Swiss cybersecurity analysis in your inbox — threats, regulation, incidents. Unsubscribe anytime.
Miasma npm Attack: Swiss CI/CD Hardening Guide 2026
The Miasma npm worm published malware with valid SLSA provenance via stolen OIDC tokens. A CI/CD hardening baseline for Swiss dev teams.
SharePoint CVE-2026-45659: Swiss On-Prem Patch Guide 2026
CVE-2026-45659 enables RCE on SharePoint Server 2016–SE via Site Member credentials, targeting Swiss financial on-prem deployments with compliance-driven patch debt.
Microsoft Patch Tuesday June 2026: Swiss IT Priority Guide
Microsoft June 2026 Patch Tuesday: 200 CVEs and 6 zero-days including Windows Kernel RCE. Patch prioritisation guide for Swiss enterprise IT teams.
CVE-2026-41089 Netlogon RCE: Swiss AD Patching Guide 2026
CVE-2026-41089 is an unauthenticated Netlogon RCE under active exploitation. Swiss AD environments must patch all domain controllers simultaneously.
NIS2 Enforcement 2026: Swiss EU Subsidiary Guide
First NIS2 supervisory audits are underway in 22 EU member states. Swiss holding companies with EU subsidiaries cannot rely on FINMA compliance alone.
MCP Agent Security Framework for Swiss Enterprises 2026
Swiss enterprises are deploying MCP agents without security review. This framework covers prompt injection, tool abuse, and Entra ID credential theft.
May 2026 Patch Tuesday: Swiss Enterprise Priority Guide
CVE-2026-41103 (CVSS 9.1) tops May 2026 Patch Tuesday's 118 CVEs. Swiss teams using Atlassian tools with Entra ID must patch immediately.
Mapping DORA and NIS2 to NIST CSF 2.0 and CIS Controls: A Compliance Efficiency Roadmap for Swiss Financial Institutions
Swiss financial institutions juggling DORA, NIS2 and FINMA obligations can cut duplication by anchoring to NIST CSF 2.0 and CIS Controls v8. Here is how to build the mapping.
Hardening Microsoft 365 for Swiss Organisations: A Practical Security Checklist
A practical M365 hardening checklist for Swiss organisations covering Conditional Access, Entra ID Secure Score, Exchange Online protection, audit logging, and data residency.
Patching Is Not Enough: Building a Vulnerability Management Programme That Holds Up to FINMA and ISA Scrutiny
Three critical zero-days in five weeks — Cisco FMC, Fortinet EMS twice — expose a common failure: organisations patch reactively but lack a structured vulnerability management programme. Here is what FINMA and the ISA now expect, and how to build it.
Zero Trust Beyond the Buzzword: Why Microsegmentation Is the Control Swiss Enterprises Keep Skipping
Most Zero Trust implementations stop at identity, skipping microsegmentation — the control that limits damage once an attacker is inside.