HvS Cyber Security Blog

Many SMEs are affected by NIS-2 without even knowing it. The HvS study highlights key hurdles, practical examples, and pragmatic paths to greater cyber resilience.

AI agents may prioritize task completion over security. This article demonstrates how man-in-the-middle attacks can lead to reverse shells, supply chain compromise, and SSH exploitation.

Learn which companies are affected by the NIS-2 Directive, what obligations apply, and how NIS-2 differs from KRITIS, ISO 27001, and TISAX®.

Practical guide to NIS2 implementation covering scope assessment, maturity levels, ISMS, key requirements and a comprehensive compliance checklist.

Shai-Hulud and npm attacks: what developers need to know about software dependency risks and how to protect themselves.

How INC Ransom encrypts systems via the FortiGate vulnerability in just 48 hours – and why timely patching is crucial. Includes background & recommendations.

A straight-forward explanation of EASA Part-IS: What are the regulations and what do they require? Who is affected? Our experts will show you how to get your ISMS & ISMM in shape now.

Find out why an external ISO is an effective solution for SMEs in particular to ensure information security and compliance - regardless of legal obligations. Benefits, tasks and cooperation options at a glance.

Understand security features, misconfigurations and technical attacks on NFS shares.

Structured information and tips for dealing with the log4j vulnerability (CVE-2021-44228)

Spies dressed up as hackers. In this article, we highlight the APT fallout of vulnerabilities such as ProxyLogon in Exchange (Hafnium), OGNL Injection and log4shell

Lazarus Report: Anatomy of a cyber espionage campaign. A full report, IOCs and YARA rules of a coherent Advanced Persistent Threats (APT) campaign