Securing AI systems without overconfidence or fear – Part 2: Attack surfaces and the checkpoint flow
A missed attack surface Imagine this: A team ships a Retrieval-Augmented Generation (RAG) support bot. They red-team the chat input thoroughly and they scan model outputs for credentials, internal hostnames, and Personally Identifiable Information (PII). The suite is green. Coverage looks solid. After launch, an attacker with write access to the indexed knowledge base adds…
Security’s Blind Spot: Physical Keyloggers That Bypass Antivirus Entirely
Keyloggers: A Persistent Threat Nowadays, virtually all digital services rely on logins and authentication, from email inboxes to help desks.…
The Axios npm supply chain incident: fake dependency, real backdoor
On March 31, 2026, two malicious Axios versions (1.14.1 and 0.30.4) were briefly published to npm via a compromised maintainer…
Why the pentesting playbook doesn’t fit: belief, assumptions, and non-determinism
About the author Hussein Bahmad Hussein is a penetration testing manager in NVISO’s SSA team in which he manages a variety…
Ivanti EPMM ‘Sleeper Shells’ not so sleepy?
In late January 2026 an advisory covering two remote code execution vulnerabilities (CVE-2026-1281 & CVE-2026-1340) in Ivanti Endpoint Manager Mobile…
Capture the Kerberos Flag: Detecting Kerberos Anomalies
Kerberos is one of the most common protocols in organizations that utilize Windows Active Directory, and an essential part of…
An introduction to automated LLM red teaming
Introduction As large language models become increasingly embedded in production applications, from customer service chatbots to code assistants and document…
Something went wrong. Please refresh the page and/or try again.