Red Hot Cyber. The Cybersecurity Blog
Featured Articles
Users noticed that last week Microsoft developers disabled the offline activation method for Windows 11 and 10 via KMS38, which has been used by hackers around the world for years. However, the offici...
Group-IB experts presented a detailed analysis of the long-running UNC2891 campaign, which demonstrated the continuing sophistication of ATM attack schemes. Attention focused on the Raspberry Pi, whic...
Israeli company NSO Group has appealed a California federal court ruling that bars it from using WhatsApp’s infrastructure to distribute its Pegasus surveillance software. The case, which has been o...
A vulnerability, designated CVE-2025-61757, was made public by Searchlight Cyber last Thursday. Company researchers discovered the issue and notified Oracle, which led to its disclosure. Oracle fixed ...
Microsoft has disclosed a critical vulnerability in SharePoint Online (discovered by RHC through our ongoing monitoring of critical CVEs on our portal), identified as CVE‑2025‑59245 , with a CVSS ...
Gemini 3.0 Pro: What people who are trying it say
From Body to Screen: How Sexual Abuse Has Moved to the Digital World
Apache Tomcat Vulnerability: Update Now to Avoid Security Risks
Paycheck piracy is coming! And the paycheck transfer goes to criminals.
CrowdStrike: 76% of organizations struggle to combat AI attacks
Whisper 2FA: The New Phishing Tool That Steals Microsoft 365 Credentials
Gemini 3.0 Pro: What people who are trying it say
Redazione RHC - October 28th, 2025
In recent days, a select few users have reported having access to the new Gemini 3.0 Pro model. Initial impressions suggest a significant improvement over the previous generation, so much...
From Body to Screen: How Sexual Abuse Has Moved to the Digital World
Paolo Galdieri - October 28th, 2025
This is the second in a series of articles analyzing gender-based violence in the digital context, in anticipation of November 25th, the International Day for the Elimination of Violence against...
Apache Tomcat Vulnerability: Update Now to Avoid Security Risks
Redazione RHC - October 28th, 2025
Many web applications rely on Apache Tomcat, a widely used open-source Java servlet container. On October 27, 2025, Apache disclosed two vulnerabilities: CVE-2025-55752 and CVE-2025-55754, affecting several versions of Tomcat....
Paycheck piracy is coming! And the paycheck transfer goes to criminals.
Redazione RHC - October 28th, 2025
According to a new report from Microsoft Threat Intelligence , the financially motivated Storm-2657 group is conducting large-scale attacks against universities and businesses , using stolen employee accounts to redirect...
CrowdStrike: 76% of organizations struggle to combat AI attacks
Redazione RHC - October 28th, 2025
Enterprises are lagging behind in ransomware preparedness as adversaries use AI across the attack chain to accelerate intrusion, encryption and extortion. Milan – October 27, 2025 – According to CrowdStrike...
Whisper 2FA: The New Phishing Tool That Steals Microsoft 365 Credentials
Redazione RHC - October 27th, 2025
According to new research from Barracuda Networks , a particularly insidious and persistent new Phishing-as-a-Service (PhaaS) kit is stealing credentials and authentication tokens from Microsoft 365 users. Barracuda experts have...
Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE