On this page
On this page
- 0. TL;DR
- 1. Active Threats, Trending Actors, Notable Incidents & Disclosures
- 2. Trending Vulnerabilities
- 3. Research & Investigative Reporting
- 4. Updates to Prior Coverage
- 5. Deep Dive — Argo CD repo-server unauthenticated RCE (no CVE, unpatched 18 months)
- 6. Action Items
- 7. Verification Notes
Tags (17)
Regions (4)
References (28)
- CVE-2026-45659 ×2
- CVE-2026-8037 ×2
- CVE-2026-14439
- CVE-2026-48276
- CVE-2026-48277
- CVE-2026-48281
- CVE-2026-48282
- CVE-2026-48283
- CVE-2026-48316
- CVE-2026-48286
- MedusaLocker leak-site listing of Canton Zürich Baudirektion (bd.zh.ch) — unconfirmed
- DHS HSIN information-sharing network breach (SharePoint collaboration system)
- Adobe ColdFusion/Campaign Classic — seven CVSS 10.0 RCE flaws (APSB26-68/69)
- ARToken — EvilTokens-lineage BEC-as-a-service panel targeting Microsoft 365
- SEO-poisoned fake-installer sites trojanize ScreenConnect to deploy AsyncRAT
- OpenClaw community AI-agent 'skills' as an emerging supply-chain surface
- Argo CD repo-server unauthenticated RCE (no CVE, unpatched) — Synacktiv
- BleepingComputer
- CISA Known Exploited Vulnerabilities Catalog
- CyberScoop
- GitHub Advisory Database
- Help Net Security
- Kaspersky Securelist (GReAT)
- Microsoft Threat Intelligence
- Ransomware.live
- Synacktiv Publications
- Cisco Talos
- eSentire (Threat Response Unit / TRU)
0. TL;DR
- CISA flags a SharePoint RCE Microsoft downplayed. CISA added CVE-2026-45659 (SharePoint Server deserialization-of-untrusted-data RCE, CVSS 8.8, Site-Member-authenticated) to its Known Exploited Vulnerabilities catalog on 1 July — the first public confirmation of active exploitation for a bug Microsoft's own advisory still rates "Exploitation Less Likely" and quietly patched on 21 May (Microsoft MSRC). On-prem SharePoint operators who deferred the May fix should treat it as live.
- Seven max-severity Adobe flaws land in one week. Adobe's 30 June bulletins fix six CVSS 10.0 unauthenticated RCE paths in ColdFusion 2025/2023 (file-upload, input-validation and path-traversal classes) plus a CVSS 10.0 authorization-bypass code-execution flaw in Campaign Classic — all Priority 1, no exploitation reported yet (Adobe PSIRT). ColdFusion's exploitation history makes this a same-week patch for internet-facing instances.
- Kemp LoadMaster exploitation now confirmed. eSentire reports in-the-wild exploitation attempts against the pre-auth command-injection CVE-2026-8037 began 29 June — the same day a public PoC dropped — though observed attempts failed (eSentire TRU). See § 4.
- A full BEC-as-a-service panel for Microsoft 365 surfaces. Cisco Talos documented "ARToken," an EvilTokens-lineage phishing-as-a-service platform whose 80+ API endpoints automate device-code phishing, Primary Refresh Token persistence that survives password resets, and mailbox/SharePoint exfiltration against M365 tenants (Cisco Talos).
- A Swiss cantonal government department appears on a ransomware leak site. MedusaLocker's site listed the Baudirektion of the Canton of Zürich (bd.zh.ch) on 1 July, claiming 772 extracted emails — unconfirmed by the Canton and uncorroborated by any press or NCSC.ch advisory as of this run (Ransomware.live). Treat as a watch item, not a confirmed breach.
