# CTI Weekly Summary — 2026-W19 (May 04 – May 10, 2026) > **AI-generated content — no human review.** This weekly summary was produced autonomously by an LLM (Claude Opus 4.7, model ID `claude-opus-4-7`) with parallel research and verification by sub-agents (Claude Sonnet 4.6) executing the prompt at `prompts/weekly-summary.md` as a Claude Code routine on Anthropic-managed cloud infrastructure. **Nothing here is reviewed or edited by a human before publication.** All facts are linked inline to public sources or to the underlying daily briefs in this repository. Verify any operationally critical claim against the linked primary source before acting. **Generated by:** Claude Opus 4.7 (`claude-opus-4-7`) · **Sub-agents:** W1: Claude Sonnet 4.6 · W2: Claude Sonnet 4.6 · verify: Claude Opus 4.7, Claude Sonnet 4.6 · **Audience:** SOC management, IR, Threat Hunting · **Classification:** TLP:CLEAR · **Language:** English · **Prompt:** v2.48 ## 0. Week at a glance - **CVE-2026-0300 PAN-OS Captive Portal — KEV deadline 2026-05-09 expired with no patch available; CL-STA-1132 (China-nexus, Unit 42) active since 2026-04-09 against a vulnerability disclosed 2026-05-06.** Patch window 2026-05-13 → 2026-05-28; the rogue-admin name pattern `svc-health-check-NNNNNN` and Python-based tunnelling implants under `/var/tmp/linuxupdate` and adjacent `/var/tmp/linuxap` / `/tmp/.c` paths are the surviving post-compromise hunting indicators. ([Palo Alto PSIRT](https://security.paloaltonetworks.com/CVE-2026-0300) · [CERT-EU Critical Advisory 2026-006](https://cert.europa.eu/publications/security-advisories/2026-006/) · [daily 2026-05-07](briefs/2026-05-07.md) · [daily 2026-05-09 UPDATE](briefs/2026-05-09.md)) - **CVE-2026-6973 / CVE-2026-5787 Ivanti EPMM — KEV deadline 2026-05-10 expired today; ~850 internet-exposed instances globally with 508 in Europe (60%).** Ivanti has disclosed only "a very limited number of customers" exploited via the May chain without naming victims; SecurityWeek reports a Chinese-actor assessment based on historical EPMM exploitation patterns. EU public-record victims previously associated with Ivanti EPMM compromise — **European Commission, Dutch DPA (AP), and Netherlands Council for the Judiciary (Rvdr)** — were named by Help Net Security against the **January 2026 CVE-2026-1281 / CVE-2026-1340 wave**, not the May 2026 wave; whether the May 2026 wave caught additional victims (the daily 2026-05-09 also referenced Finnish Valtori per a separate NCSC-FI advisory that is not in the Help Net Security article) is not yet consolidated in publicly available primaries. The May 2026 EPMM patch closes companions CVE-2026-5786 / 5788 / 7821 and supersedes the January 2026 RPM workaround for CVE-2026-1281 / 1340. ([Ivanti PSIRT](https://www.ivanti.com/blog/may-2026-epmm-security-update) · [Help Net Security — European Commission Ivanti EPMM vulnerabilities, 2026-02-09](https://www.helpnetsecurity.com/2026/02/09/european-commission-ivanti-epmm-vulnerabilities/) · [daily 2026-05-08](briefs/2026-05-08.md)) - **Groupe 3R (Réseau Radiologique Romand) — Akira leak-site listing claims 48 GB; ~20 imaging centres across seven Swiss cantons (Vaud, Valais, Fribourg, Genève, Neuchâtel, Berne, and Zürich) — six in Romandie plus Zürich; second cyberattack on the same Swiss operator within twelve months.** Victim disclosed publicly 2026-04-30, notified BACS/OFCS, filed criminal complaint, will not pay ransom; legacy examination data still inaccessible. ([Groupe 3R victim statement](https://www.groupe3r.ch/fr/information-importante-perturbation-de-nos-services-7268/) · [ICTjournal.ch](https://www.ictjournal.ch/news/2026-05-06/le-reseau-radiologique-romand-a-nouveau-victime-dune-cyberattaque-ses-systemes) · [daily 2026-05-10](briefs/2026-05-10.md)) - **SEPPmail Secure Email Gateway — six-CVE cluster patched 15.0.4/15.0.4.1; primary CVE-2026-44128 (CVSS 9.3) is an unauthenticated RCE via `/gina/diag/exec` test endpoints left enabled in production GINAv2 builds.** SEPPmail handles S/MIME for Swiss federal bodies, cantonal administrations, and healthcare; the GINAv2 portal is designed to be internet-accessible to external recipients. ([NCSC-CH 12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details) · [SEPPmail v15.0 release notes](https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security) · [daily 2026-05-09](briefs/2026-05-09.md)) - **Two Linux kernel LPE chains — "Copy Fail" CVE-2026-31431 and "Dirty Frag" CVE-2026-43284 / CVE-2026-43500 — confirmed active in complementary post-compromise campaigns; rxrpc distro patches still pending at week-end.** Microsoft frames the two families as similar post-compromise techniques covering different Linux deployment configurations; both defeat on-disk file-integrity monitoring by writing into the page cache. ([Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/) · [Wiz Research](https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc) · [daily 2026-05-06](briefs/2026-05-06.md) · [daily 2026-05-09](briefs/2026-05-09.md)) - **CVE-2026-42208 LiteLLM Proxy pre-auth SQL injection (CVSS 9.3) — CISA KEV deadline 2026-05-11; in-the-wild exploitation began within approximately 36 hours of the GitHub Security Advisory per Bishop Fox.** Every upstream LLM-provider API key the proxy holds (OpenAI, Anthropic, Azure OpenAI, Cohere) must be rotated; patching alone does not remediate pre-patch credential exposure. The Braintrust AWS compromise (2026-05-06) is the same architectural class — multi-tenant SaaS aggregation of upstream-provider credentials. ([Bishop Fox](https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy) · [daily 2026-05-09](briefs/2026-05-09.md)) - **Canvas / Instructure — second intrusion claim against Instructure on 2026-05-08 despite the May 8 patches; seven Dutch universities (VU Amsterdam, UvA, Erasmus, Tilburg, TU/e, Maastricht, Twente) executed emergency Canvas disconnects on or before 2026-05-09; the extortion deadline is 2026-05-12 (Tuesday).** ([Techzine EU](https://www.techzine.eu/news/security/141149/dutch-university-disconnects-canvas-systems-after-instructure-hack/) · [DutchNews.nl](https://www.dutchnews.nl/2026/05/hackers-break-into-ed-tech-giant-again-after-massive-data-heist/) · [daily 2026-05-10](briefs/2026-05-10.md)) - **Polish water-sector OT intrusions — ABW 2025 Annual Report (published 2026-05-07) names five municipal facilities (Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, Sierakowo) and formally attributes the campaign to APT28 (GRU), APT29 (SVR), and UNC1151 (Belarus-affiliated, Ghostwriter information operations).** All five facilities fell below the NIS2 essential-entity threshold at intrusion time — the report explicitly highlights the coverage gap for small municipal operators. ([daily 2026-05-08 first coverage](briefs/2026-05-08.md) · [daily 2026-05-09 UPDATE with attribution + NIS2 framing](briefs/2026-05-09.md)) ## 1. Highest-impact events — what's on fire if no one acted The items below are the operational register a Swiss / EU public-sector SOC manager carries into Monday morning if no one acted on the dailies this week. Each H3 leads with the inaction-equals-incident framing per the inherited PD-13 — the *exploitation* drives the framing, not a US-FCEB KEV compliance date. ### CVE-2026-0300 — Palo Alto PAN-OS Captive Portal unauthenticated root RCE; CL-STA-1132 active since 2026-04-09; no patch until 2026-05-13 **If you did nothing this week:** any PA-Series or VM-Series firewall with the User-ID Authentication Portal enabled and internet-reachable has been within the attack window since 2026-04-09 — three weeks before public disclosure (2026-05-06) and four-and-a-half weeks before the first staged patch becomes available (2026-05-13). The daily 2026-05-09 UPDATE recorded an observed dwell time of approximately 20 days from initial compromise to second-device exploitation on at least one tracked victim; the relevant retrospective-log question is whether your firewall has been compromised since mid-April, not whether it might be compromised next week. CVE-2026-0300 (CVSS 9.3, CWE-121 stack-based buffer overflow) is an unauthenticated remote code execution in the PAN-OS User-ID Authentication Portal — a network-accessible service that a single crafted packet exploits to root on the firewall's management plane ([Palo Alto Networks Security Advisory, 2026-05-06](https://security.paloaltonetworks.com/CVE-2026-0300) · [Unit 42 primary research, 2026-05-06](https://unit42.paloaltonetworks.com/captive-portal-zero-day/)). CERT-EU issued a Critical Advisory (rare designation) on disclosure day ([CERT-EU 2026-006, 2026-05-06](https://cert.europa.eu/publications/security-advisories/2026-006/)); CERT-FR followed with CERTFR-2026-AVI-0537 ([CERT-FR, 2026-05-06](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0537/)). Unit 42 tracks the active exploitation cluster as **CL-STA-1132** and characterises it as likely state-sponsored activity. Unit 42's primary research records shellcode injection into `nginx` worker processes, EarthWorm / ReverseSocks5 tunnelling, and Python implants under `/var/tmp/linuxupdate` and `/tmp/.c`; the daily 2026-05-09 UPDATE additionally surfaces a rogue admin name pattern `svc-health-check-[6-digit-numeric]` (bypassing normal `admin-role` RBAC), running-configuration export including pre-shared keys, and OSPF-based internal AD enumeration — a profile consistent with [T1190 Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190/), [T1055 Process Injection](https://attack.mitre.org/techniques/T1055/), [T1003 OS Credential Dumping](https://attack.mitre.org/techniques/T1003/), and [T1572 Protocol Tunneling](https://attack.mitre.org/techniques/T1572/). Patch availability is staged 2026-05-13 → 2026-05-28 across PAN-OS branches 10.2.x / 11.1.x / 11.2.x / 12.1.x; Cloud NGFW and Prisma Access are not affected. Until patches land, the operational expectations are (1) disable the Authentication Portal entirely where it is not required, (2) restrict it to trusted internal IP ranges via security policy where it is, (3) PAN-OS 11.1+ users should confirm Threat ID 510019 is in blocking mode, and (4) review authentication-portal logs and admin-account listings from 2026-04-09 onward for retrospective compromise evidence ([daily 2026-05-07 deep dive](briefs/2026-05-07.md); [daily 2026-05-09 update](briefs/2026-05-09.md)). — *Source: [Palo Alto Networks Security Advisory](https://security.paloaltonetworks.com/CVE-2026-0300) · [Unit 42 — Captive Portal zero-day](https://unit42.paloaltonetworks.com/captive-portal-zero-day/) · [CERT-EU Critical Advisory 2026-006](https://cert.europa.eu/publications/security-advisories/2026-006/) · [Daily 2026-05-07](briefs/2026-05-07.md) · Tags: vulnerabilities, actively-exploited, cisa-kev, rce, pre-auth, nation-state, no-patch · Region: europe, global · CVE: CVE-2026-0300 · CVSS: 9.3 · Vector: zero-click · Auth: pre-auth · Status: exploited, cisa-kev, no-patch* ### CVE-2026-6973 + CVE-2026-5787 — Ivanti EPMM on-prem pre-auth chain to admin RCE; 508 EU instances internet-exposed; named EU victims include the European Commission **If you did nothing this week:** Shadowserver telemetry cited by BleepingComputer counts ~850 internet-exposed EPMM instances globally with **508 in Europe and 182 in North America** — i.e. European exposure is materially larger than the rest of the world combined ([BleepingComputer, 2026-05-07](https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks/)). Ivanti's disclosure cites "a very limited number of customers" exploited via the May 2026 chain without naming them. EU public-record victims **previously confirmed against Ivanti EPMM compromise** per Help Net Security's January-2026-wave reporting are: **European Commission** (DG DIGIT), **Dutch DPA / Autoriteit Persoonsgegevens**, and **Netherlands Council for the Judiciary / Raad voor de rechtspraak**. The daily 2026-05-09 separately referenced **Finnish Valtori** (Government ICT Centre) per an NCSC-FI advisory not consolidated in the Help Net Security source. Whether the May 2026 wave caught additional named victims is not yet publicly disclosed at week-end ([Help Net Security — European Commission Ivanti EPMM vulnerabilities, 2026-02-09](https://www.helpnetsecurity.com/2026/02/09/european-commission-ivanti-epmm-vulnerabilities/) · [CERT-FR CERTFR-2026-AVI-0552, 2026-05-07](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0552/) · [NCSC-CH 12548, 2026-05-08](https://security-hub.ncsc.admin.ch/api/posts/12548/details) · [daily 2026-05-09 UPDATE](briefs/2026-05-09.md)). The chain combines **CVE-2026-5787** (CVSS 9.1, CWE-295) — Ivanti EPMM accepts a crafted Sentry registration request from an unauthenticated network-reachable attacker and issues that attacker a valid CA-signed client certificate with Sentry trust — with **CVE-2026-6973** (CVSS 7.2, CWE-20) — a vulnerable admin REST API endpoint accepting attacker-controlled parameters that reach a server-side execution sink as the EPMM service account ([Ivanti PSIRT — May 2026 EPMM Security Update](https://www.ivanti.com/blog/may-2026-epmm-security-update) · [daily 2026-05-08 deep dive — full chain mechanics](briefs/2026-05-08.md)). The nominal "admin-required" label on CVE-2026-6973 is misleading: the Sentry-trust certificate issued by CVE-2026-5787 satisfies EPMM's administrative authentication gate, making the combined chain fully pre-authentication; the full CWE-295 → CWE-20 chain mechanics are documented in the 2026-05-08 daily deep dive ([daily 2026-05-08 deep dive — full chain mechanics](briefs/2026-05-08.md) · [SecurityWeek, 2026-05-08](https://www.securityweek.com/ivanti-patches-epmm-zero-day-exploited-in-targeted-attacks/)). The May 2026 EPMM update additionally addresses CVE-2026-5786 (CVSS 8.8, remote authenticated → administrative access), CVE-2026-5788 (CVSS 7.0, unauthenticated arbitrary method invocation), and CVE-2026-7821 (high-severity, vendor advisory only) — and supersedes the January 2026 RPM workaround for CVE-2026-1281 / CVE-2026-1340; operators that are still on the January workaround need to apply the proper patch now ([SecurityWeek, 2026-05-08](https://www.securityweek.com/ivanti-patches-epmm-zero-day-exploited-in-targeted-attacks/)). EPMM is one of the two dominant on-premises MDM platforms in EU public-sector and healthcare environments — both NIS2 Annex-I essential-entity categories — and a compromised EPMM server gives an attacker authorised silent push of policies, configurations, or wipe to every enrolled mobile device. ATT&CK coverage includes [T1190 Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190/), [T1078 Valid Accounts](https://attack.mitre.org/techniques/T1078/), [T1059 Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059/), [T1584.007 Compromise Infrastructure: Certificate Authorities](https://attack.mitre.org/techniques/T1584/007/), and [T1072 Remote Device Management](https://attack.mitre.org/techniques/T1072/). Fixed builds: **12.6.1.1**, **12.7.0.1**, **12.8.0.1**. If patching is not feasible within hours, remove TCP/443 on the EPMM admin interface from internet exposure, place it behind VPN with allowlisted management IPs, and review the EPMM admin console's Sentry-host registration list for unexpected entries — revoke any not on your inventory. — *Source: [Ivanti — May 2026 EPMM Security Update](https://www.ivanti.com/blog/may-2026-epmm-security-update) · [CERT-FR CERTFR-2026-AVI-0552](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0552/) · [NCSC-CH 12548](https://security-hub.ncsc.admin.ch/api/posts/12548/details) · [Daily 2026-05-08](briefs/2026-05-08.md) · Tags: vulnerabilities, actively-exploited, cisa-kev, rce, pre-auth, auth-bypass, china-nexus · Region: europe, global · CVE: CVE-2026-6973, CVE-2026-5787, CVE-2026-5786, CVE-2026-5788, CVE-2026-7821 · CVSS: 7.2 / 9.1 / 8.8 / 7.0 / n/a · Vector: zero-click · Auth: pre-auth · Status: exploited, cisa-kev, patch-available* ### CVE-2026-31431 "Copy Fail" + CVE-2026-43284 / CVE-2026-43500 "Dirty Frag" — Linux kernel LPE pair confirmed in complementary post-compromise campaigns **If you did nothing this week:** Microsoft Security Blog observed active campaigns deploying both Linux LPE families post-compromise; the daily 2026-05-09 UPDATE synthesised the operator-side selection logic as Copy Fail (`algif_aead` page-cache write) used on hosts where the module is available, Dirty Frag (xfrm-ESP and RxRPC page-cache writes) on hosts where user namespaces are enabled without `algif_aead`. Microsoft documents the same initial-access vector (SSH credential stuffing on exposed management ports) feeding both chains, and both defeat conventional on-disk file-integrity monitoring because the write lands in the kernel page cache rather than on disk ([Microsoft Security Blog, 2026-05-08](https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/) · [daily 2026-05-09 update](briefs/2026-05-09.md)). Copy Fail (CVE-2026-31431, CVSS 7.8) is deterministic — no kernel-version offsets, no timing windows. A public 732-byte Python exploit exists; Go and Rust reimplementations have appeared in public code repositories; Kaspersky validated the container-to-host escape vector on Docker / LXC / Kubernetes when `algif_aead` is loaded on the host kernel (default on most distributions) ([CERT-EU Advisory 2026-005, 2026-04-30](https://cert.europa.eu/publications/security-advisories/2026-005/) · [Unit 42 — Copy Fail](https://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/) · [BSI