Insights
Field notes, write-ups and sharp opinion from the Malwise team. Practical security writing for people who actually have to act on it.
Microsoft is retiring text-message sign-in codes. Is your business actually ready for passkeys?
Some time after 1 September, people in your business are going to see a new prompt when they sign in to Microsoft 365: register a passkey. Here is the readiness …
Cyber Essentials explained: what it is, what it covers, and how to prepare
Cyber Essentials is the most requested security certification in the UK, and the most misunderstood. Businesses put it off for months believing it demands a …
Half-time 2026: what six months of UK cyber security news actually means for your business
Six months into 2026 and the shape of the year is clear. Incidents are up, the law is changing, the government is spending, and attackers have quietly switched …
Your IT provider is about to be regulated: the Cyber Security and Resilience Bill explained for UK businesses
On 10 June 2026, the Cyber Security and Resilience Bill completed its final stages in the House of Commons. A week later it moved to the House of Lords. Royal …
612,000 reasons to take Cyber Essentials seriously: what the 2025/26 breaches survey is really telling directors
The UK Government’s Cyber Security Breaches Survey for 2025/26 came out on 30 April. It is the same survey, run the same way, for the eleventh year …
How to harden Microsoft 365 in 2026: what's changed and what actually matters
Most Microsoft 365 security guides cover the same list. Multi-factor authentication for all users. Block legacy authentication. Configure anti-phishing …
YellowKey: the BitLocker bypass that needs nothing but a USB stick
On 12 May 2026, a researcher operating under the handle Nightmare-Eclipse published a working proof of concept that bypasses BitLocker on Windows 11, Windows …
Conditional Access in Microsoft 365: why it matters and how to get it right
Every Microsoft 365 tenant we audit has at least one Conditional Access policy that is either doing nothing, actively blocking the wrong users, or creating a …
Why businesses fail Cyber Essentials: the five most common mistakes in 2026
Cyber Essentials looks like a checklist. The questions seem straightforward. Yet as a licensed Certification Body reviewing assessments every week, we see the …
What's actually wrong with UK cyber security (and why we started Malwise)
There’s a version of cyber security that looks impressive and doesn’t work. You’ve probably seen it: the dashboard with seventeen threat …