HackMag – Page 2 – Tech magazine for cybersecurity specialists

MikroTik Nightmare. Pentesting MikroTik network equipment

Date: 09/04/2025

Author: Caster

This article discusses the security of MikroTik equipment from the attacker’s perspective. Being very popular, MikroTik products are often attacked by hackers. The primary focus of this research is post-exploitation. Also, I will touch on issues plaguing RouterOS defense mechanisms that are exploited by malefactors.

Read full article →

Website of Everest ransomware group hacked and defaced

📟 News

Date: 08/04/2025

Author: HackMag

Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: “Don’t do crime CRIME IS BAD xoxo from Prague.”

Read full article →

Critical RCE vulnerability discovered in Apache Parquet

📟 News

Date: 07/04/2025

Author: HackMag

All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out of 10.

Read full article →

Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched

📟 News

Date: 04/04/2025

Author: Lev Emeliyanov

Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images and even inject malicious code into them.

Read full article →

Custom fabrication. Reversing D-Link router firmware

Date: 02/04/2025

Author: 41exey

When you create custom firmware for routers, you often have to forge the signature so that your handmade microcode can be flushed using the stock web interface. To forge a signature, you must be familiar with the image validation procedure in the stock firmware. To get a general idea of this process, let’s reverse firmware embedded into the D-Link DIR-806A B1 router and find out how signature validation is implemented in it.

Read full article →

Hackers abuse MU plugins to inject malicious payloads to WordPress

📟 News

Date: 01/04/2025

Author: HackMag

According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected.

Read full article →

Save me. How to protect networks against spoofing attacks

Date: 31/03/2025

Author: Caster

Spoofing attacks are simple to deliver, and their impact is gross. This article discusses such attacks from the security perspective. The main challenge is to intelligently integrate network security solutions with production without disrupting business processes. Such integration requires a good understanding of the network and equipment specifics. In fact, this is the cornerstone of success.

Read full article →