Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Fortinet 320x100px
Fortinet 970x120px

Red Hot Cyber. The Cybersecurity Blog

OpenAI Hiring Chief Security Officer to Mitigate AI Risks
Apple Supply Chain Hit by Cyberattack: Sensitive Data at Risk
Browser-in-the-Browser Phishing Attack: How to Protect Yourself
Critical WebKit Vulnerability Exposes iOS Devices to Code Execution
Xspeeder Devices Hit by AI-Discovered Zero-Day Vulnerability CVE-2025-54322
Job Scams on Social Media: How to Avoid Fake Remote Job Offers
Cyber Criminals Recruit Insiders: Companies at Risk of Internal Threats
Villager Framework: AI-Powered Penetration Testing Tool
A $500 Tool Claims to Kill EDRs at Kernel Level: Inside the NtKiller Underground Ad
Webrat Malware Targets Security Researchers with GitHub Exploit Traps
Previous Next

Ultime news

CrowdStrike Insider Fired for Providing Sensitive Data to Criminal Hackers Cybercrime

CrowdStrike Insider Fired for Providing Sensitive Data to Criminal Hackers

In recent months, the insider problem has become increasingly important for large companies , and one recent episode involved CrowdStrike....
Redazione RHC - 22 November 2025
Sysmon will finally be integrated into Windows 11 and Windows Server 2025 in 2026 Cybercrime

Sysmon will finally be integrated into Windows 11 and Windows Server 2025 in 2026

Microsoft has announced that it will integrate the popular Sysmon tool directly into Windows 11 and Windows Server 2025 in...
Redazione RHC - 22 November 2025
Sneaky2FA: The phishing scam that steals credentials with browser-in-the-browser attacks Cybercrime

Sneaky2FA: The phishing scam that steals credentials with browser-in-the-browser attacks

Push Security specialists have noticed that the Sneaky2FA phishing platform now supports browser-in-the-browser attacks, which allow the creation of fake...
Redazione RHC - 22 November 2025
TamperedChef: Malware via Fake App Installers Cybercrime

TamperedChef: Malware via Fake App Installers

The large-scale TamperedChef campaign is once again attracting the attention of specialists, as attackers continue to distribute malware via fake...
Redazione RHC - 21 November 2025
Whoever took down Cloudflare during the outage put their infrastructure at risk Culture

Whoever took down Cloudflare during the outage put their infrastructure at risk

A major outage in Cloudflare's infrastructure has unexpectedly tested the robustness of the cloud and its security systems for many...
Redazione RHC - 21 November 2025
Critical Vulnerability in Azure Bastion Scores 10! When RDP and SSH in the Cloud Are Checkmated Cybercrime

Critical Vulnerability in Azure Bastion Scores 10! When RDP and SSH in the Cloud Are Checkmated

An authentication bypass vulnerability has been discovered in Azure Bastion , Microsoft's managed service that enables secure RDP and SSH...
Redazione RHC - 21 November 2025
« Precedente   Successivo »

Undersea Cables, the New Hybrid War: Jaroslav Nad’s Alarm

- November 6th, 2025

Taiwan is critically dependent on its undersea infrastructure, which is essential for communications and power supply . In recent years, however, there have been a series of incidents of damage...
Share on Facebook Share on LinkedIn Share on X

Apache OpenOffice under ransomware attack, but the foundation disputes

- November 6th, 2025

The Apache OpenOffice project has come under scrutiny after the Akira ransomware group claimed to have carried out a cyberattack and stolen 23 gigabytes of internal data. However, the organization...
Share on Facebook Share on LinkedIn Share on X

Microsoft Exchange Server Penetration Testing: Techniques, Tools, and Countermeasures

- November 6th, 2025

Often, during penetration testing, we find ourselves with elevated access (Domain Admin) within an organization. Some companies stop there, thinking that obtaining Domain Admin is the ultimate goal. But it's...
Share on Facebook Share on LinkedIn Share on X

