# Swiss Security Insights

> Independent cybersecurity analysis for Swiss CISOs, IT managers, and compliance officers — covering threat intelligence, FINMA/nDSG/NIS2 regulation, incident analysis, and security best practices.

Swiss Security Insights is an independent publication written by Marco Scarito, Deputy CISO (CISSP · CISM · CRISC · CGEIT), based in Lugano, Switzerland. Marco works in the Swiss financial sector and publishes in-depth articles written in English and targeted at the Swiss market.

The site focuses on cybersecurity topics that matter specifically to Swiss organisations: NCSC advisories, FINMA circulars, nDSG/GDPR compliance, NIS2 implications, cantonal and federal infrastructure threats, and practical defensive guidance calibrated to the Swiss threat landscape.

## About

- **Author**: Marco Scarito — Deputy CISO, CISSP · CISM · CRISC · CGEIT, Lugano, Switzerland
- **LinkedIn**: https://linkedin.com/in/marcoscarito
- **Language**: English
- **Site URL**: https://swisssecurityinsights.ch
- **Contact / newsletter**: https://swisssecurityinsights.ch/newsletter.php
- **Machine-readable article index**: https://swisssecurityinsights.ch/llms-articles.json

## Key Pages

- [Home](https://swisssecurityinsights.ch/): Latest articles, threat landscape, and newsletter signup
- [All Articles](https://swisssecurityinsights.ch/articles.php): Complete article archive
- [About](https://swisssecurityinsights.ch/about.php): Author background and editorial policy

## Analysis

- [The CISO Game in Chiasso: What a Simulated Cyber Crisis Teaches That No Presentation Ever Could](https://swisssecurityinsights.ch/articles/ciso-game-chiasso-supply-chain-third-party-risk-2026.php): A first-person account of the Supply Chain & Third Party Risk event in Chiasso — the second CISO gathering in Ticino in as many weeks — centred on an interactive crisis simulation that put 50 security leaders around the table to make real decisions under pressure. (7 May 2026)
- [Claude Mythos and Project Glasswing: Separating Fact from Hype on the AI Model Too Dangerous to Release](https://swisssecurityinsights.ch/articles/claude-mythos-cybersecurity-risks-project-glasswing-2026.php): Anthropic's Claude Mythos can autonomously find zero-day vulnerabilities. A confirmed unauthorised access incident has already occurred. Swiss security teams need facts, not hype. (28 April 2026)
- [AI Security at the Crossroads: 10 Takeaways from the Swiss Cyber AI Conference](https://swisssecurityinsights.ch/articles/swiss-cyber-ai-conference-takeaways-2026.php): Ten takeaways from the Swiss Cyber AI Conference — identity, least privilege for AI agents, poisoned agents, voice biometric deprecation, and the F1 security paradigm. (14 April 2026)
- [When the Safety-First AI Lab Ships Its Own Source Code to npm: Lessons from the Claude Code Leak](https://swisssecurityinsights.ch/articles/claude-code-source-leak-ai-supply-chain-lessons-2026.php): A source map misconfiguration in Claude Code v2.1.88 exposed Anthropic's internal codebase — 1,906 files and 44 hidden feature flags — via npm. (6 April 2026)
- [NCSC Semi-Annual Report H2 2025: What the First Mandatory Critical Infrastructure Data Tells Us](https://swisssecurityinsights.ch/articles/ncsc-semi-annual-report-h2-2025-switzerland.php): On 30 March 2026, the NCSC published its H2 2025 report — the first to integrate mandatory infrastructure notifications with voluntary reports. (6 April 2026)
- [The Scammers Are Evolving? No — We Are Not](https://swisssecurityinsights.ch/articles/homograph-lookalike-domain-phishing-not-new.php): A phishing email spoofing Microsoft via 'rnicrosoft.com' went viral. The technique is 20 years old. The surprise is that it still works. (28 March 2026)
- [NCSC Annual Report 2025: Key Takeaways for Swiss Security Teams](https://swisssecurityinsights.ch/articles/ncsc-annual-report-2025-key-takeaways-swiss-security-teams.php): The NCSC published its 2025 Annual Report on 16 February 2026. 64,733 incident reports, 222 mandatory notifications. (23 March 2026)

