May 26, 2026 - Swedish eTrade platform signs an agreement for vulnerability scanning. May 21, 2026 - Swedish software producer signs agreement for continuous pentesting. May 20, 2026 - Swedish CRM producer signs an agreement for continuous penetration testing. May 16, 2026 - eBuilder signs an agreement for SOC/MDR with a TechHub. May 11, 2026 - eBuilder signs an agreement for SOC/MDR and automated pentests with a company in the publishing business. May 8, 2026 - eBuilder signs a pentest agreement with a leading petrochemical producer. April 8, 2026 - eBuilder signs an agreement for MDR/SOC with a hotel business. March 13, 2026 - eBuilder signs an agreement for SOC-operations with a Swedish municipality. May 26, 2026 - Swedish eTrade platform signs an agreement for vulnerability scanning. May 21, 2026 - Swedish software producer signs agreement for continuous pentesting. May 20, 2026 - Swedish CRM producer signs an agreement for continuous penetration testing. May 16, 2026 - eBuilder signs an agreement for SOC/MDR with a TechHub. May 11, 2026 - eBuilder signs an agreement for SOC/MDR and automated pentests with a company in the publishing business. May 8, 2026 - eBuilder signs a pentest agreement with a leading petrochemical producer. April 8, 2026 - eBuilder signs an agreement for MDR/SOC with a hotel business. March 13, 2026 - eBuilder signs an agreement for SOC-operations with a Swedish municipality.

News & threat intelligence

Threats & Attacks

The latest Threats & Attacks coverage, tracked and summarised by the analysts who run our SOC.

Updated daily · last update June 15, 2026

Threats & Attacks

Attackers Are Using Microsoft Teams Itself to Run Phishing Campaigns

Attackers have moved their phishing operations into Microsoft Teams, contacting employees directly through the platform by operating from Microsoft 365 tenants they control, making their…

June 15, 2026 Read more · 4 min

Credential Attack on Biblio Locks 100,000 Swedish Library Borrowers Out of E-Books

Threats & Attacks

Credential Attack on Biblio Locks 100,000 Swedish Library Borrowers Out of E-Books

A credential attack against Biblio, the e-book platform used by public libraries across Sweden, blocked loan access for over 100,000 borrowers after

June 9, 2026 Read more · 3 min

Threats & Attacks

Dutch Police Dismantle 17 Million Device Botnet Tied to ASOCKS Proxy Service

Dutch authorities have dismantled a botnet that had recruited 17 million devices into criminal infrastructure without their owners' knowledge. The operation targeted ASOCKS, a residential…

June 1, 2026 Read more · 4 min

Threats & Attacks

Russian Intelligence Is Targeting Swedish Defense Industry to Beat Sanctions

Russia's intelligence services are running a coordinated campaign to acquire Western technology through fake companies, cyberattacks, and recruited intermediaries, and Sweden's defence industry is explicitly…

June 1, 2026 Read more · 5 min

Fake Claude Code and Gemini Installers Drop a Fileless Infostealer

Threats & Attacks

Fake Claude Code and Gemini Installers Drop a Fileless Infostealer

Developers searching Google for Anthropic's Claude Code or Google's Gemini CLI are being routed to convincing fake installation pages that hand them

May 28, 2026 Read more · 4 min

Threats & Attacks

Daemon Tools Hackers Used Valid Certificates to Hide Backdoor for Month

Chinese-speaking attackers compromised Daemon Tools software installers and went undetected for nearly a month. The supply chain attack began on April 8, 2026, with trojanized…

May 7, 2026 Read more · 4 min

Salt Typhoon Hits IBM Italy Subsidiary in Silent Two-Week Espionage Campaign

Threats & Attacks

Salt Typhoon Hits IBM Italy Subsidiary in Silent Two-Week Espionage Campaign

Sistemi Informativi, an IBM Italy subsidiary managing IT infrastructure for Italian public agencies and major private companies, was breached by the Chinese-linked

May 5, 2026 Read more · 3 min

Bluekit Phishing Kit Turns Session Hijacking into a Point-and-Click Operation

Threats & Attacks

Bluekit Phishing Kit Turns Session Hijacking into a Point-and-Click Operation

A new phishing kit called Bluekit has turned session hijacking into a point-and-click operation. Discovered by Varonis Threat Labs, the platform combines

May 4, 2026 Read more · 4 min

NCSC Handles 200 State Cyber Attacks as Britain Faces Four Weekly Incidents

Threats & Attacks

NCSC Handles 200 State Cyber Attacks as Britain Faces Four Weekly Incidents

Britain handled 204 nationally significant cyberattacks in 2025, more than double the 89 recorded the previous year, as hostile states replaced criminal

April 23, 2026 Read more · 4 min

Threats & Attacks

North Korean Hackers Hijacked Axios Package for 100 Million Users

North Korean state hackers compromised the Axios npm package on 31 March 2026, inserting a cross-platform remote access trojan into one of JavaScript's most widely…

April 22, 2026 Read more · 4 min

Cargo Thieves Exploit RMM Tools to Steal Freight Worth £5 Billion

Threats & Attacks

Cargo Thieves Exploit RMM Tools to Steal Freight Worth £5 Billion

Cybercriminals are compromising trucking and logistics companies to steal physical cargo shipments worth billions. A threat cluster identified by Proofpoint has been

April 20, 2026 Read more · 4 min

Russian Military Intelligence Hijacks Routers in Massive DNS Poisoning Campaign

Threats & Attacks

Russian Military Intelligence Hijacks Routers in Massive DNS Poisoning Campaign

Russia's military intelligence service has been inside home and office routers across Europe and beyond for two years, stealing login credentials from

April 8, 2026 Read more · 4 min

Threats & Attacks

Railway PaaS Weaponized in Mass Microsoft 365 Device Code Phishing Campaign

A device code phishing campaign using Railway's Platform-as-a-Service infrastructure has compromised Microsoft 365 accounts at hundreds of organizations across five countries. Huntress

March 24, 2026 Read more · 4 min

Kratos Phishing Kit Targets Outpost24 Executive in Seven-Stage Attack

Threats & Attacks

Kratos Phishing Kit Targets Outpost24 Executive in Seven-Stage Attack

A C-suite executive at Swedish cybersecurity firm Outpost24 was targeted in a sophisticated phishing attack that leveraged trusted brands including Cisco and

March 20, 2026 Read more · 4 min

Threats & Attacks

Iran’s Cyber Proxies Launch Multi-Vector Retaliation Against Western Networks

Iran's cyber offensive capability has shifted into high gear following joint US-Israeli military strikes in late February 2026. Multiple Iranian state-linked groups and hacktivist proxies…

March 10, 2026 Read more · 5 min

Threats & Attacks

SmartLoader Gang Builds Fake GitHub Ecosystem to Spread StealC via Trojanised Oura MCP

A known cybercriminal operation has spent months building an elaborate fake GitHub ecosystem to poison the AI development supply chain. The SmartLoader gang, first identified…

February 17, 2026 Read more · 4 min

Behind the feed

The Same Analysts Who Track These Stories Run Our SOC

This isn't a content mill. The threats we summarise here are the ones our Sweden-based analysts watch for across client environments, around the clock. When something breaks, our customers hear it from us first.

See how MDR works

3 min Average time to contain a confirmed threat

3 days To full 24/7 MDR coverage from contract

40+ Swedish organisations actively protected

24/7 SOC coverage, 365 days a year, in Sweden

Keep going

Go deeper

Articles

Cyber intelligence from our analysts

Longer-form briefings and explainers, from incident breakdowns to practical NIS2 and Zero-Trust guidance.

Cyber Security 101

Security fundamentals, explained simply

Plain-language explainers on the core concepts, threats and frameworks behind modern security, for specialists and decision-makers alike.

Start with the basics