swiss-made security & it lab
Security news & tools for hands-on IT admins.
Actionable security news, curated CVE advisories, deep-dive tutorials, troubleshooting fixes, plain-English explainers, ready-to-run scripts and browser-based IT tools, made for hands-on sysadmins and IT admins who secure and troubleshoot their own infrastructure.
maintained by Emanuel De Almeida , cybersecurity & cloud infrastructure expert · geneva, switzerland
Navanem is a swiss-made security and IT lab for hands-on sysadmins and IT admins. It pairs actionable security news, curated CVE advisories and Microsoft KB write-ups with deep-dive tutorials, troubleshooting fixes, plain-English explainers, ready-to-run PowerShell and Bash scripts, and free browser-based IT tools, everything you need to secure, automate and troubleshoot your own infrastructure.
editorial
Latest security news

Djinn Stealer Exploits SimpleHelp CVE-2026-48558
~14,000 exposed SimpleHelp servers face Djinn Stealer via CVE-2026-48558, a CVSS 10.0 auth bypass harvesting AI, cloud, and SSH credentials across Windows, macOS, and Linux.

iOS 26.5.2: Apple Rushes Patches Ahead of AI Exploit Surge
iOS 26.5.2 landed June 29, 2026, fixing 25+ CVEs pulled from the iOS 26.6 beta to outpace AI-assisted zero-day development before exploitation begins.

CVE-2026-48558: SimpleHelp Exploited to Drop Djinn Stealer
CVE-2026-48558 (CVSS 10.0) in SimpleHelp ≤5.5.15 is actively exploited to drop Djinn Stealer. ~1,000 servers exposed. Patch to v5.5.16 or v6.0 RC2 now.

Africa Cybersecurity Center of Excellence: Mastercard 2026
Mastercard's pan-African cybersecurity hub launches in South Africa and Nigeria, covering 50 organisations with Recorded Future threat intel - backed by $12.6 bn invested since 2018.
KDDI Data Breach: 14.22 Million Email Logins Exposed
KDDI data breach exposed 14.22 million email logins across six Japanese ISPs after attackers exploited a third-party software flaw in a shared email platform.
CVE-2026-31431 Copy Fail: Linux Privilege Escalation Flaw
A 732-byte Python script exploits CVE-2026-31431 (CVSS 7.8) to grant root on Ubuntu, RHEL, and Amazon Linux. CISA mandates federal patching by May 15, 2026.
Miasma Worm Hijacks AI Coding Agents via GitHub Repos
448 artifacts poisoned: the Miasma worm plants malware in clean GitHub repos that fires automatically when AI coding agents clone them, evading every standard scanner.
DCloud Uni-App Powers 236,000 Global Investment Scam Sites
985 enterprises hit: Infoblox found 236,493 fraudulent domains built on DCloud Uni-App since 2022, spiking to 15,000 new scam sites per month after October 2024 disclosure.
security radar
Latest CVEs
all_cve →Latest KBs
all_kb →step by step
Latest tutorials

Portainer CE on Debian: Install and Manage Docker via Web UI
Install Portainer CE on Debian using Docker Compose in 6 steps. Covers persistence, port 9443 HTTPS setup, and CE vs BE differences with a comparison table.

CyberChef Tutorial: Decode, Encrypt & Analyze Data
CyberChef offers 483 built-in operations, all client-side. Learn to self-host it with Docker in one command, build multi-step recipes, and decode, encrypt, or extract data in minutes.

Crontab on Linux: Step-by-Step Guide for Sysadmins
Master crontab on Linux: learn five-field syntax, 6 scheduling patterns, output redirection, and real-world automation examples that sysadmins use every day.
troubleshooting
Latest fixes
dsregcmd Troubleshooting: Fix Entra ID Device Registration
Run dsregcmd /status to diagnose Entra ID join failures in under 5 s. This guide maps every flag - AzureAdJoined, MdmUrl, AzureAdPrt - to a concrete fix.
concepts
Explained
Open-Source PDF Editors 2026: 8 Best Free Tools
Ranked guide to the best open-source PDF editors in 2026. All free, no subscription, runs offline. Stirling PDF leads with 50+ tools and self-hosted privacy.
VPN Explained: What It Is and How It Works for IT Pros
A VPN encrypts traffic and masks your IP address. VPN exploits grew eightfold in 2025 DBIR data. Here is what IT pros need to know before deploying one.
AI Coding Assistants Explained: What They Are and How to Choose
AI coding assistants use large language models to write, refactor, and debug code. With context windows up to 200,000 tokens and 51% of developers using them daily in 2025, here is how to pick the right one.
Password Managers Explained: What They Are and How to Choose
A password manager stores and autofills credentials in an AES-256 encrypted vault so you use strong, unique passwords without memorising them. CISA recommends one for every account.
open source
Open-source projects

Inkscape: the free, SVG-native vector graphics editor
Inkscape is a professional-quality, free and open-source vector graphics editor for Windows, macOS and Linux. It uses SVG as its native format and can import and edit vector content from PDFs.

Xournal++: Free Handwritten Note-Taking with PDF Annotation
Xournal++ is a free, open-source handwriting and note-taking app with full PDF annotation, stylus support and LaTeX, running on Linux, Windows and macOS.

Stirling PDF: the self-hosted, open-source PDF toolkit
Stirling PDF is an open-source platform from Stirling Tools that runs 50+ PDF tools as a desktop app, browser UI, or private self-hosted server. Merge, OCR, sign, redact, and convert PDFs locally, without sending files to the cloud.

Portainer: a lightweight GUI for Docker and Kubernetes
Portainer Community Edition is an open-source, single-container web GUI and API for managing Docker, Swarm, Kubernetes and ACI environments. An independent project by Portainer, spotlighted by navanem.
browser-based
IT tools

Emanuel De Almeida
Cybersecurity & cloud infrastructure expert · Geneva
about navanem
Emanuel De Almeida, cybersecurity & cloud infrastructure expert in Geneva.
NAVANEM is a solo-built, Swiss-based security and IT lab for hands-on admins. Every article, tool and script is built and tested in real-world environments, not marketing decks.