1. Active Threats, Trending Actors, Notable Incidents & Disclosures
MedusaLocker leak site lists the Canton of Zürich's Baudirektion — unconfirmed claim [SINGLE-SOURCE]
The MedusaLocker ransomware group added a listing on 2026-07-01 for a victim named "Bd" with the domain bd.zh.ch, the domain used by the Baudirektion (Building/Construction Directorate) of the Canton of Zürich, a Swiss cantonal-government department. The group's own claim text records "772 emails extracted; Domain: bd.zh.ch," with no ransom figure or data sample published (Ransomware.live, 2026-07-01). This is a dark-web leak-site claim only — it is not confirmed by the Canton of Zürich or by any independent reporting. Targeted searches for a cantonal statement, an NCSC.ch (BACS) advisory, or Swiss press coverage returned nothing in this window. The same MedusaLocker posting wave on 1 July (~22:28–22:33 UTC) also listed other European entities in immediate succession, including a French municipality — consistent with a batch-style listing rather than a single targeted disclosure. No initial-access vector or exploited product is available from the listing.
Why it matters to us: direct relevance to a Swiss cantonal-government reader base. Treat as an early, unconfirmed situational-awareness signal — verify against an official cantonal or NCSC.ch statement before acting, and, if you operate *.zh.ch infrastructure, quietly confirm whether the Baudirektion or shared cantonal services were affected. No defender action beyond monitoring is warranted on an unverified leak-site claim.
DHS confirms a breach of the Homeland Security Information Network (HSIN)
DHS confirmed a cyber incident affecting the Homeland Security Information Network — a platform federal, state, local, international and private-sector partners use to exchange sensitive-but-unclassified information and coordinate incident response. Nextgov/FCW first reported (citing two people familiar) that an unknown actor accessed HSIN servers and a SharePoint collaboration system, with the intrusion believed to have occurred between late May and early June 2026 (Nextgov/FCW, 2026-06-30). DHS told BleepingComputer it "immediately took action to isolate the affected systems, mitigate the vulnerability, and launch a comprehensive forensic investigation," stated there is "no indication that classified networks were impacted," and that the system remains operational (BleepingComputer, 2026-07-01). No initial-access vector, CVE or attribution has been disclosed; whether documents were exfiltrated remains undetermined. HSIN previously suffered a 2023 access-misconfiguration incident that exposed US-person PII.
Why it matters to us: no vulnerable component was named, so there is no patch action — but both this event and HSIN's 2023 incident trace to information-sharing / collaboration-platform trust boundaries (SharePoint, cross-org portals) rather than perimeter exploitation. Public-sector SOCs should review who holds standing access to their own cross-agency information-sharing portals and whether access reviews and anomalous-download alerting cover them.
2. Trending Vulnerabilities
CVE-2026-45659 — Microsoft SharePoint Server: authenticated deserialization RCE, now KEV-listed
CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog on 2026-07-01 (CISA KEV feed, 2026-07-01) — the operationally significant signal here, because it is the first public confirmation that this deserialization path is under active exploitation. The flaw (CWE-502, deserialization of untrusted data, CVSS 8.8) lets an attacker holding a minimum of Site Member permissions execute code on the SharePoint Server backend with no further user interaction (Microsoft MSRC). It affects SharePoint Server Subscription Edition, 2019 and Enterprise Server 2016, and Microsoft shipped the fix on 2026-05-21 (Microsoft MSRC) — the CVE having initially been omitted from the May 2026 Security Updates before publication, per Help Net Security's coverage (Help Net Security, 2026-05-26). Notably, Microsoft's own advisory still rates the CVE "Exploitation Less Likely" — a contradiction defenders should resolve in favour of the exploitation evidence. On-prem operators who deferred the May update because of that low rating should apply it now; hunt SharePoint/IIS logs for anomalous POST bodies to the SharePoint object-model / API endpoints from low-privileged Site-Member sessions followed by unexpected w3wp.exe child-process spawns (T1190, with T1505.003-style web-shell follow-on typical of prior SharePoint deserialization waves).
Changes since first coverage(1 prior appearance)
- 2026-05-282026-05-28First mention. § 7 drop — did not clear § 2 inclusion gates (post-auth, no exploitation, no KEV/EUVD-critical, CVSS 8.8 < 9.0). Apply May 2026 CU regardless given SharePoint deserialization history.
