NVISO has identified zero-day exploitation of CVE-2025-41244, a local privilege escalation vulnerability impacting VMware's guest service discovery features.
You name it, VMware elevates it (CVE-2025-41244)
Author: Maxime Thiebaut
Hunting Chromium Notifications
Browser notifications provide social-engineering opportunities. In this post we'll cover the associated forensic artifacts, threat hunting possibilities and hardening recommendations.
MEGAsync Forensics and Intrusion Attribution
MEGAsync forensics can be leveraged to identify exfiltrated files, additional victims and, subsequently, perform attribution.
Covert TLS n-day backdoors: SparkCockpit & SparkTar
This report documents two covert TLS-based backdoors identified by NVISO: SparkCockpit & SparkTar. Both backdoors employ selective interception of TLS communication towards the legitimate Ivanti server applications.
Generating IDA Type Information Libraries from Windows Type Libraries
In this quick-post, we'll explore how to convert Windows type libraries (TLB) into IDA type information libraries (TIL).
IcedID & Qakbot’s VNC Backdoors: Dark Cat, Anubis & Keyhole
In this post we introduce Dark Cat, Anubis and Keyhole, three IcedID & Kakbot VNC backdoor variants NVISO observed. We'll follow by exposing common TTPs before revealing information leaked through the attackers' clipboard data.