WID-SEC-2026-1232](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1232) · [daily 2026-05-06 deep dive](briefs/2026-05-06.md)). Dirty Frag chains CVE-2026-43284 (xfrm-ESP / IPsec) with CVE-2026-43500 (RxRPC) into another deterministic root primitive via page-cache write primitives in both subsystems; researcher Hyunwoo Kim disclosed it 2026-05-07/08 after a third party reverse-engineered the upstream patch and broke embargo. CVE-2026-43500 distro patches remain pending at week-end ([Wiz Research, 2026-05-08](https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc) · [Red Hat RHSB-2026-003](https://access.redhat.com/security/vulnerabilities/RHSB-2026-003) · [Ubuntu — Dirty Frag fixes-available](https://ubuntu.com/blog/dirty-frag-linux-vulnerability-fixes-available) · [NCSC-CH 12547](https://security-hub.ncsc.admin.ch/api/posts/12547/details) · [daily 2026-05-09](briefs/2026-05-09.md)). Both map to [T1068 Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T1068/) and [T1548.001 Setuid and Setgid Abuse](https://attack.mitre.org/techniques/T1548/001/). Defenders should treat file-integrity monitoring as insufficient detection for either family — runtime detection lands on `auditd execve` of `/usr/bin/su` / `/usr/bin/sudo` / `/usr/bin/passwd` from anomalous parent processes, EDR process-ancestry rules for root from non-root contexts, and (for Copy Fail specifically) eBPF or EDR alerts on `AF_ALG` socket creation in container namespaces. Mitigation hierarchy when patches are not yet deployable: kernel patches first (Ubuntu 6.1.98-1ubuntu1, RHEL kernel-5.14.0-503.14.1, Debian 12 pending at week-end; upstream 6.18.22 / 6.19.12 / 7.0 for Copy Fail); blacklist `algif_aead` via `modprobe.d` and `update-initramfs -u`; `modprobe -r esp4 esp6 rxrpc` for Dirty Frag (breaks IPsec VPNs and AFS); seccomp profiles blocking `AF_ALG` socket creation for containerised workloads; disable unprivileged user namespaces (`sysctl kernel.unprivileged_userns_clone=0` on Ubuntu / Debian, `user.max_user_namespaces=0` on RHEL) to remove CAP_NET_ADMIN as a default acquisition path for Dirty Frag. — *Source: [Microsoft Security Blog — Active attack Dirty Frag](https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/) · [Wiz Research — Dirty Frag](https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc) · [Unit 42 — Copy Fail](https://unit42.paloaltonetworks.com/cve-2026-31431-copy-fail/) · [CERT-EU 2026-005](https://cert.europa.eu/publications/security-advisories/2026-005/) · [Daily 2026-05-06](briefs/2026-05-06.md) · [Daily 2026-05-09](briefs/2026-05-09.md) · Tags: vulnerabilities, actively-exploited, cisa-kev, lpe, poc-public · Region: global · CVE: CVE-2026-31431, CVE-2026-43284, CVE-2026-43500 · CVSS: 7.8 / n/a / n/a · Vector: local · Auth: post-auth · Status: exploited, cisa-kev, poc-public, patch-available* ### CVE-2026-42208 LiteLLM Proxy — pre-auth SQL injection exposing upstream LLM-provider API keys at the multi-tenant SaaS layer **If you did nothing this week:** in-the-wild exploitation began within approximately 36 hours of the GitHub Security Advisory (GHSA-r75f-5x8p-qvmc) publication per Bishop Fox. Any LiteLLM Proxy instance that was internet-accessible during that window should be treated as having had its credential tables read. Patching to v1.83.7+ does not remediate pre-patch credential exposure — every upstream API key (OpenAI, Anthropic, Azure OpenAI, Cohere, every other configured provider) stored in the proxy database must be rotated ([Bishop Fox — CVE-2026-42208 technical analysis, 2026-05-06](https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy) · [LiteLLM vendor advisory, 2026-04-29](https://docs.litellm.ai/blog/cve-2026-42208-litellm-proxy-sql-injection)). CISA KEV deadline 2026-05-11 (Monday). The flaw is an f-string SQL injection in the `PrismaClient.get_data()` method: the caller-supplied `Authorization: Bearer ` value is interpolated directly into a PostgreSQL query string rather than passed as a parameterised argument. An unauthenticated attacker sends a crafted token to any LLM API route (e.g., `POST /v1/chat/completions`) and performs blind time-based injection via `pg_sleep()` against the `LiteLLM_VerificationToken` table (Bishop Fox's named example) — alongside the proxy's virtual-key, upstream-provider-credential, team-binding, and rate-limit configuration tables. On default deployments where the application database user holds superuser rights, the primitive is full read/write across the database (CWE-89, CVSS 9.3, [T1190 Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190/), [T1552.001 Credentials in Files](https://attack.mitre.org/techniques/T1552/001/)). The architectural lesson connects directly to the **Braintrust AWS account compromise** disclosed 2026-05-06 (see § 5): AI-evaluation, AI-observability, and AI-gateway SaaS platforms aggregate organisation-level upstream-provider credentials for many tenants per vendor, so a single SaaS-tier compromise propagates into a multi-provider credential event for every downstream tenant. EU public-sector AI pilots running through LiteLLM or any similar gateway should inventory which provider keys are held by which SaaS vendor; require per-environment scoping (dev / staging / prod) with short TTLs; enable provider-side anomaly alerts for unusual call-volume or geographic-origin shifts. Patching path: `pip install --upgrade litellm` to ≥ 1.83.7 or pull the updated container image. — *Source: [Bishop Fox — CVE-2026-42208 technical analysis](https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy) · [LiteLLM vendor advisory](https://docs.litellm.ai/blog/cve-2026-42208-litellm-proxy-sql-injection) · [Daily 2026-05-09](briefs/2026-05-09.md) · Tags: vulnerabilities, actively-exploited, cisa-kev, pre-auth, auth-bypass, cloud, ai-abuse · Region: global · CVE: CVE-2026-42208 · CVSS: 9.3 · Vector: zero-click · Auth: pre-auth · Status: exploited, cisa-kev, patch-available* ### CVE-2026-44128 et al. — SEPPmail Secure Email Gateway: six-CVE cluster on the Swiss public sector's dominant email-encryption appliance **If you did nothing this week:** any unpatched SEPPmail instance still operating its GINAv2 portal on internet-accessible TCP/443 is exposing the `/gina/diag/exec` test/diagnostic endpoint — left active in the v15.0.x release cycle by the vendor — which accepts unvalidated shell command arguments and invokes `Runtime.exec()` as the Tomcat application user. A single HTTP request `https:///gina/diag/exec?cmd=id` confirms execution context; the same primitive reads `/var/seppmail/conf/gina.properties` (LDAP bind, SMTP credentials, S/MIME key-store symmetric key) and writes a web shell under `webapps/`. No authentication, no rate-limiting, no network boundary enforced ([NCSC-CH Security Hub post 12551, 2026-05-08](https://security-hub.ncsc.admin.ch/api/posts/12551/details) · [SEPPmail release notes v15.0](https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security) · [daily 2026-05-09 deep dive](briefs/2026-05-09.md)). SEPPmail AG (Steinach SG) is the dominant cryptographic email-processing gateway in the Swiss public sector — cantonal administrations, Swiss federal bodies (EJPD/DFJP, SECO, cantonal courts), university hospitals, and a substantial share of private healthcare and finance route sensitive email through SEPPmail infrastructure. The GINAv2 portal is by design internet-accessible to external recipients (who click a secure-email notification link, authenticate or self-register, and retrieve encrypted content). The vulnerability cluster covers six CVEs: **CVE-2026-44128** (CVSS 9.3, unauth RCE via test endpoints, [T1190](https://attack.mitre.org/techniques/T1190/)); **CVE-2026-44125** (CVSS 9.3, missing authentication on `/gina/api/v1/admin/` allowing full configuration export including SMTP credentials, LDAP bind password, and the AES key protecting stored S/MIME keys — [T1078.001](https://attack.mitre.org/techniques/T1078/001/), [T1552.001](https://attack.mitre.org/techniques/T1552/001/)); **CVE-2026-44126** (CVSS 9.2, insecure session deserialisation reachable unauthenticated via a `GINA_SESSION=../../uploads/...