Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Cyber Offensive Fundamentals 320x200 V0.1
HackTheBox 970x120 1

Red Hot Cyber. The Cybersecurity Blog

Previous Next

Ultime news

Passwordless Authentication: The Future of Secure Online Access Cybercrime

Passwordless Authentication: The Future of Secure Online Access

Using passwords to access online accounts is no longer as secure as it once was. In fact, passwords are now...
Redazione RHC - 9 December 2025
Critical PromptPwnd Vulnerability Exposes AI-Powered GitLab, GitHub Pipelines Cybercrime

Critical PromptPwnd Vulnerability Exposes AI-Powered GitLab, GitHub Pipelines

A critical vulnerability, identified as "PromptPwnd," affects AI agents that are integrated into the GitLab CI/CD and GitHub Actions pipelines....
Redazione RHC - 9 December 2025
LLM-Powered Malware: The Future of Autonomous Cyber Threats Cybercrime

LLM-Powered Malware: The Future of Autonomous Cyber Threats

Researchers at Netskope Threat Labs have just published a new analysis on the possibility of creating autonomous malware built exclusively...
Redazione RHC - 9 December 2025
Intellexa Exploits Zero-Day Vulnerabilities with Spyware Cybercrime

Intellexa Exploits Zero-Day Vulnerabilities with Spyware

Despite significant geopolitical challenges, the mercenary spyware industry remains a resilient and persistent threat; in this context, the well-known vendor...
Redazione RHC - 8 December 2025
Malaysia Cracks Down on Bitcoin Mining Thefts Cybercrime

Malaysia Cracks Down on Bitcoin Mining Thefts

Thieves usually target tangible assets: cash or non-cash, jewelry, cars. But with cryptocurrencies, things are much stranger. Malaysian police are...
Redazione RHC - 8 December 2025
Australia Bans Social Media for Under 16s: What You Need to Know Cybercrime

Australia Bans Social Media for Under 16s: What You Need to Know

Australia is soon to introduce groundbreaking legislation banning social media access for children under 16, an initiative that will set...
Redazione RHC - 8 December 2025

“We Want to Hack You Again!” NSO Group Rejects WhatsApp’s Pegasus Lawsuit

Israeli company NSO Group has appealed a California federal court ruling that bars it from using WhatsApp's infrastructure to distribute its Pegasus surveillance software. The case, which has been ongoing...
Share on Facebook Share on LinkedIn Share on X

Oracle under attack: Pre-auth RCE vulnerability discovered that compromises entire systems

A vulnerability, designated CVE-2025-61757, was made public by Searchlight Cyber last Thursday. Company researchers discovered the issue and notified Oracle, which led to its disclosure. Oracle fixed CVE-2025-61757 with the...
Share on Facebook Share on LinkedIn Share on X

CrowdStrike Insider Fired for Providing Sensitive Data to Criminal Hackers

In recent months, the insider problem has become increasingly important for large companies , and one recent episode involved CrowdStrike. The cybersecurity firm has in fact removed an employee believed...
Share on Facebook Share on LinkedIn Share on X

Sysmon will finally be integrated into Windows 11 and Windows Server 2025 in 2026

Microsoft has announced that it will integrate the popular Sysmon tool directly into Windows 11 and Windows Server 2025 in 2026. The announcement was made by Sysinternals creator Mark Russinovich....
Share on Facebook Share on LinkedIn Share on X

Sneaky2FA: The phishing scam that steals credentials with browser-in-the-browser attacks

Push Security specialists have noticed that the Sneaky2FA phishing platform now supports browser-in-the-browser attacks, which allow the creation of fake login windows and the theft of credentials and sessions. Sneaky2FA...
Share on Facebook Share on LinkedIn Share on X

TamperedChef: Malware via Fake App Installers

The large-scale TamperedChef campaign is once again attracting the attention of specialists, as attackers continue to distribute malware via fake installers of popular applications. This scam, disguised as legitimate software,...
Share on Facebook Share on LinkedIn Share on X

Whoever took down Cloudflare during the outage put their infrastructure at risk

A major outage in Cloudflare's infrastructure has unexpectedly tested the robustness of the cloud and its security systems for many businesses. On November 18, service outages caused websites around the...
Share on Facebook Share on LinkedIn Share on X

Critical Vulnerability in Azure Bastion Scores 10! When RDP and SSH in the Cloud Are Checkmated

An authentication bypass vulnerability has been discovered in Azure Bastion , Microsoft's managed service that enables secure RDP and SSH connections to virtual machines in Azure without directly exposing them...
Share on Facebook Share on LinkedIn Share on X

Risk averted for millions of Microsoft users! The critical vulnerability in Microsoft SharePoint 9.8

Microsoft has disclosed a critical vulnerability in SharePoint Online (discovered by RHC through our ongoing monitoring of critical CVEs on our portal), identified as CVE‑2025‑59245 , with a CVSS v3.1...
Share on Facebook Share on LinkedIn Share on X

Sturnus, the banking Trojan that intercepts WhatsApp, Telegram, and Signal messages

ThreatFabric specialists have discovered a new banking Trojan, Sturnus . The malware is capable of intercepting messages from end-to-end encrypted messaging apps (Signal, WhatsApp, Telegram) and gaining full control over...
Share on Facebook Share on LinkedIn Share on X

Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE

Featured Articles

Immagine del sitoCybercrime
Undertow Vulnerability CVE-2025-12543 Exposes Java Ecosystem to Critical Security Risks
Redazione RHC - 09/01/2026

A flaw has been discovered in the foundation of the Java web ecosystem. Undertow , the high-performance web server that powers enterprise heavyweights like WildFly and JBoss EAP , has been hit by a critical…

Immagine del sitoCybercrime
Iran Protests Escalate as Reza Pahlavi Calls for Action Against Government
Redazione RHC - 09/01/2026

Iranian protesters chanted and marched through the streets until Friday morning, following a call from exiled former Prince Reza Pahlavi to demonstrate, despite the Iranian theocracy cutting off the country from the internet and international…

Immagine del sitoCybercrime
Veeam Backup Vulnerability: Critical RCE Flaw Discovered – Update Now
Redazione RHC - 08/01/2026

Backups are generally considered the last line of defense, but this week Veeam reminded us that backup systems themselves can become entry points for attacks. The company released security updates for Backup & Replication ,…

Immagine del sitoCybercrime
When Attack Discovery Becomes Automated, Detection Stops Scaling
Alexander Rogan - 08/01/2026

For much of the past two decades, cybersecurity has been built on a simple assumption: malicious activity can be detected, analysed, and responded to before meaningful damage occurs. This assumption shaped everything from SOC design…

Immagine del sitoCybercrime
CVE-2026-21858: n8n Vulnerability Exposes Thousands of Servers to RCE
Redazione RHC - 08/01/2026

The vulnerability, identified as CVE-2026-21858, which we recently reported on, affects approximately 100,000 servers worldwide, threatening to expose proprietary API keys, customer databases, and AI workflows. The vulnerability, with a CVSS score of 10, has…