⚠ NCSC: Week 18: Parcel phishing with a devious twist – The "double phishing" scam 🔴 CVE: Critical vulnerabilities tracked — CVSS ≥ 9.0 📰 New article: The CISO Game in Chiasso: What a Simulated Cyber Crisis Teaches That No Presentation Ever Could ⚠ NCSC: Week 18: Parcel phishing with a devious twist – The "double phishing" scam 🔴 CVE: Critical vulnerabilities tracked — CVSS ≥ 9.0 📰 New article: The CISO Game in Chiasso: What a Simulated Cyber Crisis Teaches That No Presentation Ever Could
Analysis 7 articles
All 27 Threat Intel 8 Regulation 5 Best Practices 3 Incident Report 4 Analysis 7
LatestAnalysis7 May 20267 min read

The CISO Game in Chiasso: What a Simulated Cyber Crisis Teaches That No Presentation Ever Could

A first-person account of the Supply Chain & Third Party Risk event in Chiasso — the second CISO gathering in Ticino in as many weeks — centred on an interactive crisis simulation that put 50 security leaders around the table to make real decisions under pressure.

by Marco ScaritoRead article →
Analysis28 April 202612 min read

Claude Mythos and Project Glasswing: Separating Fact from Hype on the AI Model Too Dangerous to Release

Anthropic's Claude Mythos can autonomously find zero-day vulnerabilities. A confirmed unauthorised access incident has already occurred. Swiss security teams need facts, not hype.

by Marco ScaritoRead article →
Analysis14 April 202611 min read

AI Security at the Crossroads: 10 Takeaways from the Swiss Cyber AI Conference

Ten takeaways from the Swiss Cyber AI Conference — identity, least privilege for AI agents, poisoned agents, voice biometric deprecation, and the F1 security paradigm.

by Marco ScaritoRead article →
Analysis6 April 202610 min read

When the Safety-First AI Lab Ships Its Own Source Code to npm: Lessons from the Claude Code Leak

A source map misconfiguration in Claude Code v2.1.88 exposed Anthropic's internal codebase — 1,906 files and 44 hidden feature flags — via npm.

by Marco ScaritoRead article →
Analysis6 April 20269 min read

NCSC Semi-Annual Report H2 2025: What the First Mandatory Critical Infrastructure Data Tells Us

On 30 March 2026, the NCSC published its H2 2025 report — the first to integrate mandatory infrastructure notifications with voluntary reports.

by Marco ScaritoRead article →
Analysis28 March 20267 min read

The Scammers Are Evolving? No — We Are Not

A phishing email spoofing Microsoft via 'rnicrosoft.com' went viral. The technique is 20 years old. The surprise is that it still works.

by Marco ScaritoRead article →
Analysis23 March 20268 min read

NCSC Annual Report 2025: Key Takeaways for Swiss Security Teams

The NCSC published its 2025 Annual Report on 16 February 2026. 64,733 incident reports, 222 mandatory notifications.

by Marco ScaritoRead article →