HackMag – Page 39 – Tech magazine for cybersecurity specialists

Hackers exploit authentication bypass bug in OttoKit WordPress plugin

📟 News

Date: 15/04/2025

Author: HackMag

Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just hours after the bug disclosure.

Read full article →

NFC from a hacker’s perspective. Attacking Mifare-based PACS

Date: 14/04/2025

Author: Thund3rb0lt

At some point, simple identifiers cannot ensure proper access control anymore, and consumers switch to a more advanced solution: Mifare. But are Mifare-based devices actually as secure as the manufacturer claims? Let’s figure it out!

Read full article →

Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems

📟 News

Date: 12/04/2025

Author: HackMag

The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had access to sensitive financial watchdog data for more than a year.

Read full article →

April updates released by Microsoft cause issues with Windows Hello

📟 News

Date: 10/04/2025

Author: HackMag

Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition or PIN.

Read full article →

MikroTik Nightmare. Pentesting MikroTik network equipment

Date: 09/04/2025

Author: Caster

This article discusses the security of MikroTik equipment from the attacker’s perspective. Being very popular, MikroTik products are often attacked by hackers. The primary focus of this research is post-exploitation. Also, I will touch on issues plaguing RouterOS defense mechanisms that are exploited by malefactors.

Read full article →

Website of Everest ransomware group hacked and defaced

📟 News

Date: 08/04/2025

Author: HackMag

Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: “Don’t do crime CRIME IS BAD xoxo from Prague.”

Read full article →

Critical RCE vulnerability discovered in Apache Parquet

📟 News

Date: 07/04/2025

Author: HackMag

All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out of 10.

Read full article →