Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Red Hot Cyber. The Cybersecurity Blog

- July 11th, 2025 - (Posted in Cybercrime and Darknet)
In recent months, two disturbing episodes have shaken public opinion and the Italian cybersecurity sector. The first concerned an Italian hospital, violated in its most sensitive heart: videos of patients and operating rooms ended up online, exposing not only the inadequacy of protection systems, but also the vulnerability of our...

lockbit

LockBit: The Bluff of Double Extortion Against the Federal Reserve

In recent years, the cybersecurity landscape has been dominated by the growing threat posed by ransomware groups. Among these, LockBit has emerged as one of the most notorious and feared. However, a recent event has called their credibility into question:

Xehook Stealer: The Rise and Sale of a Formidable Stealer Malware

Introduction Xehook Stealer is a sophisticated malware targeting Windows operating systems, first discovered in January 2024. Within a year, Xehook has rapidly gained notoriety for its advanced data collection capabilities and support for over 110 cryptocurrencies and 2FA extensions. Starting

DataLeak Microsoft: 4GB of Microsoft PlayReady Code Made Public!

On June 11, a Microsoft engineer inadvertently made 4GB of internal code related to Microsoft PlayReady public. The information leak occurred on the Microsoft Developer Community, a forum dedicated to developers. Details of the Information Leak The leaked material included:

Linux Kernel UAF 0-day Vulnerability on sale in the Dark Web 

Recently, a security alert shaked the infosec environment: A malicious actor has announced the sale of Use After Free (UAF) 0-day vulnerability affecting the Linux Kernel on the well-known darknet forum BreachForum. The vulnerabilit permits high privileges code execution to

WordPress: Five Plugins Found with Malicious Code

On June 24, 2024, Wordfence revealed a supply chain attack on WordPress plugins, leading to the compromise of five plugins with malicious code. The affected plugins are: The malicious code aimed to create a new admin user and inject SEO

Julian Assange Free! Freedom Reclaimed After Five Years of Detention

London, June 25, 2024 – Julian Assange, the founder of WikiLeaks, was released yesterday from the maximum-security Belmarsh prison after spending 1901 days in detention. The news was announced by WikiLeaks on the social media platform X, confirming that Assange

The dark side of the Windows Command Prompt: how malicious commands can replace legitimate ones

- July 25th, 2024

If you choose to read this article, please note that it will not discuss a vulnerability or a bug, but rather an intended behavior of Windows Command Prompt which, in...

  

RHC interviews RADAR and DISPOSSESSOR: “When it comes to security, the best defense is a good offense.”

- July 25th, 2024

In our usual underground analysis activities, we came into contact with the cyber gang DISPOSSESSOR, which came to attention in February 2024 in the cyber threat landscape. Accessing their Data...

  

IntelBroker Strikes Again: Unauthorized Access to Two Major American Companies Up for Sale

- July 24th, 2024

IntelBroker strikes again, announcing the sale of unauthorized access to two major American companies, each with revenues reaching hundreds of billions. This announcement was made public through a post on...

  

Exposed the Data of 3,379 Spanish Doctors! When Fraud Becomes “On-Target”

- July 24th, 2024

Recently, a threat actor in an underground forum called Breach Forums published an alleged data breach. The post claims to have exposed the names, departments, and emails of 3,379 Spanish...

  

Sign up for the newsletter