` path-traversal cookie value that combines with the un-authenticated `/gina/upload/certificate` upload to stage a Java gadget chain — [T1190](https://attack.mitre.org/techniques/T1190/)); **CVE-2026-44127** (CVSS 8.8, LFI and arbitrary file deletion in the appliance management interface — [T1083](https://attack.mitre.org/techniques/T1083/), [T1070.002](https://attack.mitre.org/techniques/T1070/002/)); **CVE-2026-44129** (CVSS 8.3, Freemarker SSTI via notification-email customisation — [T1059.007](https://attack.mitre.org/techniques/T1059/007/)); **CVE-2026-7864** (CVSS 6.9, information disclosure). No in-the-wild exploitation confirmed as of week-end; all three CRITICAL paths are pre-authentication. Patch path: **SEPPmail 15.0.4 (patch 15.0.4.1)** via the standard SEPPmail update channel; if patching is delayed, block source IPs outside the designated admin CIDR from `/gina/diag/` and `/gina/api/v1/admin/` paths at WAF or perimeter. Rotate LDAP bind credentials, SMTP relay credentials, and the S/MIME key-store password after patching regardless of whether exploitation is suspected — the compromise blast radius via CVE-2026-44125 alone reads every credential the appliance stores in cleartext. The Swiss Federal Chancellery ICT security baseline (Sicherheitsstandard IKT des Bundes / ISBB) classifies email-gateway compromise as a Level 3 incident requiring escalation to NCSC-CH within 24 hours; BSI IT-Grundschutz module APP.4.4 brings the same gateway into DACH organisations' ISMS scope. — *Source: [NCSC-CH Security Hub post 12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details) · [SEPPmail release notes v15.0](https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#security) · [Daily 2026-05-09](briefs/2026-05-09.md) · Tags: vulnerabilities, pre-auth, rce, auth-bypass, patch-available · Region: switzerland, dach · CVE: CVE-2026-44128, CVE-2026-44125, CVE-2026-44126, CVE-2026-44127, CVE-2026-44129, CVE-2026-7864 · CVSS: 9.3 / 9.3 / 9.2 / 8.8 / 8.3 / 6.9 · Vector: zero-click · Auth: pre-auth · Status: patch-available* ### Akira ransomware on Groupe 3R — 20 Swiss medical-imaging centres across seven cantons; second cyberattack on the same operator within twelve months **If you did nothing this week:** Swiss and DACH healthcare operators with internet-exposed Cisco ASA / FTD, Fortinet SSL-VPN, or VMware ESXi management interfaces — Akira's documented edge-device initial-access targets — face the same playbook used here. Groupe 3R confirmed the attack on its own website 2026-04-30, filed a criminal complaint, notified the Federal Office for Cybersecurity (BACS/OFCS), and explicitly stated it will not pay ransom; Akira's leak-site listing on approximately 2026-05-08 claims 48 GB exfiltrated including employee identity documents, patient records, payment information, and signed NDAs ([Groupe 3R victim statement, 2026-04-30](https://www.groupe3r.ch/fr/information-importante-perturbation-de-nos-services-7268/) · [ICTjournal.ch, 2026-05-06](https://www.ictjournal.ch/news/2026-05-06/le-reseau-radiologique-romand-a-nouveau-victime-dune-cyberattaque-ses-systemes) · [Blick.ch, 2026-05-07](https://www.blick.ch/fr/suisse/romande/cyberattaque-le-groupe-romand-3r-de-radiologie-cible-id21930477.html) · [daily 2026-05-10](briefs/2026-05-10.md)). Groupe 3R (Réseau Radiologique Romand) operates ~20 medical-imaging centres across seven Swiss cantons listed in the operator statement (Vaud, Valais, Fribourg, Genève, Neuchâtel, Berne — six in Romandie — plus Zürich in German-speaking Switzerland) — a direct Swiss critical-health-infrastructure incident, and the operator's second cyberattack within twelve months (the prior April 2025 incident is acknowledged in the operator's own statement as having involved different attackers and methodology). Legacy examination data remains inaccessible at week-end; new examination data security has been restored on rebuilt infrastructure. Data-exfiltration was not confirmed by the victim; Akira's leak-site post asserts 48 GB exfiltrated. Akira's documented playbook against European healthcare and SME targets emphasises edge-device initial access (Cisco ASA/FTD CVEs, Fortinet SSL-VPN CVEs, VMware ESXi authenticated RCE) and intermittent file-encryption to evade EDR file-IO heuristics — observed ATT&CK techniques include [T1190](https://attack.mitre.org/techniques/T1190/), [T1133 External Remote Services](https://attack.mitre.org/techniques/T1133/), [T1486 Data Encrypted for Impact](https://attack.mitre.org/techniques/T1486/), and [T1567 Exfiltration Over Web Service](https://attack.mitre.org/techniques/T1567/). Defenders should re-validate patch state on the edge devices in Akira's standard target list, confirm EDR rules trigger on intermittent-encryption write-skip-write file-IO patterns, and verify radiology-modality VLAN segmentation from corporate Active Directory — PACS/RIS environments tend to co-tenant with Windows file shares, providing trivial east-west reach once an attacker lands. The Akira-as-actor attribution comes from `ransomware.live` (aggregator), not from the victim or an independent primary; logged with confidence HIGH on incident, MEDIUM on actor. — *Source: [Groupe 3R victim statement](https://www.groupe3r.ch/fr/information-importante-perturbation-de-nos-services-7268/) · [ICTjournal.ch](https://www.ictjournal.ch/news/2026-05-06/le-reseau-radiologique-romand-a-nouveau-victime-dune-cyberattaque-ses-systemes) · [Blick.ch](https://www.blick.ch/fr/suisse/romande/cyberattaque-le-groupe-romand-3r-de-radiologie-cible-id21930477.html) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: ransomware, organized-crime, data-breach · Region: switzerland · Sector: healthcare* ## 2. Multi-day campaigns and chains The four campaigns below each accumulated material deltas across multiple daily briefs in 2026-W19. The picture a Tier 2/3 reader could not see from any single day is the campaign-state-at-week-end — what is currently in motion, where the story shifted, what defenders should still be watching on Monday. ### ShinyHunters / WorldLeaks — week-long cross-incident operator activity touching Inditex, Vimeo, ADT, and Instructure / Canvas The cross-day pattern most visible in 2026-W19 is the ShinyHunters / WorldLeaks operator family's role in four parallel third-party / SaaS-tier compromises with European footprint, all riding the **third-party-analytics → cloud-data-warehouse → tenant-data-exfiltration** pivot rather than direct attack on the victim's infrastructure. The sequence: **Vimeo / Anodot** (first covered 2026-05-07) — Vimeo's official statement confirmed customer email addresses were affected via a third-party security incident involving Anodot, an analytics vendor integrated with Vimeo's infrastructure; the Snowflake-and-BigQuery cloud-data-warehouse pivot is attributed to ShinyHunters' extortion claim per BleepingComputer (not Vimeo's own confirmation); BleepingComputer reports approximately 119,000 email addresses exposed; ShinyHunters published the dataset after Vimeo declined extortion ([Vimeo official blog, 2026-04-27](https://vimeo.com/blog/post/anodot-third-party-security-incident) · [BleepingComputer, 2026-05-06](https://www.bleepingcomputer.com/news/security/video-service-vimeo-confirms-anodot-breach-exposed-user-data/) · [The Register, 2026-05-05](https://www.theregister.com/2026/05/05/shinyhunters_dump_puts_119k_vimeo/)). **Inditex (Zara)** (first covered 2026-05-09) — Have I Been Pwned confirmed 197,400 EU customer email addresses exposed via the same Anodot → BigQuery pivot; Inditex confirmed access to email, geographic location, order IDs, support ticket content; ShinyHunters dumped ~140 GB after Inditex declined ([SecurityAffairs, 2026-05-08](https://securityaffairs.com/191859/cyber-crime/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html) · [BleepingComputer, 2026-05-08](https://www.bleepingcomputer.com/news/security/zara-data-breach-exposed-personal-information-of-197-000-people/) · [daily 2026-05-09](briefs/2026-05-09.md)). **ADT Inc.** (first covered 2026-05-06) — SEC 8-K filed 2026-04-24 disclosed unauthorised access to certain cloud environments; ShinyHunters claimed the initial-access vector was vishing on an employee Okta SSO account followed by Salesforce data exfiltration (ADT did not confirm the vector) ([ADT Newsroom, 2026-04-24](https://newsroom.adt.com/corporate-news/adt-detects-cybersecurity-incident) · [daily 2026-05-06](briefs/2026-05-06.md)). **Instructure / Canvas** (first covered 2026-05-06; expanded each subsequent day — see separate H3 below). The lesson under PD-11 (less is more) for Swiss / EU public-sector readers: third-party analytics, monitoring, evaluation, and observability integrations holding OAuth or service-account access to production data warehouses (Snowflake, BigQuery, Redshift) are a structural supply-chain attack surface that vendor-assessment checklists routinely miss. Audit delegated access grants for analytics tooling; enforce token scoping and expiry; require provider-side anomaly alerts; and treat any tenant-to-tenant credential propagation pattern (the four incidents above are all that pattern) as warranting a tabletop on revocation timing — Vimeo revoked privileged credentials and access tokens within hours of detection, which is the right reference performance. — *Source: [Vimeo official blog — Anodot incident](https://vimeo.com/blog/post/anodot-third-party-security-incident) · [SecurityAffairs — Zara breach](https://securityaffairs.com/191859/cyber-crime/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html) · [BleepingComputer — Vimeo Anodot](https://www.bleepingcomputer.com/news/security/video-service-vimeo-confirms-anodot-breach-exposed-user-data/) · [ADT Newsroom](https://newsroom.adt.com/corporate-news/adt-detects-cybersecurity-incident) · [Daily 2026-05-06](briefs/2026-05-06.md) · [Daily 2026-05-07](briefs/2026-05-07.md) · [Daily 2026-05-09](briefs/2026-05-09.md) · Tags: data-breach, organized-crime, supply-chain, cloud, identity · Region: europe, us, global · Sector: technology, retail* ### Canvas / Instructure breach — five-day arc from first claim to seven Dutch universities executing emergency disconnects Canvas / Instructure is the cleanest example of a campaign chain that accumulated meaningfully different state every day of 2026-W19, and the one a SOC manager carries into Monday morning with an extortion deadline two days out. Day-by-day: **2026-05-06** — Instructure confirmed names, email addresses, student ID numbers, and user-to-user messages accessed; detected API-tool disruption ~2026-04-30; revoked privileged credentials and access tokens; passwords / financial data / government IDs out of scope; ShinyHunters claimed 275 M records across ~9,000 institutions including EU and APAC ([BleepingComputer, 2026-05-04](https://www.bleepingcomputer.com/news/security/instructure-confirms-data-breach-shinyhunters-claims-attack/) · [TechCrunch, 2026-05-05](https://techcrunch.com/2026/05/05/hackers-steal-students-data-during-breach-at-education-tech-giant-instructure/) · [SecurityWeek, 2026-05-04](https://www.securityweek.com/edtech-firm-instructure-discloses-data-breach/) · [daily 2026-05-06](briefs/2026-05-06.md)). **2026-05-07** — individual universities (University of Nevada Reno, University of Pennsylvania ~300,000+ users) began notifying students and staff directly ([University of Nevada Reno president message, 2026-05-06](https://www.unr.edu/nevada-today/news/president-messages/2026-05-06-cybersecurity-incident) · [daily 2026-05-07 UPDATE](briefs/2026-05-07.md)). **2026-05-08** — SURF (Dutch NREN) confirmed 44 Dutch institutions among victims; attacker posted portal defacements; 2026-05-12 extortion deadline set; Canvas taken offline for emergency patching on 2026-05-07 ([NL Times — Canvas hack: student data from 44 Dutch universities and schools taken](https://nltimes.nl/2026/05/05/canvas-hack-student-data-44-dutch-universities-schools-taken-massive-breach) · [The Next Web — largest education data breach in history](https://thenextweb.com/news/the-largest-education-data-breach-in-history-was-not-an-attack-on-a-school-it-was-an-attack-on-a-vendor) · [daily 2026-05-08 UPDATE](briefs/2026-05-08.md)). **2026-05-09** — three major UK universities (Oxford, Cambridge, Liverpool — Liverpool notified ICO under GDPR Article 33) issued public statements; UNL confirmed 44 Dutch member institutions; 3 GB sample dump on 2026-05-07 contained course-IDs, student emails, assignment metadata, grade records across four UK institutions; Instructure stated the breach vector was a compromised integration service account for a third-party LTI tool provider (not Canvas core infrastructure). The ShinyHunters / WorldLeaks operator-family attribution and the specific extortion-amount figure carried in the daily UPDATE trace to sources not re-fetched at weekly composition time; readers should consult the daily UPDATE for the citation chain ([daily 2026-05-09 UPDATE](briefs/2026-05-09.md)). **2026-05-10** — ShinyHunters posted a *second* intrusion notice 2026-05-08 asserting Canvas retained unpatched vulnerabilities permitting re-entry despite the May 8 patches; Instructure confirmed the second breach, rotated application keys, increased monitoring, and required API-client re-authorisation; seven Dutch universities (**VU Amsterdam, University of Amsterdam, Erasmus Rotterdam, Tilburg, Eindhoven TU/e, Maastricht, Twente**) executed emergency Canvas disconnections on/before 2026-05-09; Dutch DPA (Autoriteit Persoonsgegevens) received an incident report from VU Amsterdam ([Techzine EU, 2026-05-08](https://www.techzine.eu/news/security/141149/dutch-university-disconnects-canvas-systems-after-instructure-hack/) · [DutchNews.nl, 2026-05-08](https://www.dutchnews.nl/2026/05/hackers-break-into-ed-tech-giant-again-after-massive-data-heist/) · [daily 2026-05-10 UPDATE](briefs/2026-05-10.md)). State at week-end: **2026-05-12 extortion deadline is Tuesday (two days out)**; no ransom paid as of 2026-05-09 06:00 UTC; if the second-intrusion claim verifies, Instructure's remediation was incomplete and the data-release threat is materially more credible. European universities running Canvas should treat credential-stuffing risk on stolen student / staff emails as active; audit third-party LTI integrations and revoke service accounts for unused integrations; watch for follow-on phishing campaigns referencing course content. GDPR Article 33/34 notification clocks run from the date Instructure provided scope confirmation to the institution. — *Source: [BleepingComputer — Instructure Canvas data breach](https://www.bleepingcomputer.com/news/security/instructure-confirms-data-breach-shinyhunters-claims-attack/) · [Techzine EU — Dutch university disconnects](https://www.techzine.eu/news/security/141149/dutch-university-disconnects-canvas-systems-after-instructure-hack/) · [DutchNews.nl — Hackers break into ed-tech giant again](https://www.dutchnews.nl/2026/05/hackers-break-into-ed-tech-giant-again-after-massive-data-heist/) · [NL Times — Canvas hack: student data from 44 Dutch universities and schools taken](https://nltimes.nl/2026/05/05/canvas-hack-student-data-44-dutch-universities-schools-taken-massive-breach) · [Daily 2026-05-06](briefs/2026-05-06.md) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: data-breach, ransomware, organized-crime, supply-chain · Region: europe, uk, global · Sector: education* ### CL-STA-1132 — PAN-OS CVE-2026-0300 exploitation cluster: disclosure-to-deadline-to-deadline-expiry inside the window The PAN-OS Captive Portal zero-day chain compressed an entire incident-response cycle into one ISO week. **2026-05-06** — Palo Alto disclosed CVE-2026-0300 (CVSS 9.3 unauthenticated root RCE); CERT-EU issued a rare Critical Advisory; CISA listed in KEV with deadline 2026-05-09; Unit 42 attributed active exploitation since 2026-04-09 to CL-STA-1132 and characterised it as likely state-sponsored ([Palo Alto PSIRT, 2026-05-06](https://security.paloaltonetworks.com/CVE-2026-0300) · [CERT-EU 2026-006, 2026-05-06](https://cert.europa.eu/publications/security-advisories/2026-006/) · [Unit 42, 2026-05-06](https://unit42.paloaltonetworks.com/captive-portal-zero-day/) · [daily 2026-05-07 deep dive](briefs/2026-05-07.md)). **2026-05-08** — KEV deadline announced as the next day; mitigation hardening (disable Captive Portal, restrict to internal CIDR, Threat ID 510019) repeated; daily flagged that organisations must confirm mitigation by today before close-of-business ([daily 2026-05-08](briefs/2026-05-08.md)). **2026-05-09** — KEV deadline expired today, no patch exists; vendor confirmed earliest patches at 10.1.14 / 10.2.12 / 11.0.5 / 11.1.4 expected 2026-05-13; Unit 42 published post-exploitation cluster framing — rogue admin account name pattern **`svc-health-check-[6-digit-numeric]`**, Python tunnelling implants under `/var/tmp/linuxupdate` / `/tmp/.c`, OSPF-based internal AD reconnaissance; observed dwell time ~20 days from initial compromise to second-device exploitation on a tracked victim ([daily 2026-05-09 UPDATE](briefs/2026-05-09.md)). **2026-05-10** — Unit 42 added EarthWorm / ReverseSocks5 tunnelling specificity (already adjacent to the prior framing; marginal delta over the cluster narrative). The campaign-state lens a daily reader cannot see from one day: every organisation with an internet-facing PAN-OS Captive Portal that did not disable or restrict it during 2026-W19 is in the same posture on 2026-W20 — still no patch, still exposed, still inside CL-STA-1132's targeting window. Retrospective log review for the **`svc-health-check-`** account pattern, anomalous outbound from the firewall management IP, and unexpected nginx child processes back-to-back-to-back through 2026-04-09 is the highest-priority hunting action for the new week. ATT&CK profile: [T1190](https://attack.mitre.org/techniques/T1190/), [T1055](https://attack.mitre.org/techniques/T1055/), [T1003](https://attack.mitre.org/techniques/T1003/), [T1572](https://attack.mitre.org/techniques/T1572/), [T1018 Remote System