Our Expertise

Identity & Access — Conditional Access, FIDO2, Entra ID governance

Endpoint Security — Intune, Defender for Endpoint, compliance baselines

Cloud Architecture — Microsoft 365, Azure, hybrid infrastructure

AI Readiness — Copilot deployment, data governance, security assessment

Cost Optimization — License audits, infrastructure right-sizing

Security Assessment — Posture review, gap analysis, remediation planning

Our Team

Nicklas Eriksson — Founder & Cloud Solution Architect. Senior consultant with 15+ years of experience in IT, specializing in hybrid infrastructure and Microsoft platforms. Works closely with architecture and business stakeholders to turn technical guidelines into sustainable, working solutions. Focused on automation, structure, and security.

Helena Berg — Operations & Client Relations. Ensuring smooth day-to-day operations and strong client relationships. Supporting the team with administration, logistics and business coordination.

Stina Berg Eriksson — Documentation & Quality Assurance. Supporting advisory engagements with a focus on structure, documentation and quality assurance. Helping ensure every deliverable meets our standards.

Sixten Berg Eriksson — Infrastructure & Lab. Contributing to cloud and infrastructure projects with fresh perspectives. Focused on hands-on testing, lab environments and enterprise security foundations.

Elna Berg Eriksson — Creative & Communications. Bringing curiosity and attention to detail to every project. Supporting communications, content creation and client-facing materials.

Latest Insights

Storm-1175 hits in 24 hours — how to protect your hybrid M365 stack from Medusa — Microsoft Threat Intelligence reports that Storm-1175 deploys Medusa ransomware within a single day of initial access. Here is what we check first at HaggeBurger.

RedSun and UnDefend now weaponized — two Defender zero-days still unpatched — BlueHammer is patched, but RedSun and UnDefend are now actively exploited with no fix yet. Here is how to protect Defender-based Windows endpoints.

Critical SharePoint flaw CVE-2026-32201 — patch before the weekend — CISA added CVE-2026-32201 to KEV and the flaw is being exploited against SharePoint Server. Here is how to check whether your environment is exposed.

Critical Windows IKE RCE CVE-2026-33824 — verify the April patch this week — An unauthenticated RCE with CVSS 9.8 in the Windows IKE Service Extensions can hit every domain-joined Windows host. Here is how to confirm the April patch actually deployed.

Device code phishing hits record levels — hundreds of M365 accounts compromised daily — Microsoft reports 10-15 campaigns per day. How to block the attack in Conditional Access.

Critical SharePoint Zero-Day Actively Exploited — Patch Now — CVE-2026-32201 is actively exploited against SharePoint Server. Here is how to protect your environment.

Ransomware hit two Swedish municipalities — is your business ready? — Two Swedish municipalities forced back to paper and pen. How to avoid the same fate.

SharePoint vulnerability CVE-2026-32201 — patch now, attackers are active — Microsoft released an emergency fix for SharePoint Server on April 14. CISA added it to the KEV catalog the same day. If you run SharePoint on-prem you need to act this week.

April 2026 Patch Tuesday — do not sleepwalk into the June 26 Secure Boot deadline — Microsoft shipped today's Patch Tuesday with 80-100+ CVEs. The bigger story is the June 26 Secure Boot certificate expiry — you have two Patch Tuesdays left.

BlueHammer — unpatched Windows zero-day grants SYSTEM via Defender updates — A published zero-day in Windows Defender signature updates gives attackers SYSTEM privileges. No patch exists. Here is how to protect your endpoints.

AI-powered phishing hits M365 — hundreds of orgs compromised daily — Storm-2755 uses AI to craft phishing emails that trick M365 users into giving up their tokens. Here is how to protect yourself.

Russian hackers steal M365 logins via your router — what to do now — APT28 compromised 18,000 routers to steal Microsoft 365 tokens. Here is how to check if your customers are affected.

EvilTokens hijacks M365 accounts — how to block it — New phishing-as-a-service kit bypasses MFA entirely through Microsoft 365 device code flow. Here is how to block it.

EvilTokens — new phishing attack bypasses MFA entirely via device code flow — New PhaaS platform steals M365 tokens by tricking users into authenticating on Microsofts own login page.

