Top-notch cybersecurity magazine with daily news and articles for ethical/legal hackers, information security specialists, researchers, developers, and all other IT enthusiasts.
We do not support illegal activities in any form or shape.
| HackMag | https://hackmag.com |
| Telegram | https://t.me/@hack_mag |
| X (ex-Twitter) | https://x.com/hack_mag |
| https://reddit.com/r/hack_mag | |
| Discord | https://discord.gg/hTHp23NK |
| Contact | [email protected] |
⚪️ Invisible code: Comparing software obfuscation techniques
🗨️ Imagine a situation: you open a file containing some code in a text editor and see a completely blank space (even though the script executes perfectly). In fact, such obfuscation does exist. This article discusses magical techniques that make code disappear right before your eyes. You'll see…
⚪️ Cisco source code stolen after supply‑chain attack linked to Trivy
🗨️ Cisco has become one of the victims of a large-scale supply-chain attack that began with the compromise of the Trivy vulnerability scanner. It has now emerged that the attackers infiltrated the company’s internal development environment and stole source code (not…
⚪️ Android Data Leaks, 10 Essential Kotlin Questions, and Executing Shellcode via JIT
🗨️ In today’s issue: running shellcode via a JIT compiler, a deep dive into where smartphones leak your data, the ten most common Kotlin questions, an overview of WorkManager and Slices as presented at Google I/O, and of course a fresh batch of tools and libraries.
⚪️ Leaked Claude Code Source Used to Spread Stealers
🗨️ Attackers are creating malicious GitHub repositories disguised as leaked Claude Code source code. Systems of users who download these fakes end up infected with the Vidar infostealer and the GhostSocks proxy tool. Recall that earlier this week Anthropic accidentally caused…
⚪️ Android malware NoVoice has infected more than 2.3 million devices
🗨️ A large-scale malicious campaign has been discovered on Google Play: the NoVoice malware was hidden in more than 50 apps that were installed at least 2.3 million times in total. The infected apps masqueraded as system cleaning utilities, photo galleries,…
⚪️ Serious Multi-Factor Authentication: Building Robust Security Software with Free Tools
🗨️ In this article, we’ll look at how to add an extra authentication step to a mobile app on top of the usual username and password (for example, a phone call to the user’s registered number or entering a code received via SMS), and how to configure backend services to support this kind of multi-fac…
⚪️ Going Big on Encryption: Practical Guide to Modes of Operation in Russian Block Ciphers
🗨️ In the previous articles, we took a detailed look at how two domestic cryptographic algorithms work. However, each of them can only encrypt a very small chunk of data — 8 or 16 bytes. Obviously, you can’t fit anything meaningful into that amount of space nowadays, so we need a way around this lim…
⚪️ Two Critical Spring Framework Vulnerabilities Explained: How They Work and Why They Matter
🗨️ Spring is one of the most popular Java frameworks, powering hundreds of solutions across many domains. It’s hard to find a serious Java application that doesn’t use Spring. Recently, two critical vulnerabilities were discovered in it that allow remote code execution. Let’s take a look at how they…
⚪️ Building a Tor-Backed Wi‑Fi Hotspot: Routing All Client Traffic Through the Onion Network
🗨️ In this article, we’ll walk through how to configure a Wi‑Fi access point that automatically routes all outgoing traffic through the Tor network, and then look at some practical examples of how it can be used—both by regular users and by security researchers.
⚪️ Hacking the Internet of Things: How Attackers Find Vulnerable Devices—and What Actually Stops Them
🗨️ When you read news about newly discovered vulnerabilities or watch talks from hacker conferences, it can feel like everything is online now and trivially easy to hack. And often, you supposedly don’t even need much skill or any special equipment to pull it off. Let’s see in practice whether that’…
