HackMag – Page 5 – Tech magazine for cybersecurity specialists

OttoKit WordPress plugin targeted by massive attacks

📟 News

Date: 13/05/2025

Author: HackMag

Hackers exploit a critical privilege escalation vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin to create new admin accounts on vulnerable sites.

Read full article →

In the footsteps of Phrack. Searching for LKM rootkits in RAM and examining x64 memory

Date: 12/05/2025

Author: kclo3

A long time ago, in the early days of my journey to Linux kernel rootkits, I came across a Phrack article describing a rootkit detection technique implemented for i386. The article wasn’t new and referred to a vintage Linux kernel dated 2003. Something in that paper caught my attention, although much remained unclear… Ultimately, I decided to implement the anti-rootkit concept described in it for modern systems.

Read full article →

Threadless Injection. Injecting shellcode into third-party processes to circumvent EDR

Date: 07/05/2025

Author: Nik Zerof

This article discusses Threadless Injection: a technique making it possible to make injections into third-party processes. At the time of writing, it effectively worked on Windows 11 23H2 x64 running on a virtual machine isolated from the network with OS security features enabled.

Read full article →

Malicious Python packages exploit Gmail and WebSockets

📟 News

Date: 06/05/2025

Author: HackMag

Socket’s Threat Research Team discovered seven malicious Python packages that use Gmail SMTP servers and WebSockets for data exfiltration and remote command execution.

Read full article →

Kali Ashes: Hardening hacker distribution and mastering silent pentesting techniques

Date: 05/05/2025

Author: Caster

Kali Linux is extremely popular among pentesters. However, if you penetrate into a network using default settings of this distribution, it would create much noise on the air, which won’t go unnoticed. This article discusses Kali hardening and explains how to make Linux as silent as possible.

Read full article →

Coinbase fixes 2FA bug that made customers panic

📟 News

Date: 30/04/2025

Author: HackMag

Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised.

Read full article →

FBI Offers 10 million USD for information on Salt Typhoon members

📟 News

Date: 29/04/2025

Author: HackMag

The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year’s attack that had compromised multiple US telecommunications companies.

Read full article →