Kerberos RC4 hardening goes live in April — check your service accounts — April Windows updates enforce AES-only Kerberos for service accounts. Legacy RC4 dependencies will break.

Region Värmland hacked for four months — how to protect your M365 environment — Attackers had access to Region Värmland M365 email accounts for four months. CERT-SE warns of increasing BEC attacks against Swedish organizations.

Critical Chrome/Edge Zero-Day CVE-2026-5281 — Update Now — An actively exploited vulnerability in Chrome and Edge requires immediate patching. CISA added CVE-2026-5281 to its KEV catalog.

Kerberos RC4 enforcement April 2026 — what to do before patching — Microsoft April update enforces AES-only Kerberos. Service accounts still using RC4 will break. Here is how to prepare.

MFA does not protect against device code phishing — here is what does — Over 340 M365 organizations compromised via device code phishing. MFA is useless. Here is how to block it.

Device code phishing bypasses MFA — 340+ M365 organizations compromised — The EvilTokens platform steals M365 tokens that survive password resets. Here is how to block the attack in Conditional Access.

Excel vulnerability weaponizes Copilot — patch now — CVE-2026-26144 allows an attacker to use Copilot Agent in Excel to exfiltrate data without any user interaction.

Device code phishing hits 340 M365 orgs — block the flow now — Russian threat actors exploit Microsoft device code authentication to hijack M365 accounts. Conditional Access can stop it.

Outlook vulnerability runs malicious code without opening the email — CVE-2026-26113 and CVE-2026-26110 allow code execution just by viewing an email in the Preview Pane.

The Perfect Home Office: Monitor, Keyboard, and Headset — The right accessories make the difference between a home office that works and one that frustrates. Here is what you need.

Tablets in Business: From Warehouse to Boardroom — How to use tablets as productivity tools in your business — not just entertainment devices.

Managing Company Phones with Intune: iPhone and Android — How to secure, configure, and manage all company phones centrally — whether iPhone or Android.

Why Intune and Autopilot Transform IT Management for SMBs — Stop configuring laptops manually. With Intune and Autopilot, you set up a new device in 15 minutes instead of 3 hours.

How to Choose the Right Laptop for Microsoft 365 Business Premium — A guide for IT managers at Swedish SMBs who want to select the right hardware for Microsoft 365, Intune, and Defender.

5 Things to Consider When Buying IT Hardware for Your Business — Avoid costly mistakes when upgrading your company IT. Here are the five most important questions to ask before you buy.

New Phishing Attack Bypasses MFA via Device Code — Block It Now — Active campaign steals M365 tokens via OAuth device code flow. 340+ organizations compromised. Here is how to block the attack.

Hackers Wiped 200K Devices via Intune — Protect Your Environment Now — Iran-linked Handala used Microsoft Intune to wipe 200,000+ devices at Stryker. Here is how to protect your organization.

Region Varmland hacked for four months — how to protect your business — A Swedish government region suffered a phishing attack that gave attackers access to email accounts for four months undetected. Here is how to avoid the same fate.

Critical Office RCE vulnerabilities — the Preview Pane is the attack surface — Two critical RCE vulnerabilities in Microsoft Office let attackers execute code just by previewing a document in Outlook. Patch now.

Tycoon2FA is back — MFA bypass against M365 works again — The Tycoon2FA phishing platform is back after Europol's takedown. AiTM attacks bypass standard MFA and steal M365 tokens.

Entra ID deadline March 31 — apps without service principal will break — Microsoft Entra ID stops supporting app auth without a service principal on March 31. Check your app registrations now.

AI-powered phishing campaign hits 340+ organizations — M365 tokens stolen — Active device code phishing campaign exploits Railway.com and AI-generated lures to steal M365 tokens. Password resets won't help.

Excel vulnerability lets Copilot silently leak your data — CVE-2026-26144 enables attackers to weaponize Copilot Agent for zero-click data exfiltration from Excel. Patch now.

Swedish Security Service warns — constant cyberattacks on Swedish organizations — Säkerhetspolisen annual report confirms: cyberattacks against Swedish organizations are constant. What SMBs should do now.

