Indholdsfortegnelse for October 2025 i Hackercool Magazine

Then you will know the truth and the truth will set you free. John 8:32 In cybersecurity, every month feels like its own era. Threats evolve, tools mature and the line between offense and defense blurs just a little more. In this Issue, we dive head-first into that shifting landscape, bringing you a curated mix of red team tactics, blue team strategy, vulnerability breakdowns, platform updates and the growing concerns around mobile and online security. We open with “Inside the Kill Chain: Modern TTPs That Still Work”, a red-team deep dive into the techniques that continue to evade detection even in 2025. While the industry talks endlessly about AI-driven defense, this feature reminds us that fundamentals that are executed well still remain painfully effective. Balancing offense with defense, we bring…

Security Onion has been a cornerstone of open-source detection and response for years. With the 2.4.180 release, the project stops short of reinvention and instead sharpens the tools SOCs and labs already rely on. This release will give you better analyst ergonomics, improved host visibility, scalable message pipelines etc. This update helps not only SOC engineers who need reliability at scale but also to teams building red team and purple team labs who want realistic, enterprise grade telemetry without the shock of enterprise sticker. Many SOC upgrades are measured in micro improvements: a tweak to a UI here, a library bump there. 2.4.180 bundles a set of focused, practical changes that reduce friction for analysts and platform owners. Whether you operate in AWS/Azure, on prem, or inside nested lab VMs,…

A critical vulnerability has been detected in Adobe Commerce and Magento Open-Source platform that if exploited can allow hackers to take complete takeover of customer accounts. About the vulnerability The vulnerability popularly being called as SessionReaper (as it allows hackers takeover entire sessions of customers), carries a CVSS Score of 9.1 out of 10. Tracked as CVE-2025-54236, it is due to an improper input validation. The vulnerable products are Adobe Commerce (all deployment methods): versions <=2.4.9-alpha2, <=2.4.8-p2, <=2.4.7-p7, <=2.4.6-p12, <=2.4.5-p14 and <=2.4.4-p15. Adobe Commerce B2B versions: <=1.5.3-alpha 2, <=1.5.2-p2, <=1.4.2-p7, <=1.3.4-p14, <=1.3.3-p15. Magento open-source versions: <=2.4.9-alpha2, <=2.4.8-p2, <=2.4.7-p7, <= 2.4.6-p12 and <=2.4.5-p14. “Magento isn’t insecure by design — it’s insecure by neglect. The moment you stop patching, attackers start winning.” How hackers can exploit this vulnerability? How else do you…

Last week, OpenAI unveiled Chat-GPT Atlas, a web browser that promises to revolutionise how we interact with the internet. The company’s CEO, Sam Altman, described it as a “once-a-decade opportunity” to rethink how we browse the web. The promise is compelling: imagine an artificial intelligence (AI) assistant that follows you across every website, remembers your preferences, summarises articles, and handles tedious tasks such as booking flights or ordering groceries on your behalf. But beneath the glossy marketing lies a more troubling reality. Atlas is designed to be “agentic”, able to autonomously navigate websites and take actions in your logged-in accounts. This introduces security and privacy vulnerabilities that most users are unprepared to manage. "While OpenAI touts innovation, it’s quietly shifting the burden of safety onto unsuspecting consumers who are being…

“Updated techniques inspired by APT tradcraft and MITRE ATT&CK mapping” Every few years, the cybersecurity industry declares that the “kill chain” model is outdated. Yet, despite new frameworks, buzzwords and the rise of AI-driven defenses, the kill chain survives. A cyber kill chain is a framework for identifying and breaking down different stages of a cyberattack. It originates from a military concept and is developed by Lockheed Martin. Attackers still follow the same essential phases in a cyber-attack: reconnaissance, initial access, execution, persistence, privilege escalation, lateral movement, command and control and finally exfiltration or impact. Some tools and techniques change, the target of the attack may change — but the underlying tactics remain remarkably constant. What changes are the techniques and procedures that make these tactics effective in today’s environments.…

