HackMag – Tech magazine for cybersecurity specialists

Cloudflare to block all unencrypted traffic to its APIs

📟 News

Date: 26/03/2025

Author: HackMag

According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed.

Read full article →

Serpent anatomy: Dissecting and reversing PyInstaller

Date: 25/03/2025

Author: JaboHack

Humanity has created a whole bestiary of scripting languages with low learning curves in an attempt to make the IT world accessible to ~~imbeciles~~ newbies who have completed a month-long course. Without question, Python is currently the king of beasts in this bestiary. The creeping reptile has entangled the entire IT industry with its rings so much that even a neural network cannot be trained without it. If so, time has come to dissect the serpent and look at its insides. Let’s start with a technology called PyInstaller.

Read full article →

Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud

📟 News

Date: 24/03/2025

Author: HackMag

Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company’s cloud will no longer be supported.

Read full article →

Caster Remix. Windows post-exploitation with virtual MikroTik

Date: 21/03/2025

Author: Caster

Recently I discovered a new way to implement L2 tunneling against Windows networks. Inspired by the spying penguin concept, I am going to demonstrate a fresh approach to Windows post-exploitation involving a MikroTik Cloud Hosted Router (CHR) that enables you to perform pivoting and provides L2 access to the target network.

Read full article →

8,000 vulnerabilities identified in WordPress ecosystem in 2024

📟 News

Date: 20/03/2025

Author: HackMag

According to Patchstack, world’s #1 WordPress vulnerability intelligence provider, 7,966 new vulnerabilities were identified in the WordPress ecosystem in 2024; most of these bugs affected plugins and themes.

Read full article →

Black Basta ransomware group developed its own automated brute-forcing framework

📟 News

Date: 18/03/2025

Author: HackMag

According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It’s used to hack edge network devices (e.g. firewalls and VPN).

Read full article →

ADS-B Spoofing

Date: 17/03/2025

Author: qeewqq

Modern aircraft continuously transmit telemetry to each other using the ADS-B protocol. In this article, I will explain how to create your own imaginary plane and demonstrate how data transmission works. Important: all actions described below will be performed in strict compliance with the respective laws and safety regulations.

Read full article →