Articles
Things that surface in our security assessments, plus shifts in threat landscape, frameworks and tooling. No sponsored SEO copy, just things we find interesting.
The EU Cyber Resilience Act entered into force in 2024 but most provisions don't apply until 11 December 2027. Before that, on 11 September 2026, vulnerability reporting kicks in: 24 hours for a first report to ENISA. Here's the timeline, who is in scope, what needs to be proven, and the steps to take now so 2027 doesn't become a fire drill.
ReadNIS2 doesn't mention "pentest" verbatim, but art. 21 points e and f make penetration testing de facto best practice. We go through exactly which NIS2 articles map to pentest, what MSB (the Swedish supervisor) expects to see in documentation, and how to structure your pentest program for audit-ready evidence.
ReadThe NIS2 directive came into force in Sweden on 1 January 2025 via the Cybersecurity Act. 27,000 Swedish organizations are now covered, many without knowing it. This guide gives you a structured checklist to determine if you're covered and what it means concretely.
ReadPrice guide for pentest in Sweden 2026, automated scanning, web app test, network test, red team. We share concrete price ranges from the Swedish market, what drives prices up, and where you can save money without compromising on quality.
ReadA pentest (penetration test) is a controlled simulation of a cyber attack against your own systems. We cover what it is, how it differs from vulnerability scanning, what types exist, and when you need each variant.
Read"Allow inbound from Cloudflare IPs only" is a weaker rule than it looks — it trusts every CF customer, not just your zone. Here's what attackers can actually do with it, and what Cloudflare Tunnel fixes that this rule doesn't.
ReadNCSC released new guidelines today for protecting operational technology. We summarize the most important measures and how they connect to practical security work.
Read