A critical vulnerability has been discovered in Ubiquiti Uni-Fi Access applications which can be exploited by attackers without the need of any authentication. About the vulnerability The vulnerability tracked as CVE-2025-52665 affects the Unifi Access application versions from 3.3.22 to 3.4.31. The vulnerability is due to a mis-configuration introduced in version 3.3.22 and has been assigned a CVSS V3.1 score of 10.0. The vulnerability exists in/api/core/backup/export endpoint. This endpoint handles backup operations. However, this endpoint accepts a directory parameter (dir) without any sanitization. Moreover, the backup operation should only be listening on IP 127.00.1 (local host with restricted access) but it is exposed on port 7780). This misconfiguration allows attackers to access it without any authentication. How hackers can exploit this vulnerability? Attackers can exploit this vulnerability remotely if this…

The Zero-Click Wake-Up Call In November 2025, the cybersecurity community was jolted by the disclosure of CVE-2025-21042, a zero-day vulnerability in libimagecodec.quram.so, Samsung’s proprietary image-processing library. This vulnerability, being exploited in real-world attacks by the LANDFALL spyware campaign, allowed remote code execution with zero user interaction, triggered simply when a malicious image is received and automatically previewed by any messaging app such as WhatsApp. The implications of this vulnerability are profound: attackers could seize control of a device, exfiltrate data and spy on communications without the user tapping a single link. For the first time since Pegasus and Hermit, a new generation of mobile spyware had entered the battlefield. How the Attack Works From Image to Intrusion The exploit targets a memory corruption flaw in Samsung’s image codec. This codec…

A severe vulnerability has been disclosed by Motex in its LanScope Endpoint Manager that is already under active exploitation in real-world. About the vulnerability The vulnerability being tracked as CVE-2025-61932, is a remote code execution vulnerability that affects On-Premise edition of LANSCOPE Endpoint Manager. It has CVSS 3.0 rating of 9.8. The vulnerability does not affect the centralized management console but is present in the code of its Client Program (PR) and Detection Agent (DA) which are installed on endpoint devices to collect data to be sent to centralized management console. The flaw is due to an improper verification or validation of the source of communication channel flow. In simple terms, it means this vulnerability is a result of performing inadequate checks on incoming communication packets. LANSCOPE On-Premise Edition with…

“HOW smarter detection, automation and empathy for analysts can turn chaos into clarity” The Problem No One Wants to Admit What according to Blue Teams is the best way to defend the organization? Set up SIEM’s, EDRs, firewalls and other defenses and have a central management console to view the alerts and logs they generate. Any malicious activity can be detected by noticing the alerts and action taken upon. How idealistic scenario? However, like Ohm’s law in physics, some things look better in ideal conditions. Practically, it is different. It is true in the case of Blue teaming too. Every SOC analyst knows the sound — the endless chime of alerts, the flicker of dashboards lighting up like a Christmas tree. Every day, thousands of events stream in from SIEMs,…

A critica1 vulnerability has been reported in Microsoft Windows Server Updates (WSUS) that allows unauthenticated attackers to execute code remotely on Windows Servers. About the vulnerability Tracked as CVE-2025-59287, the vulnerability has a CVSS 3.1 score of 9.8. The vulnerability is due to unsafe deserialization of untrusted data in WSU-S’s handling of Authorization cookie. Windows Server Update Service (WS-US) is a role in Windows Server that is used by administrators to deploy Microsoft updates across the network. The vulnerability affects all supported Windows Server versions from 2012 to 2025 where GetCookie’s end point processes encrypted Authorization Cookie () objects without validation. The deserialization vulnerability is present exactly in EncryptionHelper’s DecryptData() method. This method encrypts incoming cookie data with AES-AES-128-CBC cipher and decrypts that data before passing it to NET’s Binary…