HackMag – Tech magazine for cybersecurity specialists

Caster Remix. Windows post-exploitation with virtual MikroTik

Date: 21/03/2025

Author: Caster

Recently I discovered a new way to implement L2 tunneling against Windows networks. Inspired by the spying penguin concept, I am going to demonstrate a fresh approach to Windows post-exploitation involving a MikroTik Cloud Hosted Router (CHR) that enables you to perform pivoting and provides L2 access to the target network.

Read full article →

8,000 vulnerabilities identified in WordPress ecosystem in 2024

📟 News

Date: 20/03/2025

Author: HackMag

According to Patchstack, world’s #1 WordPress vulnerability intelligence provider, 7,966 new vulnerabilities were identified in the WordPress ecosystem in 2024; most of these bugs affected plugins and themes.

Read full article →

Black Basta ransomware group developed its own automated brute-forcing framework

📟 News

Date: 18/03/2025

Author: HackMag

According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It’s used to hack edge network devices (e.g. firewalls and VPN).

Read full article →

ADS-B Spoofing

Date: 17/03/2025

Author: qeewqq

Modern aircraft continuously transmit telemetry to each other using the ADS-B protocol. In this article, I will explain how to create your own imaginary plane and demonstrate how data transmission works. Important: all actions described below will be performed in strict compliance with the respective laws and safety regulations.

Read full article →

Researchers force DeepSeek to write malware

📟 News

Date: 16/03/2025

Author: HackMag

According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware).

Read full article →

JavaScript al dente. Fuzzing JS engines with Fuzzilli

Date: 14/03/2025

Author: sploitem

Hey guys! Today, pasta is on the menu! You will learn how to identify vulnerabilities in JavaScript engines using the Fuzzilli fuzzer. After a brief theoretical introduction, you’ll jump directly to practice. Let’s assemble the required tools and start fuzzing.

Read full article →

Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies

📟 News

Date: 12/03/2025

Author: HackMag

GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024.

Read full article →