HvS Cyber Security Blog
Cyber security insights. No fluff. Just facts.
AI agents may prioritize task completion over security. This article demonstrates how man-in-the-middle attacks can lead to reverse shells, supply chain compromise, and SSH exploitation.
![NIS-2 Umsetzung: Praxisleitfaden zur rechtssicheren Compliance [inkl. Checkliste]](/sites/hvs/files/styles/landscape_small/public/2025-12/praxisleitfaden_zur_rechtssicheren_compliance_inkl_checkliste_0.png.webp?itok=0DpruGl7)
Practical guide to NIS2 implementation covering scope assessment, maturity levels, ISMS, key requirements and a comprehensive compliance checklist.
Learn which companies are affected by the NIS-2 Directive, what obligations apply, and how NIS-2 differs from KRITIS, ISO 27001, and TISAX®.
Shai-Hulud and npm attacks: what developers need to know about software dependency risks and how to protect themselves.
How INC Ransom encrypts systems via the FortiGate vulnerability in just 48 hours – and why timely patching is crucial. Includes background & recommendations.
A straight-forward explanation of EASA Part-IS: What are the regulations and what do they require? Who is affected? Our experts will show you how to get your ISMS & ISMM in shape now.
Find out why an external ISO is an effective solution for SMEs in particular to ensure information security and compliance - regardless of legal obligations. Benefits, tasks and cooperation options at a glance.
Understand security features, misconfigurations and technical attacks on NFS shares.
Structured information and tips for dealing with the log4j vulnerability (CVE-2021-44228)
Spies dressed up as hackers. In this article, we highlight the APT fallout of vulnerabilities such as ProxyLogon in Exchange (Hafnium), OGNL Injection and log4shell
Lazarus Report: Anatomy of a cyber espionage campaign. A full report, IOCs and YARA rules of a coherent Advanced Persistent Threats (APT) campaign