First blogpost for NVISO. Hunt and get rid of those pesky unauthorised RMMs in your environment before damage is done!

Ready to uncover the secrets of #PoisonSeed's #PhishingKit? 🤯 Read Lontz latest blog post to learn how they bypass MFA and discover essential protection tips against their tactics. 👇 blog.nviso.eu/2025/08/12/she…

On September 29th, 2025, Broadcom disclosed a local privilege escalation vulnerability, CVE-2025-41244, impacting VMware’s guest service discovery features. NVISO has identified zero-day exploitation in the wild beginning mid-October 2024. All details - blog.nviso.eu/2025/09/29/you…

Our NVISO #IncidentResponse Team has been tracking #VShell campaigns worldwide! More than 1,500 active VShell servers were uncovered, each capable of giving attackers remote control over compromised networks. Read the report here 👇 nviso.eu/blog/nviso-ana…

Together with Bart and Lontz, we discovered that DPRK #ContagiousInterview threat actors are abusing legitimate JSON storage services to host their first-stage malware

🚨 North Korean hackers have a new trick. They’re hiding malware inside fake API keys on GitHub — using JSON Keeper and other legit tools to stay invisible. The attack installs “BeaverTail” to steal data and drop a Python backdoor. See how it works ↓ thehackernews.com/2025/11/north-…

What makes #Telegram so attractive to adversaries, and how do they abuse it? 🤔 That’s what you will learn in the recent blog post by Lontz, Nef and St0pp3r 👇blog.nviso.eu/2025/12/16/the…

Been looking at malicious browser extensions related to #urbanvpn, #ghostposter, #shadypanda, #zoomstealer, #DarkSpectre. #kql queries at: github.com/NVISOsecurity/… github.com/NVISOsecurity/… github.com/NVISOsecurity/… github.com/NVISOsecurity/…

#ConsentFix (#AuthCodeFix) ) is the latest variant of the fix-type phishing attacks. Dive deep into the mechanics of the attack in St0pp3r latest blog post with #KQL detection queries and mitigations. 👇 blog.nviso.eu/2026/01/29/con…