Adaptive MFA: The Factory Setting is Not Enough
Adaptive MFA is usually enabled but not set up: How risk-based authentication truly protects beyond factory settings. Read article
Adaptive MFA: Factory Settings Are Not Enough
Adaptive MFA is typically enabled by default, but not configured: How risk-based authentication beyond factory settings truly protects. Read article
Where the SME Sector Still Lags Technically on NIS
NIS2 check for SMEs: five technical gaps that stand out in an audit and how to close them before the first review. Read article
Ivanti Connect Secure back on the CISA KEV: Third incident in 18 months
CISA has added a new Ivanti Connect Secure vulnerability to the KEV. Mandiant reports active exploitation in critical infrastructure networks. Read article
AI Phishing: Email Filters Left in the Dark
AI phishing bypasses classic email filters like Gmail, SpamAssassin, and Proofpoint. What CISOs need to change in detection architecture in 2026. Read article
The Backdoor in German Webhosting Contracts
A critical vulnerability in the most widely used hosting interface among small and medium-sized businesses allows attackers full access without login. Read article
Source Code Breaches: When Hackers Outpace Security Vendors
8 Min. Read Time Trellix, Okta, LastPass – three security providers, three source code breaches, one pattern. Attackers are deliberately compromising security providers to discover vulnerabilities in their products before... Read article
Git Push Leads to RCE on GitHub
CVE-2026-3854 (CVSS 8.7): GitHub Enterprise RCE via git push. 88% of self-hosted instances unpatched. Patches available since March 10th. Read article
Bitwarden CLI Hit by GitHub Actions Supply Chain
Bitwarden-CLI 04/22/2026: The GitHub Action checkmarx/ast-github-action is the lever. Check CI runners and action hashes for DACH-DevSecOps now. Read article
500,000 Patient Data in 96 Hours: Anonymous Incident Report from a DACH Hospital Group
April 2026: Wave of Healthcare Breaches. Anonymous DACH Incident Report with 500k patient data, 96h reconstruction, NIS2/DSGVO obligations. Read article
PaperCut NG/MF Under Active Attack: Why a 2023 Bug Re-enters the CISA-KEV a Year Later
PaperCut NG/MF has been back in the CISA-KEV since April 20, 2026. CVE-2023-27351 is being actively exploited. 72-hour inventory sweep and hardening measures for security teams. Read article
Infostealer 2026: How Stolen Session Cookies Bypass MFA
RedLine, Lumma, Raccoon: Infostealer malware steals session cookies and bypasses MFA. What truly works in 2026. Read article
Secure Boot Certificates Expire in June 2026: What IT Teams Must Prepare for Their Windows Fleet by the Deadline
Starting June 2026, Microsoft's 2011 Secure Boot certificates will expire. IT teams have two months to complete inventory and deployment. Read article
Cyber Resilience Act from September 11, 2026: The 24-hour reporting obligation that IT security teams must now establish processes for
From 09/11/2026, the CRA reporting obligation applies: 24-hour early warning, 72-hour full report, 14-day final report. What security teams must now establish. Read article
Claude Mythos: Situation Assessment for Security Teams
Anthropic has built an AI model that finds vulnerabilities faster than most security teams. Claude Mythos discovered a 27-year-old bug in OpenBSD and several privilege escalation paths in the Linux kernel. The situation assessment. Read article
Email Authentication: How to Configure SPF, DKIM, and DMARC Correctly
Gmail rejects emails without DMARC. How to set up SPF, DKIM, and DMARC correctly in 5 days. Read article
Post-Quantum Cryptography: Why Enterprises Must Transition Their Encryption Now
NIST has finalized three post-quantum standards. BSI deadline 2030/2032. Why PQC migration must start now. Read article
On-Premise AI as a Security Strategy: What Gemma 4 Means for Data Protection
7 min read Every request to a cloud AI service involves data transfer to a third party. With open-source models like Google’s Gemma 4, AI can be operated in production-ready... Read article
Threat Intelligence for SMEs: Identifying Threats Before They Strike
8 min read The global threat-intelligence market is set to reach US$8.2 bn by 2026 and surge past US$31 bn by 2034. But threat intelligence isn’t a product reserved for... Read article
Cyber Insurance 2026: What Insurers Really Check and What CISOs Must Prepare For
9 Min. Read Time Over 40 percent of companies that report a cyber damage incident receive no payout. 72 percent of small and medium-sized enterprises are completely uninsured. And premiums... Read article
Q1 2026: The Five Most Dangerous Cyber Incidents in Germany and What They Have in Common
6 min Reading Time A DDoS attack on Deutsche Bahn. An arson attack on Berlin’s power grid. Russian state hackers infiltrating the Signal contacts of a former BND (Federal Intelligence... Read article