Discovery](https://attack.mitre.org/techniques/T1018/). — *Source: [Palo Alto PSIRT — CVE-2026-0300](https://security.paloaltonetworks.com/CVE-2026-0300) · [Unit 42 — Captive Portal zero-day](https://unit42.paloaltonetworks.com/captive-portal-zero-day/) · [CERT-EU Critical Advisory 2026-006](https://cert.europa.eu/publications/security-advisories/2026-006/) · [Daily 2026-05-07](briefs/2026-05-07.md) · [Daily 2026-05-09](briefs/2026-05-09.md) · Tags: vulnerabilities, actively-exploited, cisa-kev, nation-state, rce, pre-auth, no-patch · Region: europe, global · Sector: public-sector, defense* ### cPanel / WHM — two emergency TSRs inside ten days: post-CVE-2026-41940 fleet now facing CVE-2026-29201/29202/29203 cPanel / WHM saw two emergency Targeted Security Releases inside ten days, with the second arriving against a fleet that had not yet recovered from the first. **CVE-2026-41940** (CRLF cookie-forge unauthenticated bypass) drove mass exploitation from approximately 2026-02-23 through the emergency patch on 2026-04-28 — roughly two months of zero-day exposure during which Shadowserver telemetry estimated ~44,000 IP addresses likely compromised; multiple distinct threat-actor campaigns deployed payloads, including a "Sorry" Go-based Linux encryptor and AdaptixC2 against government and military entities ([watchTowr Labs](https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/) · [Rapid7 ETR](https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass/) · [Help Net Security, 2026-05-04](https://www.helpnetsecurity.com/2026/05/04/multiple-threat-actors-actively-exploit-cpanel-vulnerability-cve-2026-41940/) · [daily 2026-05-06 first coverage](briefs/2026-05-06.md)). The second TSR landed 2026-05-08 with three CVEs initially under responsible-disclosure embargo (and dropped from § 3 of the daily that day for that reason); the embargo lifted 2026-05-09 with technical analyses from The Hacker News and Panelica ([daily 2026-05-09](briefs/2026-05-09.md), [daily 2026-05-10 UPDATE](briefs/2026-05-10.md)). The compounding pattern is what makes this a multi-day-chain entry: cPanel hosts that recovered from the ~February–April CVE-2026-41940 wave now face fresh primitives — **CVE-2026-29202** (CVSS 8.8) is post-auth Perl execution in the `create_user` API (any authenticated cPanel user with API access can inject and execute arbitrary Perl code in their system account context); **CVE-2026-29203** (CVSS 8.8) is unsafe symlink handling enabling `chmod` abuse for privilege escalation or denial of service; **CVE-2026-29201** (CVSS 4.3) is arbitrary feature-file disclosure ([The Hacker News, 2026-05-09](https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html) · [NCSC-CH 12550, 2026-05-08](https://security-hub.ncsc.admin.ch/api/posts/12550/details) · [Panelica, 2026-05-08](https://panelica.com/blog/cpanel-cve-2026-29201-29202-29203-may-2026-tsr-advisory)). An attacker who used CVE-2026-41940 to obtain unauthenticated cPanel access can pivot to CVE-2026-29202 to escalate privilege or persist inside the same compromised host. No confirmed in-the-wild exploitation of the second batch at week-end, but the population of unpatched hosts overlaps materially with the recovering CVE-2026-41940 fleet. Patch path: cPanel/WHM patched builds **11.136.0.9+**, **11.134.0.25+**, **11.132.0.31+**; operators with auto-update disabled or version-pinned builds must run `/scripts/upcp` manually. European hosting providers and MSPs serving public-sector clients remain the structural exposure concentration. — *Source: [The Hacker News — cPanel/WHM patch 3 new vulnerabilities](https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html) · [NCSC-CH Security Hub post 12550](https://security-hub.ncsc.admin.ch/api/posts/12550/details) · [Panelica — cPanel CVE-2026-29201/29202/29203 advisory](https://panelica.com/blog/cpanel-cve-2026-29201-29202-29203-may-2026-tsr-advisory) · [watchTowr Labs — CVE-2026-41940](https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/) · [Daily 2026-05-06](briefs/2026-05-06.md) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: vulnerabilities, rce, actively-exploited, cisa-kev, auth-bypass, patch-available · Region: global · Sector: technology · CVE: CVE-2026-29202, CVE-2026-29203, CVE-2026-29201 · CVSS: 8.8 / 8.8 / 4.3 · Vector: zero-click · Auth: post-auth · Status: patch-available* ## 3. Vulnerability roll-up The table covers every CVE referenced in 2026-W19's daily briefs. Operationally critical items (Active ITW, KEV-added during window, pre-auth RCE on internet-exposed software, or supply-chain compromise on widely-deployed software) get their own H3 below; patched-and-not-exploited items remain in the table only. | CVE | Product | Status | Patched | KEV | First brief | Source | |---|---|---|---|---|---|---| | CVE-2026-0300 | Palo Alto PAN-OS Captive Portal (10.2.x/11.1.x/11.2.x/12.1.x) | Active ITW (CL-STA-1132) | Pending (10.1.14/10.2.12/11.0.5/11.1.4 staged 2026-05-13 → 2026-05-28) | Yes — deadline 2026-05-09 expired | [2026-05-07](briefs/2026-05-07.md) | [Palo Alto PSIRT](https://security.paloaltonetworks.com/CVE-2026-0300) | | CVE-2026-6973 | Ivanti EPMM on-prem admin API (< 12.6.1.1 / 12.7.0.1 / 12.8.0.1) | Active ITW | 12.6.1.1 / 12.7.0.1 / 12.8.0.1 | Yes — deadline 2026-05-10 expired | [2026-05-08](briefs/2026-05-08.md) | [Ivanti PSIRT](https://www.ivanti.com/blog/may-2026-epmm-security-update) | | CVE-2026-5787 | Ivanti EPMM on-prem Sentry registration (chain) | Active ITW (chained) | Same as CVE-2026-6973 | Indirect (chain) | [2026-05-08](briefs/2026-05-08.md) | [Ivanti PSIRT](https://www.ivanti.com/blog/may-2026-epmm-security-update) | | CVE-2026-5786 | Ivanti EPMM on-prem (remote auth → admin via access-control flaw) | Disclosure-only | Same patch level | No | [2026-05-10](briefs/2026-05-10.md) | [Ivanti PSIRT](https://www.ivanti.com/blog/may-2026-epmm-security-update) | | CVE-2026-5788 | Ivanti EPMM on-prem (unauth method invocation) | Disclosure-only | Same patch level | No | [2026-05-10](briefs/2026-05-10.md) | [Ivanti PSIRT](https://www.ivanti.com/blog/may-2026-epmm-security-update) | | CVE-2026-7821 | Ivanti EPMM on-prem (May 2026 companion) | Disclosure-only | Same patch level | No | [2026-05-10](briefs/2026-05-10.md) | [BleepingComputer](https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks/) | | CVE-2026-31431 | Linux kernel `algif_aead` (4.14 – 6.19.11) | Active ITW (paired with Dirty Frag per Microsoft) | 6.18.22 / 6.19.12 / 7.0 + distro pkgs | Yes — deadline 2026-05-15 | [2026-05-06](briefs/2026-05-06.md) | [CERT-EU 2026-005](https://cert.europa.eu/publications/security-advisories/2026-005/) | | CVE-2026-43284 | Linux kernel xfrm-ESP (Dirty Frag) | Active ITW (limited campaigns, Microsoft) | Mainline merged 2026-05-08; distro pkgs landing | No | [2026-05-09](briefs/2026-05-09.md) | [Wiz Research](https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc) | | CVE-2026-43500 | Linux kernel RxRPC (Dirty Frag chain) | Active ITW (limited campaigns) | Kernel patch pending; distro pkgs pending | No | [2026-05-09](briefs/2026-05-09.md) | [Wiz Research](https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc) | | CVE-2026-42208 | LiteLLM Proxy (< v1.83.7) | Active ITW (within ~36 h of GHSA) | v1.83.7+ | Yes — deadline 2026-05-11 | [2026-05-09](briefs/2026-05-09.md) | [Bishop Fox](https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy) | | CVE-2026-32202 | Windows Shell (Win10/11, pre-April-2026 CU) | Active ITW (APT28 against EU gov) | April 2026 Patch Tuesday | Yes — deadline 2026-05-12 | [2026-05-08](briefs/2026-05-08.md) | [Microsoft MSRC](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202) | | CVE-2026-41940 | cPanel / WHM (all pre-2026-04-28 patch) | Active ITW (mass; ~44,000 hosts) | Emergency 2026-04-28 | Yes — deadline 2026-05-21 | [2026-05-06](briefs/2026-05-06.md) | [watchTowr Labs](https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/) | | CVE-2026-29202 | cPanel / WHM (create_user API Perl injection) | Disclosure-only (compounding with 41940 fleet) | Patched builds 11.136.0.9+ / 11.134.0.25+ / 11.132.0.31+ | No | [2026-05-10](briefs/2026-05-10.md) | [The Hacker News](https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html) | | CVE-2026-29203 | cPanel / WHM (unsafe symlink chmod) | Disclosure-only | Same patch level | No | [2026-05-10](briefs/2026-05-10.md) | [The Hacker News](https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html) | | CVE-2026-29201 | cPanel / WHM (feature-file disclosure) | Disclosure-only | Same patch level | No | [2026-05-10](briefs/2026-05-10.md) | [The Hacker News](https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html) | | CVE-2024-57726 | SimpleHelp RMM ≤ 5.5.7 (priv-esc) | Active ITW (DragonForce / Medusa) | 5.5.8+ | Yes — deadline 2026-05-08 (overdue) | [2026-05-07](briefs/2026-05-07.md) | [Horizon3.ai — SimpleHelp RMM disclosures](https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/) | | CVE-2024-57728 | SimpleHelp RMM ≤ 5.5.7 (zip-slip RCE) | Active ITW (chained) | 5.5.8+ | Yes — deadline 2026-05-08 (overdue) | [2026-05-07](briefs/2026-05-07.md) | [Horizon3.ai — SimpleHelp RMM disclosures](https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/) | | CVE-2024-7399 | Samsung MagicINFO 9 Server (< 21.1050.0) | Active ITW (Mirai deployment) | 21.1050.0+ | Yes — deadline 2026-05-08 (overdue) | [2026-05-07](briefs/2026-05-07.md) | [Unit 42 — CVE-2024-7399 Samsung MagicINFO](https://unit42.paloaltonetworks.com/cve-2024-7399-samsung-magicinfo/) | | CVE-2026-44128 | SEPPmail Secure Email Gateway (GINAv2 test endpoints) | Disclosure-only | 15.0.4 / 15.0.4.1 | No | [2026-05-09](briefs/2026-05-09.md) | [NCSC-CH 12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details) | | CVE-2026-44125 | SEPPmail GINAv2 admin REST API | Disclosure-only | 15.0.4 | No | [2026-05-09](briefs/2026-05-09.md) | [NCSC-CH 12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details) | | CVE-2026-44126 | SEPPmail GINAv2 session deserialisation | Disclosure-only | 15.0.4 | No | [2026-05-09](briefs/2026-05-09.md) | [NCSC-CH 12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details) | | CVE-2026-44127 | SEPPmail appliance management (LFI + delete) | Disclosure-only | 15.0.4 | No | [2026-05-09](briefs/2026-05-09.md) | [NCSC-CH 12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details) | | CVE-2026-44129 | SEPPmail GINAv2 Freemarker SSTI | Disclosure-only | 15.0.4 | No | [2026-05-09](briefs/2026-05-09.md) | [NCSC-CH 12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details) | | CVE-2026-7864 | SEPPmail appliance management info-disclosure | Disclosure-only | 15.0.4 | No | [2026-05-09](briefs/2026-05-09.md) | [NCSC-CH 12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details) | | CVE-2026-26030 | Microsoft Semantic Kernel Python SDK (< 1.39.4) | PoC-public | ≥ 1.39.4 | No | [2026-05-10](briefs/2026-05-10.md) | [Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/) | | CVE-2026-25592 | Microsoft Semantic Kernel .NET SDK (< 1.71.0) | Disclosure-only | ≥ 1.71.0 | No | [2026-05-10](briefs/2026-05-10.md) | [Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/) | | CVE-2026-4670 | Progress MOVEit Automation (< 2025.1.5 / 2025.0.9 / 2024.1.8) | Disclosure-only | 2025.1.5 / 2025.0.9 / 2024.1.8 | No | [2026-05-06](briefs/2026-05-06.md) | [Help Net Security](https://www.helpnetsecurity.com/2026/05/04/critical-moveit-automation-auth-bypass-vulnerability-fixed-cve-2026-4670/) | | CVE-2026-5174 | Progress MOVEit Automation (chained priv-esc) | Disclosure-only | Same | No | [2026-05-06](briefs/2026-05-06.md) | [Help Net Security](https://www.helpnetsecurity.com/2026/05/04/critical-moveit-automation-auth-bypass-vulnerability-fixed-cve-2026-4670/) | | CVE-2026-23918 | Apache HTTP Server 2.4.66 (HTTP/2) | PoC (no ITW) | 2.4.67 | No | [2026-05-06](briefs/2026-05-06.md) | [The Hacker News](https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html) | | CVE-2026-28780 | Apache HTTP Server 2.4.x (mod_proxy_ajp) | Disclosure-only | 2.4.67 | No | [2026-05-07](briefs/2026-05-07.md) | [Apache HTTP Server security page](https://httpd.apache.org/security/vulnerabilities_24.html) | | CVE-2026-32305 | Traefik proxy (< 2.11.41 / 3.6.11 / 3.7.0-ea.2) | Disclosure-only | 2.11.41 / 3.6.11 / 3.7.0-ea.2 | No | [2026-05-06](briefs/2026-05-06.md) | [CERT-FR CERTFR-2026-AVI-0531](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0531/) | | CVE-2026-40982 | Spring Cloud Config Server (3.1.x/4.1.x/4.2.x/4.3.x/5.0.x) | Disclosure-only | 4.3.3 / 5.0.3 + NES backports | No | [2026-05-09](briefs/2026-05-09.md) | [Spring.io](https://spring.io/security/cve-2026-40982) | | CVE-2025-68670 | xrdp (< 0.10.5) | Disclosure-only | 0.10.5 / 0.10.4.1 / 0.9.27 | No | [2026-05-09](briefs/2026-05-09.md) | [Kaspersky Securelist](https://securelist.com/cve-2025-68670/119742/) | | CVE-2026-6023 | Progress Telerik UI for ASP.NET AJAX (< 2026.1.421) | Disclosure-only | 2026.1.421 | No | [2026-05-07](briefs/2026-05-07.md) | [CERT-FR CERTFR-2026-AVI-0542](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0542/) | | CVE-2026-6022 | Progress Telerik UI for ASP.NET AJAX (< 2026.1.421) | Disclosure-only | 2026.1.421 | No | [2026-05-07](briefs/2026-05-07.md) | [CERT-FR CERTFR-2026-AVI-0542](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0542/) | | CVE-2026-23926 | Zabbix 6.0.x/7.0.x/7.4.x | Disclosure-only | 6.0.45 / 7.0.24 / 7.4.8 | No | [2026-05-07](briefs/2026-05-07.md) | [CERT-FR CERTFR-2026-AVI-0541](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0541/) | | CVE-2026-23927 | Zabbix 6.0.x/7.0.x/7.4.x | Disclosure-only | 6.0.45 / 7.0.24 / 7.4.8 | No | [2026-05-07](briefs/2026-05-07.md) | [CERT-FR CERTFR-2026-AVI-0541](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0541/) | | CVE-2026-23928 | Zabbix 6.0.x/7.0.x/7.4.x | Disclosure-only | 6.0.45 / 7.0.24 / 7.4.8 | No | [2026-05-07](briefs/2026-05-07.md) | [CERT-FR CERTFR-2026-AVI-0541](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0541/) | | CVE-2026-33725 | Metabase Enterprise (1.47–1.59.3) | Disclosure-only (admin-required, PoC) | 1.54.22+ (vendor) | No | [2026-05-07](briefs/2026-05-07.md) | [The Hacker News](https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html) (cited in daily; vendor advisories) | | CVE-2026-32312 | GLPI (< 10.0.25 / 11.0.7) — SSRF | Disclosure-only | 10.0.25 / 11.0.7 | No | [2026-05-08](briefs/2026-05-08.md) | [CERT-FR CERTFR-2026-AVI-0551](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0551/) | | CVE-2026-40108 | GLPI (< 10.0.25 / 11.0.7) — integrity | Disclosure-only | 10.0.25 / 11.0.7 | No | [2026-05-08](briefs/2026-05-08.md) | [CERT-FR CERTFR-2026-AVI-0551](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0551/) | | CVE-2026-42317 | GLPI (< 10.0.25 / 11.0.7) — XSS | Disclosure-only | 10.0.25 / 11.0.7 | No | [2026-05-08](briefs/2026-05-08.md) | [CERT-FR CERTFR-2026-AVI-0551](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0551/) | | CVE-2026-42318 | GLPI (< 10.0.25 / 11.0.7) — XSS | Disclosure-only | 10.0.25 / 11.0.7 | No | [2026-05-08](briefs/2026-05-08.md) | [CERT-FR CERTFR-2026-AVI-0551](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0551/) | | CVE-2026-42320 | GLPI (< 10.0.25 / 11.0.7) — XSS | Disclosure-only | 10.0.25 / 11.0.7 | No | [2026-05-08](briefs/2026-05-08.md) | [CERT-FR CERTFR-2026-AVI-0551](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0551/) | | CVE-2026-42321 | GLPI (< 10.0.25 / 11.0.7) — XSS | Disclosure-only | 10.0.25 / 11.0.7 | No | [2026-05-08](briefs/2026-05-08.md) | [CERT-FR CERTFR-2026-AVI-0551](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0551/) | | CVE-2026-5385 | GLPI (< 10.0.25 / 11.0.7) — auth-bypass | Disclosure-only | 10.0.25 / 11.0.7 | No | [2026-05-08](briefs/2026-05-08.md) | [CERT-FR CERTFR-2026-AVI-0551](https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0551/) | | CVE-2026-40981 | Spring Cloud Config Server (Google Secrets Manager backend) | Disclosure-only | 4.3.3 / 5.0.3 | No | [2026-05-09](briefs/2026-05-09.md) | [Spring.io](https://spring.io/security/cve-2026-40982) | | CVE-2026-41002 | Spring Cloud Config Server companion | Disclosure-only | 4.3.3 / 5.0.3 | No | [2026-05-09](briefs/2026-05-09.md) | [Spring.io](https://spring.io/security/cve-2026-40982) | | CVE-2026-41004 | Spring Cloud Config Server companion | Disclosure-only | 4.3.3 / 5.0.3 | No | [2026-05-09](briefs/2026-05-09.md) | [Spring.io](https://spring.io/security/cve-2026-40982) | | CVE-2025-29927 | Next.js middleware authorisation bypass (weaponised by PCPJack) | Active ITW (worm) | Vendor patch | No | [2026-05-10](briefs/2026-05-10.md) | [SentinelLabs](https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/) | | CVE-2025-55182 | React/Next.js Server Actions deserialisation (weaponised by PCPJack) | Active ITW (worm) | Vendor patch | No | [2026-05-10](briefs/2026-05-10.md) | [SentinelLabs](https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/) | | CVE-2026-1357 | WPVivid Backup unauth file upload (weaponised by PCPJack) | Active ITW (worm) | Plugin patch | No | [2026-05-10](briefs/2026-05-10.md) | [SentinelLabs](https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/) | | CVE-2025-9501 | W3 Total Cache PHP injection (weaponised by PCPJack) | Active ITW (worm) | Plugin patch | No | [2026-05-10](briefs/2026-05-10.md) | [SentinelLabs](https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/) | | CVE-2025-48703 | CentOS Web Panel FileManager shell injection (weaponised by PCPJack) | Active ITW (worm) | Vendor patch | No | [2026-05-10](briefs/2026-05-10.md) | [SentinelLabs](https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/) | | CVE-2026-20034 | Cisco Unity Connection authenticated RCE (CVSS 8.8) | Disclosure-only (dropped from §2; logged §7) | Vendor patch | No | [2026-05-10](briefs/2026-05-10.md) | [Cisco PSIRT](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy) | | CVE-2026-20035 | Cisco Unity Connection unauth SSRF (CVSS 7.2) | Disclosure-only | Vendor patch | No | [2026-05-10](briefs/2026-05-10.md) | [Cisco PSIRT](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy) | ### CVE-2026-26030 + CVE-2026-25592 — Microsoft Semantic Kernel Python and .NET SDKs: a class-of-bug for agentic-AI frameworks The two Semantic Kernel CVEs are the highest-signal *new* CVE pair of the week even without confirmed in-the-wild exploitation: both flaws stem from a shared design weakness that **an agent framework treats LLM-controlled values as input to executable abstractions without explicit validation at the boundary**. The Python SDK flaw (CVE-2026-26030, CWE-94) interpolates an LLM-controlled parameter into the `InMemoryVectorStore` filter expression via f-string composition; a string-blocklist validator is bypassed by the canonical `"".