CVE-2026-48276, -48277, -48281, -48282, -48283, -48316 — Adobe ColdFusion: six CVSS 10.0 unauthenticated RCE paths
Adobe's 2026-06-30 bulletin APSB26-68 fixes six maximum-severity (CVSS 10.0) remote-code-execution flaws in ColdFusion 2025 (≤ Update 9) and 2023 (≤ Update 20): two CWE-434 unrestricted-file-upload paths (CVE-2026-48276, CVE-2026-48283), three CWE-20 improper-input-validation paths (CVE-2026-48277, CVE-2026-48281, CVE-2026-48316) and one CWE-22 path-traversal path (CVE-2026-48282). All are network-exploitable with no authentication and no user interaction (AV:N/AC:L), and every fix is rated Adobe Priority 1 ("high risk of being targeted"); Adobe states it is "not aware of any exploits in the wild for any of the issues addressed in these updates" (Adobe PSIRT APSB26-68, 2026-06-30). A parallel same-day bulletin, APSB26-69, fixes a CVSS 10.0 CWE-863 incorrect-authorization code-execution flaw (CVE-2026-48286) in on-prem Campaign Classic 7.4.3 build 9396 and earlier, resolved in build 9397; Adobe-hosted instances were remediated server-side (Adobe PSIRT APSB26-69, 2026-06-30). ColdFusion's history of rapid weaponisation of unauth file-upload / path-traversal primitives makes this a same-week patch priority for any internet-facing instance even absent confirmed exploitation. Fixed in ColdFusion 2025 Update 10 and 2023 Update 21; given the unauthenticated file-upload class, review upload directories (cf_scripts, CFIDE, admin upload paths) for newly written .jsp/.cfm/.cfc files outside deployment windows (Adobe PSIRT APSB26-68, 2026-06-30).
CVE-2026-14439 — Altium Enterprise Server / Altium 365: authenticated path-traversal to RCE [SINGLE-SOURCE]
A CWE-22 path-traversal flaw (CVSS 9.4) in the Git Service component shared by Altium Enterprise Server and the Altium 365 SaaS platform (electronics CAD / PCB-design collaboration) lets an authenticated user with only basic git access chain a sequence of post-clone file-manipulation operations that accept user-supplied paths without validation, moving arbitrary files outside the intended repository. Because moved files can land in locations later executed by the Git Service, the primitive escalates to remote code execution under the Git Service account; on multi-tenant Altium 365 the flaw could expose data belonging to other tenants sharing the same node (GitHub Security Advisory GHSA-m97g-7h77-r5pr, 2026-07-02). Altium Enterprise Server is fixed in 8.1.1; Altium 365's shared multi-tenant deployments were remediated at the service level, with remaining deployments in progress. No exploitation reported. The low privilege bar plus cross-tenant SaaS exposure make this notable for CH/EU manufacturing and defence-industrial-base engineering firms; multi-tenant customers should confirm with Altium that their specific node received the service-level fix rather than assuming blanket coverage.
3. Research & Investigative Reporting
Cisco Talos: "ARToken" exposes a full BEC-as-a-service toolkit on top of Microsoft 365 device-code phishing
Cisco Talos identified a fully-featured phishing-as-a-service operator panel, "ARToken," that shares API contracts and infrastructure patterns with EvilTokens, the device-code phishing platform Sekoia and Microsoft documented in early 2026 (Cisco Talos, 2026-07-01). Its dashboard exposes 80+ API endpoints spanning device-code phishing, Primary Refresh Token (PRT) persistence, mailbox access, BEC operations and SharePoint/OneDrive exfiltration — a complete post-compromise environment, not just a credential kit. The OAuth 2.0 Device Authorization Grant (RFC 8628) flow drives PRT acquisition via a /prt/setup → /prt/refresh → /prt/renew → /prt/reacquire → /prt/cookie chain that survives password resets, and the panel adds cross-mailbox keyword monitoring, programmatic inbox-rule creation for evidence suppression, and operator-to-operator shared access — capabilities CyberScoop notes go beyond what has been publicly documented for EvilTokens (CyberScoop, 2026-07-01). Talos maps the activity to T1566.002, T1528, T1098.001, T1114.002 and T1550.001. Detection/hardening: hunt Entra ID sign-in logs for device-code grants with anomalous clientMode "broker" semantics and WAM broker-issued PRT refresh/renew outside expected device-registration windows; alert on new Entra device registrations shortly after a device-code auth from an unfamiliar IP/UA; flag programmatically-created inbox rules combining forwarding with auto-delete. Restrict the OAuth device-code flow via Conditional Access and enforce token-protection (sign-in frequency + PRT binding), especially for finance/AP-adjacent roles.
