⚠ NCSC: Week 25: Fake voice messages spread malware and target login details 🔴 CVE: CVE-2026-49201 (CVSS 9.8) — The upload.cgi binary, responsible for processing device backups, contains a … 📰 New article: NCSC Mandatory Cyber Reporting: Swiss ISA Enforcement 2026 ⚠ NCSC: Week 25: Fake voice messages spread malware and target login details 🔴 CVE: CVE-2026-49201 (CVSS 9.8) — The upload.cgi binary, responsible for processing device backups, contains a … 📰 New article: NCSC Mandatory Cyber Reporting: Swiss ISA Enforcement 2026
Analysis 10 articles
All 53 Threat Intel 14 Regulation 10 Best Practices 10 Incident Report 9 Analysis 10
Analysis7 June 20269 min read

WEF Cybersecurity Outlook 2026: Lessons for Swiss CISOs

WEF 2026 report: AI drives 87% of cyber risk perceptions and identity is the dominant attack path. Priorities for Swiss security leaders.

by Marco ScaritoRead article →
Analysis31 May 20269 min read

Sovereign Cloud: How EU Regulations Reshape Swiss Cloud 2026

DORA, NIS2, and the EU AI Act are creating hard data residency constraints for Swiss FinTech and HealthTech firms dependent on US hyperscalers.

by Marco ScaritoRead article →
Analysis24 May 20269 min read

Security ROI Metrics for Swiss Board Reporting 2026

A practical framework for translating security posture into financial risk metrics aligned with FINMA Circular 2023/1 board governance expectations.

by Marco ScaritoRead article →
Analysis7 May 20267 min read

The CISO Game in Chiasso: What a Simulated Cyber Crisis Teaches That No Presentation Ever Could

A first-person account of the Supply Chain & Third Party Risk event in Chiasso — the second CISO gathering in Ticino in as many weeks — centred on an interactive crisis simulation that put 50 security leaders around the table to make real decisions under pressure.

by Marco ScaritoRead article →
Analysis28 April 202612 min read

Claude Mythos and Project Glasswing: Separating Fact from Hype on the AI Model Too Dangerous to Release

Anthropic's Claude Mythos can autonomously find zero-day vulnerabilities. A confirmed unauthorised access incident has already occurred. Swiss security teams need facts, not hype.

by Marco ScaritoRead article →
Analysis14 April 202611 min read

AI Security at the Crossroads: 10 Takeaways from the Swiss Cyber AI Conference

Ten takeaways from the Swiss Cyber AI Conference — identity, least privilege for AI agents, poisoned agents, voice biometric deprecation, and the F1 security paradigm.

by Marco ScaritoRead article →
Analysis6 April 202610 min read

When the Safety-First AI Lab Ships Its Own Source Code to npm: Lessons from the Claude Code Leak

A source map misconfiguration in Claude Code v2.1.88 exposed Anthropic's internal codebase — 1,906 files and 44 hidden feature flags — via npm.

by Marco ScaritoRead article →
Analysis6 April 20269 min read

NCSC Semi-Annual Report H2 2025: What the First Mandatory Critical Infrastructure Data Tells Us

On 30 March 2026, the NCSC published its H2 2025 report — the first to integrate mandatory infrastructure notifications with voluntary reports.

by Marco ScaritoRead article →
Analysis28 March 20267 min read

The Scammers Are Evolving? No — We Are Not

A phishing email spoofing Microsoft via 'rnicrosoft.com' went viral. The technique is 20 years old. The surprise is that it still works.

by Marco ScaritoRead article →
Analysis23 March 20268 min read

NCSC Annual Report 2025: Key Takeaways for Swiss Security Teams

The NCSC published its 2025 Annual Report on 16 February 2026. 64,733 incident reports, 222 mandatory notifications.

by Marco ScaritoRead article →