The DarkSword attack — your iPhones could give hackers access to company data — CISA warns of actively exploited iOS attack chain threatening anyone running Microsoft Authenticator, Outlook, or Teams on iPhone.

Handala Detection Pack v2: Sigma rules for Intune bulk wipe prevention — ThreatHunter.ai published Detection Pack v2 with five new Sigma rules and KQL queries for Microsoft Sentinel covering: MuddyWater pre-positioning IOCs, PIM Authentication Context gap detection, three-layer bulk wipe prevention for Intune, stale session detection, and Rclone exfiltration detection.

Copilot as attack vector — Excel flaw enables zero-click data exfiltration — CVE-2026-26144 in Excel can be exploited to make Microsoft Copilot exfiltrate sensitive data without any user interaction.

The Stryker Attack: CISA demands Intune hardening after 200,000 devices wiped — CISA urges all organizations to harden Microsoft Intune after Iran-linked Handala wiped 200,000 devices at medtech giant Stryker.

Excel vulnerability weaponizes Copilot for data theft — CVE-2026-26144 — A critical Excel vulnerability combines XSS with prompt injection to turn Copilot Agent into a data exfiltration tool. Zero-click — no user interaction required.

Teams calls from fake IT support — how one call compromises an entire company — Microsoft DART reveals how attackers use Teams voice calls and Quick Assist to deploy backdoors. Here is how to protect your organization.

Critical SharePoint Zero-Day Under Active Exploitation — Patch Before Friday — CISA added CVE-2026-20963 to its Known Exploited Vulnerabilities catalog with a 3-day patch deadline. If you run SharePoint on-prem, act now.

Why Your Organization Should Invest in FIDO2 and Passkeys in Entra ID — Passwords are the weakest link in enterprise security. FIDO2 security keys and passkeys in Microsoft Entra ID offer a phishing-resistant alternative that eliminates credential theft entirely.

Microsoft 365 Tenant Consolidation After Mergers & Acquisitions — When two companies merge, their IT environments collide. Duplicate tenants, overlapping identities, and inconsistent security policies create cost, risk, and friction. Here is a structured approach to M365 tenant consolidation.

AI in 2025-2026: The Acceleration Is Real — And So Are the Security Risks — The last six months have seen an unprecedented acceleration in AI capabilities. From reasoning models to autonomous agents, the technology is advancing faster than most organizations can adapt.

Maximize the Security You Already Paid For: Microsoft 365 Business Premium — Most organizations running Microsoft 365 Business Premium are only using a fraction of the security features included in their license. Here is how to unlock the full value.

Services

Microsoft 365 Security Review — Know exactly where your Microsoft 365 security stands — and what to fix first.

Security & Compliance — Protect your organization with comprehensive security assessments, compliance frameworks, and threat protection strategies for Microsoft environments.

IT Consulting — Transform your IT landscape with strategic consulting services. We help organizations optimize technology investments, improve operational efficiency, and drive innovation.

NIS2 Compliance — Help your organization meet NIS2 supply chain security requirements using the Microsoft 365 tools you already have.

Microsoft 365 Consulting — Transform your workplace with expert Microsoft 365 implementation, optimization, and support. We help organizations leverage the full power of the Microsoft cloud ecosystem.

Digital Workplace — Empower your workforce with a modern digital workplace that enables seamless collaboration, productivity, and innovation from anywhere.

Cloud Services — Expert Azure and Microsoft 365 migration, hybrid infrastructure design, and cloud cost optimization. We help Swedish enterprises modernize with confidence.

Data & Analytics — Turn your data into a strategic asset. We help organizations build Power BI dashboards, govern data quality, automate reporting, and prepare for AI-driven analytics.

Training & Development — Empower your team with expert-led training programs. From Microsoft 365 end-user training to security awareness and admin certification, we build the skills your organization needs.

Digital Transformation — Modernize your operations with strategic digital transformation. We help organizations automate processes, manage change, and build future-ready infrastructure.