Kaspersky MDR: SEO-poisoned fake-installer sites trojanize ScreenConnect to deploy AsyncRAT
Kaspersky's MDR team pivoted from a single flagged incident (suspicious PowerShell/VBS spawned by a ScreenConnect process) into a "massive, multi-domain, multi-language" campaign running since at least August 2025, using 90+ spoofed sites in ten languages — including German and French — impersonating free software such as OBS Studio, DNS Jumper and Bandicam (Kaspersky Securelist, 2026-07-01). Each malicious installer bundles a legitimate Microsoft-signed install.exe alongside a rogue install.res.1033.dll sideloaded via classic DLL search-order abuse; ScreenConnect deploys as an "Access-type" service, then a PowerShell script adds Defender path exclusions for all local drives and C:\Users\Public, disables the UAC consent prompt, and a chained VBScript reconstructs a .NET payload (XOR key 0xA7) that reflectively loads and process-hollows (T1055.012) into a suspended RegAsm.exe acting as the AsyncRAT container, with a two-minute scheduled-task re-trigger for persistence (The Hacker News, 2026-07-01). Detection/hardening: flag ScreenConnect service creation with an explicit relay parameter where the deploying process is a freshly-downloaded installer; alert on Defender exclusions covering full drive roots or C:\Users\Public added via PowerShell rather than GPO/MDM; treat long-lived RegAsm.exe with active network connections as a process-hollowing tell; block DLL sideloading via WDAC/AppLocker on signed binaries' unsigned companion DLLs.
Kaspersky: community AI-agent "skills" are an emerging supply-chain surface — OpenClaw marketplace still distributing malicious skills [SINGLE-SOURCE]
Kaspersky published fresh detection telemetry (through mid-June 2026) on OpenClaw, an AI-agent framework whose agents load "skills" — plaintext SKILL.md natural-language instruction files, some with embedded code — from a community marketplace ("ClawHub"), typically running with file-system access and the tokens/keys of the systems each skill touches (Kaspersky Securelist, 2026-07-01). Because building a malicious skill needs no custom-malware development, Kaspersky frames skill distribution as a supply-chain-attack analogue with an even lower bar than package-repository attacks: prior to 7 February 2026 no skills underwent any security check, and an April scan of the hub found 24 accounts distributing 600+ malicious skills, with OSINT indicating 1,100+ malicious accounts created since January. Although the marketplace has since added pre-publication scanning, Kaspersky's June detection statistics show malicious-skill activity continuing on customer endpoints. Defender takeaway: treat SKILL.md ingestion as an untrusted-code-execution surface — log and alert on file-system access and outbound network calls from AI-agent processes to non-allow-listed hosts, watch for plaintext credential/token files co-located with agent skill directories, require pre-execution scanning plus least-privilege sandboxing before any community skill runs against production credentials, and set an explicit enterprise AI-usage policy barring unreviewed third-party skill installation. Single-source (Kaspersky); no independent corroboration located this run.
4. Updates to Prior Coverage
UPDATE: Kemp LoadMaster CVE-2026-8037 — exploitation attempts confirmed the day the PoC dropped
UPDATE (originally covered 2026-06-30): eSentire's Threat Response Unit reports that in-the-wild exploitation attempts against CVE-2026-8037 — the Progress Kemp LoadMaster pre-auth OS command-injection flaw reachable through the
/accessv2API endpoint (CVSS 9.6–9.8) — began 2026-06-29, the same day a public proof-of-concept was released, confirming the compressed PoC-to-exploitation timeline (eSentire TRU, 2026-06-30).The observed attempts were unsuccessful, with no post-compromise activity, but eSentire assesses that public PoC availability plus detailed technical write-ups will drive continued and likely more successful attacks near-term (The Hacker News, 2026-07-01). Affected versions remain LoadMaster 7.2.63.1 and earlier (GA) and 7.2.54.17 and earlier (LTSF); Progress shipped patched firmware in early June 2026. Patch remains the primary mitigation; disabling the LoadMaster API where not required removes the
/accessv2attack surface entirely. Hunt/accessv2traffic for malformed/oversized parameters and repeated probing from related sources in a short window (T1190 → T1059).