## Threat Intel

- [QR Code Phishing Targeting Swiss Microsoft 365 Tenants: An Adversary-in-the-Middle Campaign](https://swisssecurityinsights.ch/articles/qr-code-quishing-swiss-m365-apt-2026.php): A quishing campaign targeting Swiss Microsoft 365 tenants uses AiTM proxy infrastructure to bypass MFA and steal session tokens, with links to Eastern European APT activity. (3 May 2026)
- [Microsoft Patch Tuesday April 2026: 165 CVEs, One Actively Exploited SharePoint Zero-Day](https://swisssecurityinsights.ch/articles/microsoft-patch-tuesday-april-2026-sharepoint-zero-day.php): Microsoft's April 2026 Patch Tuesday fixed 165 CVEs including an actively exploited SharePoint zero-day (CVE-2026-32201) and a wormable Windows TCP/IP RCE. Triage guidance for Swiss IT teams. (28 April 2026)
- [Fortinet FortiClient EMS Under Active Attack: Two Zero-Days, One Patch Window, and What Swiss Enterprises Must Do Now](https://swisssecurityinsights.ch/articles/fortinet-forticlient-ems-cve-2026-35616-zero-day-swiss-enterprises.php): Two critical zero-days in Fortinet FortiClient EMS — CVE-2026-35616 and CVE-2026-21643, both CVSS 9.1 — are being actively exploited in the wild. Swiss enterprises using FortiClient EMS must apply the emergency hotfix immediately. (7 April 2026)
- [The npm Trust Problem: How the Claude Code Leak and the Axios RAT Created a Supply Chain Emergency](https://swisssecurityinsights.ch/articles/npm-supply-chain-attack-axios-claude-code-devSecOps-2026.php): . (6 April 2026)
- [AI Agent Vulnerabilities in the Enterprise: LangChain, LangGraph and the Expanding Attack Surface](https://swisssecurityinsights.ch/articles/langchain-langgraph-ai-agent-vulnerabilities-2026.php): Three vulnerabilities disclosed in LangChain and LangGraph expose filesystem data, secrets, and conversation history in enterprise AI deployments. (30 March 2026)
- [AI-Driven Fraud in Switzerland: Deepfakes, Voice Cloning, and the New Social Engineering Threat](https://swisssecurityinsights.ch/articles/ai-fraud-deepfakes-switzerland-2026.php): In January 2026, a Swiss entrepreneur transferred several million francs after calls from an entirely AI-generated voice. (23 March 2026)
- [Zero-Day Before the Patch: How Interlock Ransomware Exploited Cisco FMC for 36 Days Undetected](https://swisssecurityinsights.ch/articles/cisco-fmc-cve-2026-20131-interlock-ransomware-zero-day.php): Amazon's threat intelligence team confirmed that Interlock ransomware began exploiting CVE-2026-20131 on 26 January 2026. (23 March 2026)
- [Ransomware Attacks on Swiss SMEs: A Growing Threat in 2025](https://swisssecurityinsights.ch/articles/ransomware-attacks-switzerland-2025.php): New data from NCSC reveals a 34% increase in ransomware incidents targeting Swiss SMEs in 2025. (15 March 2025)

