Security’s Blind Spot: Physical Keyloggers That Bypass Antivirus Entirely
Keyloggers: A Persistent Threat Nowadays, virtually all digital services rely on logins and authentication, from email inboxes to help desks. These involve login credentials to prove identity, typically at least a username and a password. Initially, this information is confidential from a potential attacker. While a username can be relatively easy to guess in a…
The Axios npm supply chain incident: fake dependency, real backdoor
On March 31, 2026, two malicious Axios versions (1.14.1 and 0.30.4) were briefly published to npm via a compromised maintainer…
Why the pentesting playbook doesn’t fit: belief, assumptions, and non-determinism
About the author Hussein Bahmad Hussein is a penetration testing manager in NVISO’s SSA team in which he manages a variety…
Ivanti EPMM ‘Sleeper Shells’ not so sleepy?
In late January 2026 an advisory covering two remote code execution vulnerabilities (CVE-2026-1281 & CVE-2026-1340) in Ivanti Endpoint Manager Mobile…
Capture the Kerberos Flag: Detecting Kerberos Anomalies
Kerberos is one of the most common protocols in organizations that utilize Windows Active Directory, and an essential part of…
An introduction to automated LLM red teaming
Introduction As large language models become increasingly embedded in production applications, from customer service chatbots to code assistants and document…
Rootless Containers with Podman
In modern digital infrastructure, containerization has become one of the most significant technologies, offering automation, portability, and resilience of services…
Something went wrong. Please refresh the page and/or try again.