Changes since first coverage(1 prior appearance)
- 2026-06-302026-06-30First coverage. Uninitialized-malloc heap corruption in escape_quotes()//accessv2; watchTowr full mechanics; no ITW; fixed 7.2.63.2.
5. Deep Dive — Argo CD repo-server unauthenticated RCE (no CVE, unpatched 18 months)
Synacktiv published a technical write-up of an unauthenticated remote-code-execution path in Argo CD — the dominant open-source GitOps continuous-delivery controller across EU/CH enterprise and public-sector Kubernetes estates — that it reported to the maintainers in January 2025 and that remains unpatched, with no CVE assigned, as of publication (Synacktiv, 2026-07-01). The research is notable both for the finding and for the disclosure state: Synacktiv writes that "despite our ongoing efforts to establish communication and coordinate a fix, including numerous follow-ups via GitHub and email, the vulnerability remains unpatched," and the report has no CVE assigned (The Hacker News, 2026-07-01).
Vulnerable component and mechanics. The flaw sits in Argo CD's repo-server component, specifically the internal gRPC service method repository.RepoServerService/GenerateManifest, which accepts a user-controlled KustomizeOptions.BuildOptions field with no authentication check. An actor able to reach the repo-server's gRPC port can inject an --enable-helm --helm-command <path> flag into the kustomize build invocation (kustomize.go), causing repo-server to execute an arbitrary attacker-supplied binary — sourced from an attacker-controlled Git repository — in place of the legitimate helm binary. The primitive is a classic argument-injection-to-arbitrary-execution: user input flows into a command-construction path that trusts the helm-command override.
Why the port is reachable. The repo-server gRPC port is nominally internal, but Argo CD's Helm chart ships its Kubernetes NetworkPolicies disabled by default — the manifests exist (manifests/base/repo-server/argocd-repo-server-network-policy.yaml) but require networkPolicy.create=true to take effect. In a flat/default cluster network, that leaves the port reachable from any pod. A single compromised or malicious workload elsewhere in the cluster is therefore a viable launch point — this is not solely an internet-exposure problem.
Exploitation chain.
- Initial access / execution — reach the repo-server gRPC port and invoke
GenerateManifestwith a poisonedKustomizeOptions.BuildOptions, injecting--helm-commandto run an attacker binary (T1190,T1059). - Credential access — from code execution on repo-server, read the Redis password from the pod's environment variables (
T1552.001). - Impact / lateral movement — connect to Argo CD's Redis cache (unauthenticated by default) and poison cached deployment manifests, so the next GitOps sync deploys an attacker-supplied workload cluster-wide — a full path from network-reachable-but-unauthenticated to cluster compromise.
Detection concepts (no IOCs, no rule code). Monitor repo-server pod logs for GenerateManifest gRPC calls carrying unexpected KustomizeOptions / helm-command build-option strings. Watch repo-server process trees for unexpected child binaries — anything other than the expected helm/kustomize executables — via container-runtime process-exec auditing. Alert on Redis connections to the Argo CD cache from sources other than the application-controller / server / repo-server components.
Hardening / mitigation. With no vendor patch available, the controlling mitigation is network isolation: enforce the repo-server and Redis NetworkPolicies shipped in the Argo CD manifests (deny-by-default ingress to the repo-server and redis pods, allowing only the application-controller, server and repo-server components). Helm-chart users must explicitly set networkPolicy.create=true, since the chart ships it disabled. Authenticate the Argo CD Redis instance. Until the maintainers ship a fix, treat any workload that can reach the repo-server gRPC port as effectively cluster-admin-adjacent and scope network access accordingly.
