From the Goblins to the Hearing
Two weeks at once. OpenAI hardcoded a system-prompt override to stop ChatGPT 5.1 from talking about goblins. DENIC broke the .de TLD with bad DNSSEC …
Recent Work
Mines and Mythos
Trump ordered the Navy to shoot Iranian boats mining Hormuz. Voice phishing surged against IT helpdesks. The Vercel breach widened. India’s …
The Verse He Chose
King Charles III invoked Joel 3:10, the mobilisation verse, in his joint address to Congress on April 28. The verse he chose, not the verse he …
Hospitals and Hormuz
Patch Tuesday dropped 167 CVEs and two live zero-days. Dutch hospitals are still offline after ChipSoft. Iran shut Hormuz again when the US refused to …
Blockades and Breaches
A Fortinet zero-day giving attackers full endpoint control. Trump’s naval blockade of Iran. An Easter ceasefire in Ukraine that didn’t …
MuddyWater Follow-Up: April 2026
A lot changed in four weeks. MuddyWater rebuilt their toolkit in Rust, started using AI to write malware, compromised US banks and airports, and …
What We Do
Investigations
In-depth research into fraud, disclosure violations, and consumer harm. Evidence-based, publicly documented, filed with relevant authorities.
View investigationsSecurity Digest
Weekly threat intelligence and breach analysis. OSINT-driven, focused on Nordic region. Actionable insights for defenders.
Read the digestSignals
Short-form observations on emerging threats, regulatory developments, and industry patterns. Quick reads, timely intel.
View signals