Red Hot Cyber. The Cybersecurity Blog
Featured Articles
Users noticed that last week Microsoft developers disabled the offline activation method for Windows 11 and 10 via KMS38, which has been used by hackers around the world for years. However, the offici...
Group-IB experts presented a detailed analysis of the long-running UNC2891 campaign, which demonstrated the continuing sophistication of ATM attack schemes. Attention focused on the Raspberry Pi, whic...
Israeli company NSO Group has appealed a California federal court ruling that bars it from using WhatsApp’s infrastructure to distribute its Pegasus surveillance software. The case, which has been o...
A vulnerability, designated CVE-2025-61757, was made public by Searchlight Cyber last Thursday. Company researchers discovered the issue and notified Oracle, which led to its disclosure. Oracle fixed ...
Microsoft has disclosed a critical vulnerability in SharePoint Online (discovered by RHC through our ongoing monitoring of critical CVEs on our portal), identified as CVE‑2025‑59245 , with a CVSS ...
100 Infostealer packages uploaded to NPM using AI hallucinations
Atroposia: The MaaS platform that provides a Trojan with a vulnerability scanner
0day as weapons: sold 8 US defense 0day exploits to Moscow
Critical vulnerability in Blink: a website can block all Chromium-based browsers
Trump-Xi Summit: A Truce That Doesn’t Benefit Europe
Cloud yes or Cloud no: When the Digital Sky Darkens
100 Infostealer packages uploaded to NPM using AI hallucinations
Redazione RHC - October 30th, 2025
Since August 2024, the PhantomRaven campaign has uploaded 126 malicious packages to npm, which have been downloaded a total of over 86,000 times . The campaign was discovered by Koi...
Atroposia: The MaaS platform that provides a Trojan with a vulnerability scanner
Redazione RHC - October 30th, 2025
Varonis researchers have discovered the Atroposia MaaS (malware-as-a-service) platform. For $200 a month, its customers receive a remote access Trojan with extensive functionality, including remote desktop, file system management, information...
0day as weapons: sold 8 US defense 0day exploits to Moscow
Redazione RHC - October 30th, 2025
Peter Williams, a former employee of the defense contractor, pleaded guilty in US federal court to two counts of theft of trade secrets, admitting to selling eight zero-day vulnerabilities to...
Critical vulnerability in Blink: a website can block all Chromium-based browsers
Redazione RHC - October 30th, 2025
Researcher José Pino has presented a proof-of-concept vulnerability in the Blink rendering engine used in Chromium -based browsers, demonstrating how a single web page can crash many popular browsers and...
Trump-Xi Summit: A Truce That Doesn’t Benefit Europe
Redazione RHC - October 30th, 2025
After years of tensions, tariffs, mutual accusations, and trade wars that have shattered the global balance of power, the long-awaited meeting between Donald Trump and Xi Jinping has finally taken...
Cloud yes or Cloud no: When the Digital Sky Darkens
Redazione RHC - October 30th, 2025
The outage of Microsoft's cloud services, which occurred just hours before the release of its quarterly results, is just the latest in a long series of outages that are exposing...
Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE