Category: Blog

If device wipes have been your reason for not consolidating your Apple fleet onto a single MDM platform, that reason just disappeared.  With macOS 26 Tahoe and iOS/iPadOS 26, Apple introduced MDM migration without a wipe — no factory resets, no data loss, no physical device handling required. The migration is orchestrated through Apple Business Manager, and users receive […]

Only 16% of organizations required to comply with NIS2 consider themselves fully compliant — a figure that has not moved in six months, according to CyberSmart’s April 2026 NIS2 Survey of 670 business leaders across Europe. For Danish IT teams, a parallel deadline sharpens the pressure. Under the 2026 municipal budget agreement between the Danish government and KL, […]

Only 16% of organizations required to comply with NIS2 consider themselves fully compliant — a figure that has not moved in six months, according to CyberSmart’s April 2026 NIS2 Survey of 670 business leaders across Europe.  For Danish IT teams, a parallel deadline sharpens the pressure. Under the 2026 municipal budget agreement between the Danish government and KL, […]

The question is no longer whether NIS2 applies. It is whether you can prove compliance today — to an auditor, to your board, and to a regulator with fining authority.   NIS2 is in its enforcement phase. As of May 2026, 21 of the EU’s 27 member states have transposed the directive into national law. Regulators are active. […]

A trusted employee. A refused laptop. 100 million dollars in intellectual property at risk.    Not every security incident starts with an encrypted server or a ransom demand. Some begin with a termination letter. A disputed laptop. A salesperson who had access to R&D data he should never have been able to open. At CapaSystems User […]

Don’t open attachments from unknown senders’ used to be enough. CVE-2026-40361 makes that advice obsolete.  May 2026 Patch Tuesday included four critical Microsoft Word RCEs. Two of them — CVE-2026-40361 and CVE-2026-40364 — carry Microsoft’s ‘Exploitation More Likely’ rating. Krebs on Security and Microsoft’s advisory both confirm that the Outlook Reading Pane is an attack vector. The same Word rendering code that runs when you open […]

Patch Tuesday closed the vulnerability. Confirming it reached every endpoint is the harder problem. CVE-2026-41096 is a CVSS 9.8 heap overflow in the Windows DNS Client. No authentication. No user interaction. Every Windows endpoint in your estate is in scope until the May 2026 Patch Tuesday update lands — and Microsoft rates exploitation as ‘less […]

A critical Blink integer overflow allows attackers to trigger heap corruption simply by loading a web page. Here is how to verify your entire fleet is patched in 60 seconds — without building a spreadsheet On May 6, 2026, Google and Microsoft jointly disclosed CVE-2026-7896 — a critical integer overflow in Blink, the rendering engine […]

Qilin leads Q1 2026 ransomware activity with 361 recorded victims. The attack model has shifted from encryption to identity theft and data exfiltration at 96%. Here is what that means for European IT teams — and the endpoint posture that addresses it The numbers from Q1 2026 are consistent across every major threat intelligence source. […]

The State of Endpoint Management Report 2026 shows that only 6% of organizations have closed their endpoint patch compliance gap entirely. Here is what separates them from the 94% — and how CapaOne gets you there According to the Action1 State of Endpoint Management Report 2026, only 6% of organizations have achieved full patch automation. […]