HackMag – Tech magazine for cybersecurity specialists

Hackers abuse MU plugins to inject malicious payloads to WordPress

📟 News

Date: 01/04/2025

Author: HackMag

According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected.

Read full article →

Save me. How to protect networks against spoofing attacks

Date: 31/03/2025

Author: Caster

Spoofing attacks are simple to deliver, and their impact is gross. This article discusses such attacks from the security perspective. The main challenge is to intelligently integrate network security solutions with production without disrupting business processes. Such integration requires a good understanding of the network and equipment specifics. In fact, this is the cornerstone of success.

Read full article →

Zero-day vulnerability in Windows results in NTLM hash leaks

📟 News

Date: 28/03/2025

Author: HackMag

Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows Explorer.

Read full article →

Cloudflare to block all unencrypted traffic to its APIs

📟 News

Date: 26/03/2025

Author: HackMag

According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed.

Read full article →

Serpent anatomy: Dissecting and reversing PyInstaller

Date: 25/03/2025

Author: JaboHack

Humanity has created a whole bestiary of scripting languages with low learning curves in an attempt to make the IT world accessible to ~~imbeciles~~ newbies who have completed a month-long course. Without question, Python is currently the king of beasts in this bestiary. The creeping reptile has entangled the entire IT industry with its rings so much that even a neural network cannot be trained without it. If so, time has come to dissect the serpent and look at its insides. Let’s start with a technology called PyInstaller.

Read full article →

Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud

📟 News

Date: 24/03/2025

Author: HackMag

Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company’s cloud will no longer be supported.

Read full article →

Caster Remix. Windows post-exploitation with virtual MikroTik

Date: 21/03/2025

Author: Caster

Recently I discovered a new way to implement L2 tunneling against Windows networks. Inspired by the spying penguin concept, I am going to demonstrate a fresh approach to Windows post-exploitation involving a MikroTik Cloud Hosted Router (CHR) that enables you to perform pivoting and provides L2 access to the target network.

Read full article →