Notepad++ under attack! How a fake DLL opens the door to criminal hackers

- November 6th, 2025

A new vulnerability affecting Notepad++ was released in September. The vulnerability has been identified as CVE-2025-56383, and details can be found on the NIST website. CVE-2025-56383 is a DLL hijacking...
Share on Facebook Share on LinkedIn Share on X

Microsoft warns: Security updates cause problems with BitLocker

- November 5th, 2025

Microsoft has issued an urgent warning to Windows operating system users regarding a potential issue that, starting with security updates distributed on October 14, 2025, could cause some devices to...
Share on Facebook Share on LinkedIn Share on X

A dangerous zero-day zero-click exploit threatens billions of Android devices

- November 5th, 2025

Google has issued an urgent advisory regarding a critical vulnerability in Android that allows attackers to execute arbitrary code on the device without any user interaction. The Zero Click vulnerability...
Share on Facebook Share on LinkedIn Share on X

Is the era of paywalls over? Smart browsers circumvent them, and controlling them is very difficult

- November 5th, 2025

How can publishers protect themselves from AI-powered "smart" browsers if they look like ordinary users? The emergence of new AI-powered "smart" browsers is challenging traditional methods of protecting online content....
Share on Facebook Share on LinkedIn Share on X

Danger for OneDrive users: Infected DLLs hide in shared files

- November 5th, 2025

Attackers are using an advanced technique involving sideloading DLLs via the Microsoft OneDrive application. This allows them to execute malicious code undetected by security mechanisms. The attack uses a modified...
Share on Facebook Share on LinkedIn Share on X

ArXiv blocks articles generated by AI

- November 5th, 2025

arXiv, one of the most important repositories of scientific preprints , has revealed some disturbing facts following growing concerns in the scientific community regarding the uncontrolled use of generative artificial...
Share on Facebook Share on LinkedIn Share on X

CISA Warns! New Bugs in Gladinet, Control Web Panel, and WordPress Expose Systems

- November 5th, 2025

Two vulnerabilities related to Gladinet and Control Web Panel (CWP) have been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) catalog of known exploited vulnerabilities (KEVs), due to...
Share on Facebook Share on LinkedIn Share on X

Discover the latest critical CVEs issued and stay updated on the most recent vulnerabilities. Or search for a specific CVE

Featured Articles

Immagine del sitoCybercrime
OpenAI Hiring Chief Security Officer to Mitigate AI Risks
Redazione RHC - 30/12/2025

OpenAI, the developer of ChatGPT, has announced the search for a new Chief Security Officer . The position, with an annual salary of $555,000, will be directly responsible for mitigating risks associated with artificial intelligence…

Immagine del sitoCybercrime
Apple Supply Chain Hit by Cyberattack: Sensitive Data at Risk
Redazione RHC - 30/12/2025

During the first half of December, a Chinese company assembling devices for Apple was hit by an advanced cyberattack that may have exposed sensitive information related to a production line. The incident was reported by…

Immagine del sitoCybercrime
Browser-in-the-Browser Phishing Attack: How to Protect Yourself
Manuel Roccon - 29/12/2025

This article analyzes a recent and sophisticated phishing campaign that uses the Browser-in-the-Browser (BitB) technique to steal credentials, particularly those from services like Microsoft 365. The BitB attack is notable for its ability to generate…

Immagine del sitoCybercrime
Critical WebKit Vulnerability Exposes iOS Devices to Code Execution
Redazione RHC - 29/12/2025

A new report details a critical vulnerability discovered by security researcher Joseph Goydish in Apple’s WebKit engine. This security flaw, if exploited in conjunction with other exploits, could allow attackers to execute arbitrary code on…

Immagine del sitoCybercrime
Xspeeder Devices Hit by AI-Discovered Zero-Day Vulnerability CVE-2025-54322
Redazione RHC - 29/12/2025

When it comes to cybersecurity, it’s easy to fall into the trap of thinking that problems are always far away, that they only affect others. But the reality is that a vulnerability is always around…