Haggeburger — Independent Advisory for Microsoft Cloud, Security & AI

Name: Haggeburger
Address: SE
Price range: $$

Trusted advisory. Architecture first. Independent guidance for Microsoft cloud, identity security, and AI.

Our Expertise

Identity & Access — Conditional Access, FIDO2, Entra ID governance
Endpoint Security — Intune, Defender for Endpoint, compliance baselines
Cloud Architecture — Microsoft 365, Azure, hybrid infrastructure
AI Readiness — Copilot deployment, data governance, security assessment
Cost Optimization — License audits, infrastructure right-sizing
Security Assessment — Posture review, gap analysis, remediation planning

Our Team

Nicklas Eriksson — Founder & Cloud Solution Architect. Senior consultant with 15+ years of experience in IT, specializing in hybrid infrastructure and Microsoft platforms. Works closely with architecture and business stakeholders to turn technical guidelines into sustainable, working solutions. Focused on automation, structure, and security.
Helena Berg — Operations & Client Relations. Ensuring smooth day-to-day operations and strong client relationships. Supporting the team with administration, logistics and business coordination.
Stina Berg Eriksson — Documentation & Quality Assurance. Supporting advisory engagements with a focus on structure, documentation and quality assurance. Helping ensure every deliverable meets our standards.
Sixten Berg Eriksson — Infrastructure & Lab. Contributing to cloud and infrastructure projects with fresh perspectives. Focused on hands-on testing, lab environments and enterprise security foundations.
Elna Berg Eriksson — Creative & Communications. Bringing curiosity and attention to detail to every project. Supporting communications, content creation and client-facing materials.