6. Action Items
- Apply the May SharePoint update now if you deferred it — CVE-2026-45659 is now KEV-listed as actively exploited despite Microsoft's "Exploitation Less Likely" rating; the fix has shipped since 21 May. Hunt SharePoint/IIS logs for anomalous POST bodies to object-model/API endpoints from Site-Member sessions followed by unexpected
w3wp.exechild processes. See § 2. - Patch internet-facing ColdFusion this week — six CVSS 10.0 unauthenticated RCE paths (APSB26-68); update to ColdFusion 2025 Update 10 / 2023 Update 21 and review
cf_scripts/CFIDE/admin upload paths for newly written.jsp/.cfm/.cfcfiles. On-prem Campaign Classic: update to build 9397 (CVE-2026-48286). See § 2. - Patch Kemp LoadMaster or disable its API — exploitation attempts against CVE-2026-8037 began the day the PoC dropped; apply the early-June firmware and, where the
/accessv2API is not required, disable it to remove the attack surface entirely. See § 4. - Enforce Argo CD repo-server and Redis NetworkPolicies — with no vendor patch for the unauthenticated repo-server RCE, set
networkPolicy.create=true(the Helm chart ships it disabled), restrict repo-server gRPC ingress to the application-controller/server/repo-server components, and authenticate the Argo CD Redis instance. Treat any pod that can reach the repo-server gRPC port as cluster-admin-adjacent. See § 5. - Hunt Microsoft 365 device-code / PRT abuse — alert on OAuth device-code grants with anomalous broker
clientMode, WAM broker-issued PRT refresh/renew outside device-registration windows, and programmatically-created inbox rules combining forwarding with auto-delete; restrict the device-code flow via Conditional Access and enforce token-protection for finance/AP roles. See § 3. - Block RMM/DLL-sideloading abuse from user downloads — flag ScreenConnect service creation where the deploying process is a freshly-downloaded installer, alert on Defender exclusions covering full drive roots or
C:\Users\Publicadded via PowerShell, and treat long-livedRegAsm.exewith network connections as a process-hollowing tell. See § 3. - If you operate
*.zh.chinfrastructure, quietly confirm Baudirektion / shared-cantonal-services status against the MedusaLocker leak-site claim — monitor for an official cantonal or NCSC.ch statement; no further action on an unverified claim. See § 1.
7. Verification Notes
- Single-source items: OpenClaw AI-agent skills (§ 3) — Kaspersky Securelist is the sole publisher;
[SINGLE-SOURCE](research lab, not a national-CERT carve-out). CVE-2026-14439 Altium (§ 2) — the GitHub Security Advisory is the sole cited primary (also present as ENISA EUVD-2026-41210, not fetched this run); treated as effectively single-source but from a HIGH-reliability advisory database. MedusaLocker / Canton Zürich (§ 1) — Ransomware.live only, a leak-site tracker;[SINGLE-SOURCE], LOW confidence, framed as an unconfirmed claim. - National-CERT carve-out: the CVE-2026-45659 in-window signal (§§ 0, 2) rests on the CISA KEV catalog addition dated 2026-07-01, verified directly against CISA's KEV JSON feed this run (catalog v2026.07.01). No independent press had reported the KEV addition at research time; accepted as a valid single-source national-authority disclosure (CISA acting as the disclosing party for a catalog it owns). The underlying CVE facts — CVSS 8.8, CWE-502, the Site-Member auth requirement and the 21 May 2026 patch — are sourced to Microsoft's MSRC advisory; Help Net Security independently corroborates the CVE and notes it was initially omitted from the May Security Updates before publication.
- Contradiction (noted, not resolved): Microsoft's advisory rates CVE-2026-45659 "Exploitation Less Likely" and "Exploited: No," while CISA's KEV addition asserts active exploitation. The brief sides with the exploitation evidence (KEV listing) and flags the vendor's contrary rating so readers can weigh it.
- Actor-claim vs. confirmed fact: MedusaLocker's "772 emails extracted from bd.zh.ch" (§ 1) is an unverified leak-site self-report; the brief attributes the claim, not any confirmed exfiltration. No Canton of Zürich statement or NCSC.ch advisory was found this run.
- Exploitation qualifiers: Kemp LoadMaster CVE-2026-8037 (§ 4) — eSentire observed exploitation attempts from 2026-06-29 that were unsuccessful with no post-compromise activity. Adobe ColdFusion/Campaign (§ 2) and Argo CD (§ 5) have no reported in-the-wild exploitation; Argo CD additionally has no CVE and no vendor patch (mitigation is network isolation only).
