Red Hot Cyber. The Cybersecurity Blog

LockBit: The Bluff of Double Extortion Against the Federal Reserve
In recent years, the cybersecurity landscape has been dominated by the growing threat posed by ransomware groups. Among these, LockBit has emerged as one of the most notorious and feared. However, a recent event has called their credibility into question:

Xehook Stealer: The Rise and Sale of a Formidable Stealer Malware
Introduction Xehook Stealer is a sophisticated malware targeting Windows operating systems, first discovered in January 2024. Within a year, Xehook has rapidly gained notoriety for its advanced data collection capabilities and support for over 110 cryptocurrencies and 2FA extensions. Starting

DataLeak Microsoft: 4GB of Microsoft PlayReady Code Made Public!
On June 11, a Microsoft engineer inadvertently made 4GB of internal code related to Microsoft PlayReady public. The information leak occurred on the Microsoft Developer Community, a forum dedicated to developers. Details of the Information Leak The leaked material included:

Linux Kernel UAF 0-day Vulnerability on sale in the Dark Web
Recently, a security alert shaked the infosec environment: A malicious actor has announced the sale of Use After Free (UAF) 0-day vulnerability affecting the Linux Kernel on the well-known darknet forum BreachForum. The vulnerabilit permits high privileges code execution to

WordPress: Five Plugins Found with Malicious Code
On June 24, 2024, Wordfence revealed a supply chain attack on WordPress plugins, leading to the compromise of five plugins with malicious code. The affected plugins are: The malicious code aimed to create a new admin user and inject SEO

Julian Assange Free! Freedom Reclaimed After Five Years of Detention
London, June 25, 2024 – Julian Assange, the founder of WikiLeaks, was released yesterday from the maximum-security Belmarsh prison after spending 1901 days in detention. The news was announced by WikiLeaks on the social media platform X, confirming that Assange

The dark side of the Windows Command Prompt: how malicious commands can replace legitimate ones
Carlo Di Dato - July 25th, 2024
If you choose to read this article, please note that it will not discuss a vulnerability or a bug, but rather an intended behavior of Windows Command Prompt which, in...

RHC interviews RADAR and DISPOSSESSOR: “When it comes to security, the best defense is a good offense.”
RHC Dark Lab - July 25th, 2024
In our usual underground analysis activities, we came into contact with the cyber gang DISPOSSESSOR, which came to attention in February 2024 in the cyber threat landscape. Accessing their Data...

IntelBroker Strikes Again: Unauthorized Access to Two Major American Companies Up for Sale
Raffaela Crisci - July 24th, 2024
IntelBroker strikes again, announcing the sale of unauthorized access to two major American companies, each with revenues reaching hundreds of billions. This announcement was made public through a post on...

Exposed the Data of 3,379 Spanish Doctors! When Fraud Becomes “On-Target”
Redazione RHC - July 24th, 2024
Recently, a threat actor in an underground forum called Breach Forums published an alleged data breach. The post claims to have exposed the names, departments, and emails of 3,379 Spanish...
Sign up for the newsletter