Swedish municipalities hit by ransomware — is your business ready?
Dorotea and Vilhelmina municipalities were hit by ransomware on April 9. Here is what happened and what to check in your M365 environment.
Articles on Microsoft cloud security, identity architecture and AI readiness.
Dorotea and Vilhelmina municipalities were hit by ransomware on April 9. Here is what happened and what to check in your M365 environment.
A published zero-day in Windows Defender signature updates gives attackers SYSTEM privileges. No patch exists. Here is how to protect your endpoints.
Storm-2755 uses AI to craft phishing emails that trick M365 users into giving up their tokens. Here is how to protect yourself.
APT28 compromised 18,000 routers to steal Microsoft 365 tokens. Here is how to check if your customers are affected.
New phishing-as-a-service kit bypasses MFA entirely through Microsoft 365 device code flow. Here is how to block it.
April Windows updates enforce AES-only Kerberos for service accounts. Legacy RC4 dependencies will break.
New PhaaS platform steals M365 tokens by tricking users into authenticating on Microsofts own login page.
Attackers had access to Region Värmland M365 email accounts for four months. CERT-SE warns of increasing BEC attacks against Swedish organizations.
An actively exploited vulnerability in Chrome and Edge requires immediate patching. CISA added CVE-2026-5281 to its KEV catalog.
Microsoft April update enforces AES-only Kerberos. Service accounts still using RC4 will break. Here is how to prepare.
Over 340 M365 organizations compromised via device code phishing. MFA is useless. Here is how to block it.
The EvilTokens platform steals M365 tokens that survive password resets. Here is how to block the attack in Conditional Access.
CVE-2026-26144 allows an attacker to use Copilot Agent in Excel to exfiltrate data without any user interaction.
Russian threat actors exploit Microsoft device code authentication to hijack M365 accounts. Conditional Access can stop it.
CVE-2026-26113 and CVE-2026-26110 allow code execution just by viewing an email in the Preview Pane.
How to use tablets as productivity tools in your business — not just entertainment devices.
How to secure, configure, and manage all company phones centrally — whether iPhone or Android.
The right accessories make the difference between a home office that works and one that frustrates. Here is what you need.
A guide for IT managers at Swedish SMBs who want to select the right hardware for Microsoft 365, Intune, and Defender.
Avoid costly mistakes when upgrading your company IT. Here are the five most important questions to ask before you buy.
Stop configuring laptops manually. With Intune and Autopilot, you set up a new device in 15 minutes instead of 3 hours.
Iran-linked Handala used Microsoft Intune to wipe 200,000+ devices at Stryker. Here is how to protect your organization.
Active campaign steals M365 tokens via OAuth device code flow. 340+ organizations compromised. Here is how to block the attack.
Two critical RCE vulnerabilities in Microsoft Office let attackers execute code just by previewing a document in Outlook. Patch now.
A Swedish government region suffered a phishing attack that gave attackers access to email accounts for four months undetected. Here is how to avoid the same fate.
Microsoft Entra ID stops supporting app auth without a service principal on March 31. Check your app registrations now.
The Tycoon2FA phishing platform is back after Europol's takedown. AiTM attacks bypass standard MFA and steal M365 tokens.
CVE-2026-26144 enables attackers to weaponize Copilot Agent for zero-click data exfiltration from Excel. Patch now.
Active device code phishing campaign exploits Railway.com and AI-generated lures to steal M365 tokens. Password resets won't help.
CISA warns of actively exploited iOS attack chain threatening anyone running Microsoft Authenticator, Outlook, or Teams on iPhone.
Säkerhetspolisen annual report confirms: cyberattacks against Swedish organizations are constant. What SMBs should do now.
ThreatHunter.ai published Detection Pack v2 with five new Sigma rules and KQL queries for Microsoft Sentinel covering: MuddyWater pre-positioning IOCs, PIM Authentication Context gap detection, three-layer bulk wipe prevention for Intune, stale session detection, and Rclone exfiltration detection.
CVE-2026-26144 in Excel can be exploited to make Microsoft Copilot exfiltrate sensitive data without any user interaction.
CISA urges all organizations to harden Microsoft Intune after Iran-linked Handala wiped 200,000 devices at medtech giant Stryker.
A critical Excel vulnerability combines XSS with prompt injection to turn Copilot Agent into a data exfiltration tool. Zero-click — no user interaction required.
Microsoft DART reveals how attackers use Teams voice calls and Quick Assist to deploy backdoors. Here is how to protect your organization.
CISA added CVE-2026-20963 to its Known Exploited Vulnerabilities catalog with a 3-day patch deadline. If you run SharePoint on-prem, act now.
Passwords are the weakest link in enterprise security. FIDO2 security keys and passkeys in Microsoft Entra ID offer a phishing-resistant alternative that eliminates credential theft entirely.
When two companies merge, their IT environments collide. Duplicate tenants, overlapping identities, and inconsistent security policies create cost, risk, and friction. Here is a structured approach to M365 tenant consolidation.
The last six months have seen an unprecedented acceleration in AI capabilities. From reasoning models to autonomous agents, the technology is advancing faster than most organizations can adapt.
Most organizations running Microsoft 365 Business Premium are only using a fraction of the security features included in their license. Here is how to unlock the full value.