- Items dropped: Kubota North America HR-data breach (confirmed victim disclosure, but no CH/EU nexus, no root cause, no initial-access vector, no TTP — below the operational-signal bar for this audience); Recorded Future Insikt TAG-182 / MarkiRAT Iran-nexus surveillance wave (single-source, targeting Farsi-speaking diaspora/civil society — low relevance to a Swiss/EU public-sector SOC, no defender-actionable takeaway); S1-dropped as stale/routine: Chrome stable-channel CVEs (no ITW flag), Splunk CVE-2026-20253 (disclosed/exploited mid-June, out of window), a GreyNoise TVT-DVR scanning surge (dated April 2025); S2-dropped: the NCSC-NL ColdFusion advisory NCSC-2026-0217 (generic vendor-patch shape — folded into the § 2 Adobe item instead), the Kanton Zug cybersecurity-competence-centre budget debate (governance/funding story, no incident or ATT&CK-mappable content — better suited to a weekly policy note).
- Verification loop (2 iterations, model rotation): iteration 1 (Opus) flagged three citation defects (a misattributed Argo CD GHSA that was actually a different patched CVE — removed; a Help Net Security over-attribution on the SharePoint patch date/CVSS — re-attributed to MSRC; an unverifiable NCSC-NL advisory redirect shell — removed) and one CWE mislabel. Iteration 2 (Sonnet) verified those remediations correct but caught that iteration 1's CWE "correction" for CVE-2026-48282 was itself wrong: Adobe's own APSB26-68 vulnerability table (fetched by the verifier) assigns it CWE-22 path-traversal (the split is 2× CWE-434, 3× CWE-20, 1× CWE-22), matching the original S1 research. The brief now reflects CWE-22; published on early-exit after applying this fix (truth=1, no broken-URL/hallucination finding) to avoid a verifier flip-flop on a point now settled by the fetched primary table.
- Sub-agent returns: all four research sub-agents (S1–S4) returned within the window; S2 surfaced zero qualifying items (all curated CH/EU/gov sources returned stale or already-covered content). No stalled sub-agents this run.
- Source-list health (acted on this run): S2 reported 19 S2-slice sources carry
rss_url: nullinsources/sources.json(cert-at, cert-pl, cnil-fr, edpb, google-tag, govcert-at, intrinsec, jpcert, kudelski-security, le-monde-info, ncc-research, ncsc-ie, oneconsult-ch, safeonweb-be, scip-ch, sekoia, synacktiv, us-treasury-ofac, ccb-belgium), forcing feed-URL guessing that mostly 404'd/DNS-failed, and three feeds (infoguard-ch/infoguard-labs, ncc-research, withsecure-labs) return malformed XML the bridge's stdlib parser rejects. Logged for a follow-up bridge/sources.jsonpass (lenient RSS pre-parse + rss_url backfill); not fixed this run to keep the change scoped. - Coverage gaps: cisa-advisories (news/alerts pages HTTP 403 anti-bot on every attempt — KEV JSON feed remained reachable); cisa-news (same 403); cert-eu (no advisory newer than 2026-06-10); anssi-fr (nothing newer than 2026-06-22); bsi-de (only routine [UPDATE] batch re-publications in window); infoguard-ch, infoguard-labs, ncc-research, withsecure-labs (feeds return malformed XML — parse error); synacktiv, scip-ch, cert-at, ncsc-ie, safeonweb-be, ccb-belgium, google-tag, jpcert (no rss_url configured — guessed feed URLs 404'd/DNS-failed); mandiant-gtig (feedburner IncompleteRead, not retried); dragos, claroty-team82, nozomi-networks, akamai-sirt, push-security, morphisec (no working feed / no in-window item); sec-disclosures-edgar (no 8-K Item 1.05 filings in window); ico-uk (no enforcement action newer than 2026-06-23); cnil-fr (only guidance/consultation items, no breach notifications); troyhunt, databreaches-net (no fresh in-window incident items — databreaches
/feed/returns 200 but per-article drilldown 403s); cert-pl, kudelski-security, oneconsult-ch, sekoia, edpb, le-monde-info, intrinsec, us-treasury-ofac, govcert-at — not fetched this run (time allocation), no rss_url for several.