Latest Insights

Storm-1175 hits in 24 hours — how to protect your hybrid M365 stack from Medusa — Microsoft Threat Intelligence reports that Storm-1175 deploys Medusa ransomware within a single day of initial access. Here is what we check first at HaggeBurger.
RedSun and UnDefend now weaponized — two Defender zero-days still unpatched — BlueHammer is patched, but RedSun and UnDefend are now actively exploited with no fix yet. Here is how to protect Defender-based Windows endpoints.
Critical SharePoint flaw CVE-2026-32201 — patch before the weekend — CISA added CVE-2026-32201 to KEV and the flaw is being exploited against SharePoint Server. Here is how to check whether your environment is exposed.
Critical Windows IKE RCE CVE-2026-33824 — verify the April patch this week — An unauthenticated RCE with CVSS 9.8 in the Windows IKE Service Extensions can hit every domain-joined Windows host. Here is how to confirm the April patch actually deployed.
Device code phishing hits record levels — hundreds of M365 accounts compromised daily — Microsoft reports 10-15 campaigns per day. How to block the attack in Conditional Access.
Critical SharePoint Zero-Day Actively Exploited — Patch Now — CVE-2026-32201 is actively exploited against SharePoint Server. Here is how to protect your environment.
Ransomware hit two Swedish municipalities — is your business ready? — Two Swedish municipalities forced back to paper and pen. How to avoid the same fate.
SharePoint vulnerability CVE-2026-32201 — patch now, attackers are active — Microsoft released an emergency fix for SharePoint Server on April 14. CISA added it to the KEV catalog the same day. If you run SharePoint on-prem you need to act this week.
April 2026 Patch Tuesday — do not sleepwalk into the June 26 Secure Boot deadline — Microsoft shipped today's Patch Tuesday with 80-100+ CVEs. The bigger story is the June 26 Secure Boot certificate expiry — you have two Patch Tuesdays left.
BlueHammer — unpatched Windows zero-day grants SYSTEM via Defender updates — A published zero-day in Windows Defender signature updates gives attackers SYSTEM privileges. No patch exists. Here is how to protect your endpoints.
AI-powered phishing hits M365 — hundreds of orgs compromised daily — Storm-2755 uses AI to craft phishing emails that trick M365 users into giving up their tokens. Here is how to protect yourself.
Russian hackers steal M365 logins via your router — what to do now — APT28 compromised 18,000 routers to steal Microsoft 365 tokens. Here is how to check if your customers are affected.
EvilTokens hijacks M365 accounts — how to block it — New phishing-as-a-service kit bypasses MFA entirely through Microsoft 365 device code flow. Here is how to block it.
EvilTokens — new phishing attack bypasses MFA entirely via device code flow — New PhaaS platform steals M365 tokens by tricking users into authenticating on Microsofts own login page.
Kerberos RC4 hardening goes live in April — check your service accounts — April Windows updates enforce AES-only Kerberos for service accounts. Legacy RC4 dependencies will break.
Region Värmland hacked for four months — how to protect your M365 environment — Attackers had access to Region Värmland M365 email accounts for four months. CERT-SE warns of increasing BEC attacks against Swedish organizations.
Critical Chrome/Edge Zero-Day CVE-2026-5281 — Update Now — An actively exploited vulnerability in Chrome and Edge requires immediate patching. CISA added CVE-2026-5281 to its KEV catalog.
Kerberos RC4 enforcement April 2026 — what to do before patching — Microsoft April update enforces AES-only Kerberos. Service accounts still using RC4 will break. Here is how to prepare.
MFA does not protect against device code phishing — here is what does — Over 340 M365 organizations compromised via device code phishing. MFA is useless. Here is how to block it.
Device code phishing bypasses MFA — 340+ M365 organizations compromised — The EvilTokens platform steals M365 tokens that survive password resets. Here is how to block the attack in Conditional Access.
Excel vulnerability weaponizes Copilot — patch now — CVE-2026-26144 allows an attacker to use Copilot Agent in Excel to exfiltrate data without any user interaction.
Device code phishing hits 340 M365 orgs — block the flow now — Russian threat actors exploit Microsoft device code authentication to hijack M365 accounts. Conditional Access can stop it.
Outlook vulnerability runs malicious code without opening the email — CVE-2026-26113 and CVE-2026-26110 allow code execution just by viewing an email in the Preview Pane.
The Perfect Home Office: Monitor, Keyboard, and Headset — The right accessories make the difference between a home office that works and one that frustrates. Here is what you need.
Tablets in Business: From Warehouse to Boardroom — How to use tablets as productivity tools in your business — not just entertainment devices.
Managing Company Phones with Intune: iPhone and Android — How to secure, configure, and manage all company phones centrally — whether iPhone or Android.
Why Intune and Autopilot Transform IT Management for SMBs — Stop configuring laptops manually. With Intune and Autopilot, you set up a new device in 15 minutes instead of 3 hours.
How to Choose the Right Laptop for Microsoft 365 Business Premium — A guide for IT managers at Swedish SMBs who want to select the right hardware for Microsoft 365, Intune, and Defender.
5 Things to Consider When Buying IT Hardware for Your Business — Avoid costly mistakes when upgrading your company IT. Here are the five most important questions to ask before you buy.
New Phishing Attack Bypasses MFA via Device Code — Block It Now — Active campaign steals M365 tokens via OAuth device code flow. 340+ organizations compromised. Here is how to block the attack.
Hackers Wiped 200K Devices via Intune — Protect Your Environment Now — Iran-linked Handala used Microsoft Intune to wipe 200,000+ devices at Stryker. Here is how to protect your organization.
Region Varmland hacked for four months — how to protect your business — A Swedish government region suffered a phishing attack that gave attackers access to email accounts for four months undetected. Here is how to avoid the same fate.
Critical Office RCE vulnerabilities — the Preview Pane is the attack surface — Two critical RCE vulnerabilities in Microsoft Office let attackers execute code just by previewing a document in Outlook. Patch now.
Tycoon2FA is back — MFA bypass against M365 works again — The Tycoon2FA phishing platform is back after Europol's takedown. AiTM attacks bypass standard MFA and steal M365 tokens.
Entra ID deadline March 31 — apps without service principal will break — Microsoft Entra ID stops supporting app auth without a service principal on March 31. Check your app registrations now.
AI-powered phishing campaign hits 340+ organizations — M365 tokens stolen — Active device code phishing campaign exploits Railway.com and AI-generated lures to steal M365 tokens. Password resets won't help.
Excel vulnerability lets Copilot silently leak your data — CVE-2026-26144 enables attackers to weaponize Copilot Agent for zero-click data exfiltration from Excel. Patch now.
Swedish Security Service warns — constant cyberattacks on Swedish organizations — Säkerhetspolisen annual report confirms: cyberattacks against Swedish organizations are constant. What SMBs should do now.
The DarkSword attack — your iPhones could give hackers access to company data — CISA warns of actively exploited iOS attack chain threatening anyone running Microsoft Authenticator, Outlook, or Teams on iPhone.
Handala Detection Pack v2: Sigma rules for Intune bulk wipe prevention — ThreatHunter.ai published Detection Pack v2 with five new Sigma rules and KQL queries for Microsoft Sentinel covering: MuddyWater pre-positioning IOCs, PIM Authentication Context gap detection, three-layer bulk wipe prevention for Intune, stale session detection, and Rclone exfiltration detection.
Copilot as attack vector — Excel flaw enables zero-click data exfiltration — CVE-2026-26144 in Excel can be exploited to make Microsoft Copilot exfiltrate sensitive data without any user interaction.
The Stryker Attack: CISA demands Intune hardening after 200,000 devices wiped — CISA urges all organizations to harden Microsoft Intune after Iran-linked Handala wiped 200,000 devices at medtech giant Stryker.
Excel vulnerability weaponizes Copilot for data theft — CVE-2026-26144 — A critical Excel vulnerability combines XSS with prompt injection to turn Copilot Agent into a data exfiltration tool. Zero-click — no user interaction required.
Teams calls from fake IT support — how one call compromises an entire company — Microsoft DART reveals how attackers use Teams voice calls and Quick Assist to deploy backdoors. Here is how to protect your organization.
Critical SharePoint Zero-Day Under Active Exploitation — Patch Before Friday — CISA added CVE-2026-20963 to its Known Exploited Vulnerabilities catalog with a 3-day patch deadline. If you run SharePoint on-prem, act now.
Why Your Organization Should Invest in FIDO2 and Passkeys in Entra ID — Passwords are the weakest link in enterprise security. FIDO2 security keys and passkeys in Microsoft Entra ID offer a phishing-resistant alternative that eliminates credential theft entirely.
Microsoft 365 Tenant Consolidation After Mergers & Acquisitions — When two companies merge, their IT environments collide. Duplicate tenants, overlapping identities, and inconsistent security policies create cost, risk, and friction. Here is a structured approach to M365 tenant consolidation.
AI in 2025-2026: The Acceleration Is Real — And So Are the Security Risks — The last six months have seen an unprecedented acceleration in AI capabilities. From reasoning models to autonomous agents, the technology is advancing faster than most organizations can adapt.
Maximize the Security You Already Paid For: Microsoft 365 Business Premium — Most organizations running Microsoft 365 Business Premium are only using a fraction of the security features included in their license. Here is how to unlock the full value.

