Top-notch cybersecurity magazine with daily news and articles for ethical/legal hackers, information security specialists, researchers, developers, and all other IT enthusiasts.
We do not support illegal activities in any form or shape.
| HackMag | https://hackmag.com |
| Telegram | https://t.me/@hack_mag |
| X (ex-Twitter) | https://x.com/hack_mag |
| https://reddit.com/r/hack_mag | |
| Discord | https://discord.gg/hTHp23NK |
| Contact | support@hackmag.com |
⚪ Chinese hackers breached the networks of Singapore’s largest telecommunications companies
🗨️ As reported by Singapore’s Cyber Security Agency (CSA), last year was a difficult one for the country’s telecommunications sector. It turned out that the Chinese hacking group UNC3886 had infiltrated the networks of all four of Singapore’s largest telecom operators: Singtel, StarHub, M1, and Simba.
⚪ Automating Web Service Workflows with Unix Shell Scripts
🗨️ There are command-line clients for pretty much every popular web service. Many of them are pretty bare-bones and not exactly convenient to use. But you can script them and repurpose them for totally unexpected things: turn Google Calendar into a remote command execution system, use Telegram to track…
⚪ Microsoft Fixes Six Zero-Day Vulnerabilities in Its Products
🗨️ The February Patch Tuesday delivered fixes for 58 vulnerabilities in Microsoft products, including six actively exploited zero-days. Three of them had already been publicly disclosed before the patches were released.
⚪ $40 Million Stolen from Step Finance After Executives’ Devices Hacked
🗨️ Last week, the DeFi platform Step Finance reported the loss of 40 million USD in cryptocurrency. It turned out that hackers gained access to the company’s systems through compromised executives’ devices.
⚪ Exploiting the Cloak and Dagger Android Vulnerability: Step‑by‑Step Attack Walkthrough and PoC Development
🗨️ Have you read the news about Cloak and Dagger? Yes, that “new vulnerability that threatens all Android devices, up to and including the latest 7.1.2” and all those other scary phrases and buzzwords? Excellent. So we know the problem is real, but there doesn’t seem to be any source code publicly avai…
⚪ Tirith tool detects and blocks homograph-based attacks
🗨️ A developer known as Sheeki has released Tirith, a cross-platform tool that protects against so-called homograph attacks, which use characters from other alphabets and malicious domains. The tool analyzes all commands in the command line before execution and blocks dangerous URLs.
⚪ Developers of the dYdX crypto exchange uploaded malicious packages to PyPI and npm
🗨️ Attackers compromised the official npm and PyPI packages of the dYdX cryptocurrency exchange and used them to distribute malware. The hackers stole wallet seed phrases and installed a RAT to gain full control over infected systems.
⚪ SmarterMail developers hacked via a vulnerability in their own product
🗨️ SmarterTools, the company behind the popular SmarterMail mail server, fell victim to attackers who exploited a critical vulnerability in the company’s own software. The attackers infiltrated the network through an unpatched virtual machine and compromised about 30 servers.
⚪ Anthropic: Claude Opus 4.6 Found Over 500 Vulnerabilities in Open-Source Libraries
🗨️ Anthropic reported that its latest language model, Claude Opus 4.6, has discovered more than 500 previously unknown serious vulnerabilities in open-source projects, including Ghostscript, OpenSC, and CGIF.
⚪ Flickr Reports Data Breach Caused by Third-Party Email Service
🗨️ Photo hosting service Flickr has warned users about a possible data leak. The issue arose due to a vulnerability in the systems of a third-party email marketing provider, and attackers managed to gain access to subscribers’ names, email addresses, and other information related to the service’s users.
