⚠ NCSC: Week 25: Fake voice messages spread malware and target login details 🔴 CVE: CVE-2026-49201 (CVSS 9.8) — The upload.cgi binary, responsible for processing device backups, contains a … 📰 New article: NCSC Mandatory Cyber Reporting: Swiss ISA Enforcement 2026 ⚠ NCSC: Week 25: Fake voice messages spread malware and target login details 🔴 CVE: CVE-2026-49201 (CVSS 9.8) — The upload.cgi binary, responsible for processing device backups, contains a … 📰 New article: NCSC Mandatory Cyber Reporting: Swiss ISA Enforcement 2026
Best Practices 10 articles
All 53 Threat Intel 14 Regulation 10 Best Practices 10 Incident Report 9 Analysis 10
Best Practices21 June 20268 min read

SharePoint CVE-2026-45659: Swiss On-Prem Patch Guide 2026

CVE-2026-45659 enables RCE on SharePoint Server 2016–SE via Site Member credentials, targeting Swiss financial on-prem deployments with compliance-driven patch debt.

by Marco ScaritoRead article →
Best Practices15 June 20269 min read

Microsoft Patch Tuesday June 2026: Swiss IT Priority Guide

Microsoft June 2026 Patch Tuesday: 200 CVEs and 6 zero-days including Windows Kernel RCE. Patch prioritisation guide for Swiss enterprise IT teams.

by Marco ScaritoRead article →
Best Practices7 June 202610 min read

CVE-2026-41089 Netlogon RCE: Swiss AD Patching Guide 2026

CVE-2026-41089 is an unauthenticated Netlogon RCE under active exploitation. Swiss AD environments must patch all domain controllers simultaneously.

by Marco ScaritoRead article →
Best Practices24 May 20268 min read

NIS2 Enforcement 2026: Swiss EU Subsidiary Guide

First NIS2 supervisory audits are underway in 22 EU member states. Swiss holding companies with EU subsidiaries cannot rely on FINMA compliance alone.

by Marco ScaritoRead article →
Best Practices17 May 20269 min read

MCP Agent Security Framework for Swiss Enterprises 2026

Swiss enterprises are deploying MCP agents without security review. This framework covers prompt injection, tool abuse, and Entra ID credential theft.

by Marco ScaritoRead article →
Best Practices17 May 20268 min read

May 2026 Patch Tuesday: Swiss Enterprise Priority Guide

CVE-2026-41103 (CVSS 9.1) tops May 2026 Patch Tuesday's 118 CVEs. Swiss teams using Atlassian tools with Entra ID must patch immediately.

by Marco ScaritoRead article →
Best Practices10 May 202611 min read

Mapping DORA and NIS2 to NIST CSF 2.0 and CIS Controls: A Compliance Efficiency Roadmap for Swiss Financial Institutions

Swiss financial institutions juggling DORA, NIS2 and FINMA obligations can cut duplication by anchoring to NIST CSF 2.0 and CIS Controls v8. Here is how to build the mapping.

by Marco ScaritoRead article →
Best Practices3 May 202611 min read

Hardening Microsoft 365 for Swiss Organisations: A Practical Security Checklist

A practical M365 hardening checklist for Swiss organisations covering Conditional Access, Entra ID Secure Score, Exchange Online protection, audit logging, and data residency.

by Marco ScaritoRead article →
Best Practices7 April 202610 min read

Patching Is Not Enough: Building a Vulnerability Management Programme That Holds Up to FINMA and ISA Scrutiny

Three critical zero-days in five weeks — Cisco FMC, Fortinet EMS twice — expose a common failure: organisations patch reactively but lack a structured vulnerability management programme. Here is what FINMA and the ISA now expect, and how to build it.

by Marco ScaritoRead article →
Best Practices30 March 202610 min read

Zero Trust Beyond the Buzzword: Why Microsegmentation Is the Control Swiss Enterprises Keep Skipping

Most Zero Trust implementations stop at identity, skipping microsegmentation — the control that limits damage once an attacker is inside.

by Marco ScaritoRead article →