Services

Microsoft 365 Security Review — Know exactly where your Microsoft 365 security stands — and what to fix first.
Security & Compliance — Protect your organization with comprehensive security assessments, compliance frameworks, and threat protection strategies for Microsoft environments.
IT Consulting — Transform your IT landscape with strategic consulting services. We help organizations optimize technology investments, improve operational efficiency, and drive innovation.
NIS2 Compliance — Help your organization meet NIS2 supply chain security requirements using the Microsoft 365 tools you already have.
Microsoft 365 Consulting — Transform your workplace with expert Microsoft 365 implementation, optimization, and support. We help organizations leverage the full power of the Microsoft cloud ecosystem.
Digital Workplace — Empower your workforce with a modern digital workplace that enables seamless collaboration, productivity, and innovation from anywhere.
Cloud Services — Expert Azure and Microsoft 365 migration, hybrid infrastructure design, and cloud cost optimization. We help Swedish enterprises modernize with confidence.
Data & Analytics — Turn your data into a strategic asset. We help organizations build Power BI dashboards, govern data quality, automate reporting, and prepare for AI-driven analytics.
Training & Development — Empower your team with expert-led training programs. From Microsoft 365 end-user training to security awareness and admin certification, we build the skills your organization needs.
Digital Transformation — Modernize your operations with strategic digital transformation. We help organizations automate processes, manage change, and build future-ready infrastructure.