on a simple assumption: malicious activity can be detected, analysed, and responded to before meaningful damage occurs. This assumption shaped everything from SOC design…

Immagine del sitoCybercrime
CVE-2026-21858: n8n Vulnerability Exposes Thousands of Servers to RCE
Redazione RHC - 08/01/2026

The vulnerability, identified as CVE-2026-21858, which we recently reported on, affects approximately 100,000 servers worldwide, threatening to expose proprietary API keys, customer databases, and AI workflows. The vulnerability, with a CVSS score of 10, has…