Top-notch cybersecurity magazine with daily news and articles for ethical/legal hackers, information security specialists, researchers, developers, and all other IT enthusiasts.
We do not support illegal activities in any form or shape.
| HackMag | https://hackmag.com |
| Telegram | https://t.me/@hack_mag |
| X (ex-Twitter) | https://x.com/hack_mag |
| https://reddit.com/r/hack_mag | |
| Discord | https://discord.gg/hTHp23NK |
| Contact | [email protected] |
⚪️ Follow the White Rabbit. Reversing files encrypted with the Rabbit algorithm
🗨️ This article discusses the practical application of the Rabbit stream cipher using a real app as an example: you'll learn how to identify this algorithm based on its code, trace the read → process → write flow, find the initialization procedure, and even write your own file encryption/decryption …
⚪️ OpenAI Fixes Vulnerability That Led to ChatGPT Data Leak
🗨️ Experts at Check Point have discovered a vulnerability in ChatGPT that made it possible to silently exfiltrate data from user conversations without their knowledge or consent. OpenAI fixed the issue at the end of February 2026, and no evidence of…
⚪️ From LFI to Remote Code Execution: Exploiting phpMyAdmin for Full Administrative Takeover
🗨️ phpMyAdmin is one of the most popular web-based management tools for MySQL databases. Most hosting providers offer it, and on roughly every second website you can easily find the URL where it’s installed. You can imagine what a tempting target that makes it — a vulnerability in a tool like this i…
⚪️ CrystalX Trojan includes prankware-style features
🗨️ Experts at Kaspersky Lab have discovered a remote access trojan, CrystalX RAT. In addition to the standard RAT feature set, the malware combines the capabilities of a stealer, keylogger, clipper, and spyware, and it can also “prank” the victim —…
⚪️ Google Chrome patches fourth actively exploited zero‑day vulnerability
🗨️ Google developers have released an emergency update for the Chrome browser that fixes the 0‑day vulnerability CVE-2026-5281, which has already been exploited in real-world attacks. The vulnerability tracked as CVE-2026-5281 is related to a use-after-free issue in Dawn, the cross-platform…
⚪️ The Zen of Hashing: A Practical Guide to Secure, Standards‑Compliant Password Hashing
🗨️ You probably already know that a properly designed access control system that relies on entering and verifying a password never stores passwords in plain text anywhere. Instead, it validates them using a hash. In this article, we’ll walk through practical aspects of secure password hashing, based…
⚪️ Anti-piracy group shuts down AnimePlay platform
🗨️ The Alliance for Creativity and Entertainment (ACE) has announced the takedown of a major pirate anime streaming platform, AnimePlay, which had more than 5 million registered users. ACE is an anti-piracy coalition that includes more than 50 major TV networks…
⚪️ Inside Drupalgeddon2: Dissecting the Critical Drupal 7 Remote Code Execution Vulnerability
🗨️ The world recently learned about a serious vulnerability in the Drupal content management system. However, when we analyzed the issue in the 8.x branch, we left out a similar flaw in Drupal 7—even though far more sites are still running that version. Exploiting the vulnerability there is a bit mo…
⚪️ Anthropic Accidentally Leaks Claude Code Source Code
🗨️ Developers at Anthropic accidentally made the entire source code of their CLI tool, Claude Code, publicly accessible. The cause of this leak was a forgotten source map file in the npm package. On March 31, 2026, Anthropic released an update…
⚪️ Building a Simple Local Blockchain Using the Streebog (GOST R 34.11-2012) Hash Function
🗨️ Blockchain and everything around it is all over the place these days, and it’s hard to find a publication that hasn’t covered the topic. We’ve previously taken a detailed look at what blockchain is and why it matters. Today we’ll approach it from a practical angle and build a very simple local bl…
