A first-person account of the Supply Chain & Third Party Risk event in Chiasso — the second CISO gathering in Ticino in as many weeks — centred on an interactive crisis simulation that put 50 security leaders around the table to make real decisions under pressure.
A practical M365 hardening checklist for Swiss organisations covering Conditional Access, Entra ID Secure Score, Exchange Online protection, audit logging, and data residency.
The NCSC Week 19 alert documents a BEC campaign targeting Swiss SMEs in manufacturing and logistics, with CHF 2.3M in confirmed wire transfer losses.
A quishing campaign targeting Swiss Microsoft 365 tenants uses AiTM proxy infrastructure to bypass MFA and steal session tokens, with links to Eastern European APT activity.
Anthropic's Claude Mythos can autonomously find zero-day vulnerabilities. A confirmed unauthorised access incident has already occurred. Swiss security teams need facts, not hype.
Microsoft's April 2026 Patch Tuesday fixed 165 CVEs including an actively exploited SharePoint zero-day (CVE-2026-32201) and a wormable Windows TCP/IP RCE. Triage guidance for Swiss IT teams.
Switzerland's Federal Council is drafting a new cyber products law by autumn 2026, mirroring the EU Cyber Resilience Act. What Swiss manufacturers, importers, and software vendors must prepare for now.
Ten takeaways from the Swiss Cyber AI Conference — identity, least privilege for AI agents, poisoned agents, voice biometric deprecation, and the F1 security paradigm.
The EU Cyber Resilience Act's first mandatory deadline — vulnerability and incident reporting obligations — takes effect on 11 September 2026. Swiss manufacturers exporting digital products to the EU have five months to build compliant processes.
Two critical zero-days in Fortinet FortiClient EMS — CVE-2026-35616 and CVE-2026-21643, both CVSS 9.1 — are being actively exploited in the wild. Swiss enterprises using FortiClient EMS must apply the emergency hotfix immediately.
Three critical zero-days in five weeks — Cisco FMC, Fortinet EMS twice — expose a common failure: organisations patch reactively but lack a structured vulnerability management programme. Here is what FINMA and the ISA now expect, and how to build it.
A source map misconfiguration in Claude Code v2.1.88 exposed Anthropic's internal codebase — 1,906 files and 44 hidden feature flags — via npm.
On 30 March 2026, the NCSC published its H2 2025 report — the first to integrate mandatory infrastructure notifications with voluntary reports.
Between 00:21 and 03:29 UTC on 31 March 2026, malicious axios versions with a Trojan went live on npm. DevSecOps lessons for Swiss engineering teams.
Three vulnerabilities disclosed in LangChain and LangGraph expose filesystem data, secrets, and conversation history in enterprise AI deployments.
The NCSC's Week 12 alert documents a new tactic: cloning registered Swiss companies to post fraudulent job ads and harvest applicants' data.
Most Zero Trust implementations stop at identity, skipping microsegmentation — the control that limits damage once an attacker is inside.
A phishing email spoofing Microsoft via 'rnicrosoft.com' went viral. The technique is 20 years old. The surprise is that it still works.
In January 2026, a Swiss entrepreneur transferred several million francs after calls from an entirely AI-generated voice.
Amazon's threat intelligence team confirmed that Interlock ransomware began exploiting CVE-2026-20131 on 26 January 2026.
EU Digital Omnibus heads into trilogue: what Swiss compliance teams should do now on GDPR, AI Act, NIS2, and DORA before the final text lands.
On 19 November 2025, the European Commission published the Digital Omnibus.
The NCSC published its 2025 Annual Report on 16 February 2026. 64,733 incident reports, 222 mandatory notifications.
The NCSC's Week 11 alert covers a live campaign hitting Swiss companies: fake invoice ZIPs with HTML credential stealers and CAPTCHA evasion.
New data from NCSC reveals a 34% increase in ransomware incidents targeting Swiss SMEs in 2025.
The revised nDSG is now in force. Persistent blind spots: incomplete records of processing activities.
A spear phishing campaign targeting Swiss wealth managers used impersonated correspondence from Swiss financial regulators.