## Regulation

- [Switzerland's Cyber Products Law: What the Federal Council's Draft Bill Means for Swiss Tech Companies](https://swisssecurityinsights.ch/articles/switzerland-cyber-products-law-federal-council-2026.php): Switzerland's Federal Council is drafting a new cyber products law by autumn 2026, mirroring the EU Cyber Resilience Act. What Swiss manufacturers, importers, and software vendors must prepare for now. (28 April 2026)
- [The EU Cyber Resilience Act's First Deadline Is in Five Months — Are Swiss Manufacturers Ready?](https://swisssecurityinsights.ch/articles/eu-cyber-resilience-act-september-2026-deadline-swiss-manufacturers.php): The EU Cyber Resilience Act's first mandatory deadline — vulnerability and incident reporting obligations — takes effect on 11 September 2026. Swiss manufacturers exporting digital products to the EU have five months to build compliant processes. (7 April 2026)
- [Digital Omnibus Enters Trilogue: What Swiss Compliance Teams Must Do Before the Final Text Lands](https://swisssecurityinsights.ch/articles/digital-omnibus-trilogue-swiss-compliance-2026.php): . (23 March 2026)
- [The EU Digital Omnibus: What Swiss Organisations Must Understand Now](https://swisssecurityinsights.ch/articles/eu-digital-omnibus-ai-act-gdpr-swiss-organisations.php): On 19 November 2025, the European Commission published the Digital Omnibus. (23 March 2026)
- [nDSG Compliance in 2025: What Swiss Companies Still Get Wrong](https://swisssecurityinsights.ch/articles/revdsa-swiss-data-protection-compliance.php): The revised nDSG is now in force. Persistent blind spots: incomplete records of processing activities. (12 March 2025)

## Incident Report

- [NCSC Week 19: Business Email Compromise Wave Hits Swiss SMEs — CHF 2.3M in Confirmed Losses](https://swisssecurityinsights.ch/articles/ncsc-week19-bec-swiss-sme-wire-fraud-2026.php): The NCSC Week 19 alert documents a BEC campaign targeting Swiss SMEs in manufacturing and logistics, with CHF 2.3M in confirmed wire transfer losses. (3 May 2026)
- [Identity Fraud with a Swiss Face: The NCSC's Warning on Fake Company Job Scams](https://swisssecurityinsights.ch/articles/ncsc-fake-swiss-company-job-scams-2026.php): The NCSC's Week 12 alert documents a new tactic: cloning registered Swiss companies to post fraudulent job ads and harvest applicants' data. (30 March 2026)
- [The HTML Invoice Trap: Anatomy of the Phishing Campaign Targeting Swiss Companies Right Now](https://swisssecurityinsights.ch/articles/ncsc-html-invoice-phishing-swiss-companies-2026.php): The NCSC's Week 11 alert covers a live campaign hitting Swiss companies: fake invoice ZIPs with HTML credential stealers and CAPTCHA evasion. (23 March 2026)
- [Spear Phishing in Swiss Finance: Anatomy of a 2025 Campaign](https://swisssecurityinsights.ch/articles/phishing-swiss-financial-sector.php): A spear phishing campaign targeting Swiss wealth managers used impersonated correspondence from Swiss financial regulators. (8 March 2025)

## Best Practices

- [Hardening Microsoft 365 for Swiss Organisations: A Practical Security Checklist](https://swisssecurityinsights.ch/articles/hardening-microsoft-365-swiss-organisations-checklist-2026.php): A practical M365 hardening checklist for Swiss organisations covering Conditional Access, Entra ID Secure Score, Exchange Online protection, audit logging, and data residency. (3 May 2026)
- [Patching Is Not Enough: Building a Vulnerability Management Programme That Holds Up to FINMA and ISA Scrutiny](https://swisssecurityinsights.ch/articles/vulnerability-management-programme-finma-isa-swiss-financial-sector.php): Three critical zero-days in five weeks — Cisco FMC, Fortinet EMS twice — expose a common failure: organisations patch reactively but lack a structured vulnerability management programme. Here is what FINMA and the ISA now expect, and how to build it. (7 April 2026)
- [Zero Trust Beyond the Buzzword: Why Microsegmentation Is the Control Swiss Enterprises Keep Skipping](https://swisssecurityinsights.ch/articles/zero-trust-microsegmentation-swiss-enterprises-2026.php): Most Zero Trust implementations stop at identity, skipping microsegmentation — the control that limits damage once an attacker is inside. (30 March 2026)