Editorial — Volume 04 / Issue 21
Midnight.Logic
The signal from the dark
Threat IntelMalware & AttacksCompliance & LawEnterprise DefenseCyber CultureResearch
// front pageUpdated 02:14 CET · Live
ANALYSIS
Threat Intel · Campaign report

Operation Quiet Harbor: a year inside a shipping-sector intrusion set

A patient, low-noise cluster has spent twelve months staging access across European port operators. We map the tooling, the dwell time, and the gaps that let them stay invisible.

Nora Vance·May 27, 2026·9 min
// also worth reading
ADVISORY
Compliance & Law

NIS2 incident templates have landed. Here is what actually changes for your SOC.

Léa Marchetti · May 26, 2026
ANALYSIS
Enterprise Defense

Legacy OT is the last unpatched continent. Hospitals, ships, and factories are on it.

Matteo Greco · May 24, 2026
ANALYSIS
Compliance & Law

Under the AI Act, trust is the product. Security teams should own it.

Iris Halland · May 22, 2026
// threat-intel

Threat Intel

Adversary tracking, campaign analysis, and indicators worth your attention.

ANALYSIS
Threat Intel

Operation Quiet Harbor: a year inside a shipping-sector intrusion set

Nora Vance · May 27, 2026
Threat Intel

Phishing still wins because we keep solving the wrong problem

Anouk Pieters · May 9, 2026
// compliance-law

Compliance & Law

NIS2, DORA, GDPR — what regulators actually expect this quarter.

ADVISORY
Compliance & Law

NIS2 incident templates have landed. Here is what actually changes for your SOC.

Léa Marchetti · May 26, 2026
ANALYSIS
Compliance & Law

Under the AI Act, trust is the product. Security teams should own it.

Iris Halland · May 22, 2026
// most read · 7d

Read most this week

  1. 01
    Compliance & Law

    NIS2 incident templates have landed. Here is what actually changes for your SOC.

    Léa Marchetti · 7 min
  2. 02
    Enterprise Defense

    Legacy OT is the last unpatched continent. Hospitals, ships, and factories are on it.

    Matteo Greco · 11 min
  3. 03
    Compliance & Law

    Under the AI Act, trust is the product. Security teams should own it.

    Iris Halland · 6 min
  4. 04
    Malware & Attacks

    The ransomware affiliate economy is consolidating. That is worse, not better.

    Dario Kovač · 8 min
  5. 05
    Enterprise Defense

    Your identity provider is your blast radius. Treat it that way.

    Priya Anand · 7 min
The Brief — issue #048

One email. Three stories.
No vendor noise.

Tuesday mornings, 06:30 CET. The week's most important security reporting, picked and contextualised by our editors. 11,400 practitioners read it.

No tracking pixels. Unsubscribe ships with every issue.

// enterprise-defense

Enterprise Defense

Architecture, identity, detection engineering, and zero-trust in practice.

ANALYSIS
Enterprise Defense · Operational technology

Legacy OT is the last unpatched continent. Hospitals, ships, and factories are on it.

The systems holding modern infrastructure together were never meant to be online. They are anyway, and the people defending them are improvising.

Matteo Greco · May 24, 2026 · 11 min
00
Enterprise Defense

Your identity provider is your blast radius. Treat it that way.

Priya Anand · May 19, 2026
00
Enterprise Defense

Detection engineering is finally a discipline. It needs to act like one.

Sora Yamamoto · May 11, 2026
// long form

Whitepapers & reports

Field report · 48p

Detection coverage in the average European SOC, measured

We instrumented twelve SOCs against the same simulated intrusion chain. The coverage gaps cluster in three predictable places.

Midnight Logic ResearchDownload →
Reference · 36p

The NIS2 incident-response runbook, for teams that actually run one

A working template for the 24-hour early warning, with sample escalations and named ownership.

L. Marchetti & editorsDownload →
Investigation · 62p

Quiet Harbor: the full technical write-up

Indicators, host artefacts, network telemetry, and the timeline reconstructed from nine victim environments.

N. VanceDownload →
// research

Research

Original investigations, vulnerability disclosure, and primary sources.

Research

What coordinated disclosure looks like from the vendor side, honestly

Hannah Brandt · May 17, 2026
Research

SBOMs are everywhere. They are still not telling you what you think.

Tobias Lenz · May 13, 2026
Upcoming · Brussels

Midnight Logic, in person.

Three editorial salons across Europe this autumn. No vendor stage time, no sponsored panels.

  • 11 Sep · Brussels
    NIS2 in practice: a working session
    32 / 60 seats
  • 02 Oct · Milan
    Detection engineering, off the record
    18 / 40 seats
  • 20 Nov · Tallinn
    The OT problem nobody owns
    Waitlist open
// cyber-culture

Cyber Culture

People, careers, ethics, and the stories that shape the industry.

Cyber Culture

The junior analyst pipeline is broken. We are about to feel it.

Ezra Ofori · May 15, 2026
Cyber Culture

Running a purple team without the theatre

Marek Šimon · May 7, 2026