HackMag – Page 4 – Tech magazine for cybersecurity specialists

Critical RCE vulnerability discovered in Apache Parquet

📟 News

Date: 07/04/2025

Author: HackMag

All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out of 10.

Read full article →

Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched

📟 News

Date: 04/04/2025

Author: Lev Emeliyanov

Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images and even inject malicious code into them.

Read full article →

Custom fabrication. Reversing D-Link router firmware

Date: 02/04/2025

Author: 41exey

When you create custom firmware for routers, you often have to forge the signature so that your handmade microcode can be flushed using the stock web interface. To forge a signature, you must be familiar with the image validation procedure in the stock firmware. To get a general idea of this process, let’s reverse firmware embedded into the D-Link DIR-806A B1 router and find out how signature validation is implemented in it.

Read full article →

Hackers abuse MU plugins to inject malicious payloads to WordPress

📟 News

Date: 01/04/2025

Author: HackMag

According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected.

Read full article →

Save me. How to protect networks against spoofing attacks

Date: 31/03/2025

Author: Caster

Spoofing attacks are simple to deliver, and their impact is gross. This article discusses such attacks from the security perspective. The main challenge is to intelligently integrate network security solutions with production without disrupting business processes. Such integration requires a good understanding of the network and equipment specifics. In fact, this is the cornerstone of success.

Read full article →

Zero-day vulnerability in Windows results in NTLM hash leaks

📟 News

Date: 28/03/2025

Author: HackMag

Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows Explorer.

Read full article →

Cloudflare to block all unencrypted traffic to its APIs

📟 News

Date: 26/03/2025

Author: HackMag

According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed.

Read full article →