__class__.__bases__[0].__subclasses__()` class-hierarchy traversal pattern, yielding `subprocess.Popen`-equivalent execution on the agent process's host. A public PoC exists in the `amiteliahu/AIAgentCTF` GitHub repository per Microsoft's research post. The .NET SDK flaw (CVE-2026-25592, CWE-22 effectively a sandbox-escape) ships a stray `[KernelFunction]` attribute on `SessionsPythonPlugin.DownloadFileAsync` and `SessionsPythonPlugin.UploadFileAsync`; the LLM can therefore invoke those methods with attacker-chosen path arguments, yielding an arbitrary file write that breaks containment from the Azure Container Apps Python sessions sandbox onto the agent process's host filesystem ([Microsoft Security Blog, 2026-05-07](https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/) · [GitHub GHSA-xjw9-4gw8-4rqx](https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-4rqx) · [GitHub GHSA-2ww3-72rp-wpp4](https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4) · [daily 2026-05-10 deep dive](briefs/2026-05-10.md)). Both flaws bypass prompt-side mitigations (output filtering, response classifiers, "let the LLM judge") because the dangerous operation occurs *inside the SDK*. The same class of bug is highly likely to exist in LangChain, CrewAI, AutoGen, Haystack, and LlamaIndex; defenders should not assume Semantic Kernel is uniquely affected. Patch path: Python SDK **≥ 1.39.4**, .NET SDK **≥ 1.71.0**; audit every `[KernelFunction]`-decorated method for parameter types that are paths, file handles, raw strings later interpolated into code, SQL fragments, or URLs, and remove the decorator from anything that does not need to be LLM-callable. ATT&CK: [T1059.006 Python](https://attack.mitre.org/techniques/T1059/006/), [T1611 Escape to Host](https://attack.mitre.org/techniques/T1611/), [T1565.001](https://attack.mitre.org/techniques/T1565/001/), [T1005 Data from Local System](https://attack.mitre.org/techniques/T1005/). — *Source: [Microsoft Security Blog — Prompts become shells](https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/) · [GitHub GHSA-xjw9-4gw8-4rqx](https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-4rqx) · [GitHub GHSA-2ww3-72rp-wpp4](https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: vulnerabilities, rce, poc-public, patch-available, ai-abuse, cloud · Region: global · CVE: CVE-2026-26030, CVE-2026-25592 · CVSS: 9.9 / 9.9 · Vector: user-interaction · Auth: pre-auth · Status: poc-public, patch-available* ### CVE-2026-32202 — Windows Shell NTLM coercion; Akamai's PatchDiff-AI shows the residual zero-click path left by the CVE-2026-21510 patch Despite the low base CVSS of 4.3 (network vector, no privileges, user interaction required), this is a priority-patch item for any organisation in scope of APT28's targeting of the predecessor vulnerability: **APT28 (Fancy Bear)** was attributed by CERT-UA to the predecessor **CVE-2026-21510** LNK exploitation against Ukraine and EU countries in December 2025 ([Akamai Security Research](https://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202)). Microsoft flipped the "exploited" flag on CVE-2026-32202 on 2026-04-27 ([Help Net Security, 2026-04-29](https://www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/)); neither Akamai nor Help Net Security explicitly attributes current CVE-2026-32202 in-the-wild exploitation to APT28, so the actor for CVE-2026-32202 exploitation specifically remains publicly unattributed at week-end ([Microsoft MSRC — CVE-2026-32202](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202) · [daily 2026-05-08](briefs/2026-05-08.md)). Akamai's PatchDiff-AI analysis published 2026-04-23 reveals that Microsoft's February 2026 patch for **CVE-2026-21510** successfully blocked RCE and SmartScreen bypass but left a residual zero-click NTLM coercion path intact — now tracked as CVE-2026-32202 ([Akamai Security Research, 2026-04-23](https://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202) · [Help Net Security, 2026-04-29](https://www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/)). The mechanism: Windows Explorer automatically resolves UNC paths embedded in the `LinkTargetIDList` structure of malicious LNK files via `PathFileExistsW`, triggering an outbound SMB authentication handshake that leaks the user's Net-NTLMv2 hash to an attacker-controlled server — **folder-open is sufficient, no user click required**. Trust verification was applied only during `ShellExecuteExW` calls in the February 2026 patch, not in the earlier code paths where the credential theft occurs. Microsoft confirmed active exploitation on 2026-04-27 and CISA added CVE-2026-32202 to KEV the following day with a deadline of 2026-05-12. The April 14 patch shipped without the "exploited" flag, creating a 13-day window where security teams had no formal signal to treat it as urgent. Net-NTLMv2 hashes can be relayed (NTLM relay attacks) or cracked offline — both paths to lateral movement. Patch path: April 2026 Windows cumulative updates. Supplementary controls are blocking outbound TCP 445 to non-business internet destinations at the perimeter firewall, enabling the "Restrict NTLM" Group Policy (set to "Deny all" for outbound), and migrating authentication to Kerberos-only where operationally feasible. Detection priorities for SOC hunting: SMBv2 outbound connections from `explorer.exe` to non-corporate IPs; NTLM authentication event 4625 / 4776 with Net-NTLMv2 from workstations; LNK file inspection at mail gateway and EDR for `LinkTargetIDList` entries pointing to UNC paths. ATT&CK: [T1187 Forced Authentication](https://attack.mitre.org/techniques/T1187/), [T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay](https://attack.mitre.org/techniques/T1557/001/). — *Source: [Akamai Security Research — Incomplete Patch APT28 CVE-2026-32202](https://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202) · [Microsoft MSRC — CVE-2026-32202](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202) · [Help Net Security — Windows CVE-2026-32202 exploited](https://www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/) · [Daily 2026-05-08](briefs/2026-05-08.md) · Tags: vulnerabilities, actively-exploited, nation-state, espionage, cisa-kev, patch-available, russia-nexus · Region: europe, global · CVE: CVE-2026-32202, CVE-2026-21510 · CVSS: 4.3 · Vector: user-interaction · Auth: pre-auth · Status: exploited, cisa-kev, patch-available* ## 4. Sector & victim patterns ### Healthcare (CH, NL) Two healthcare incidents define the sector picture this week, both with European public-sector concentration. **Groupe 3R (Switzerland)** — Akira leak-site listing on a Romandie medical-imaging operator running 20 centres across seven cantons; the operator confirmed publicly on 2026-04-30, will not pay ransom, and is operating with legacy examination data still inaccessible at week-end ([Groupe 3R victim statement](https://www.groupe3r.ch/fr/information-importante-perturbation-de-nos-services-7268/) · [daily 2026-05-10](briefs/2026-05-10.md)). **ChipSoft (Netherlands)** — The 7 April 2026 attack on the Dutch healthcare software vendor — whose HiX platform serves roughly 70% of Dutch hospitals — was first reported with attacker identity unknown ([The Record, 2026-04-09](https://therecord.media/chipsoft-ransomware-attack-disrupts-dutch-hospitals)); the **Embargo** ransomware group's claim of responsibility, alongside the 66 Dutch DPA notifications, was reported in the subsequent NL Times follow-up. On 28–29 April ChipSoft stated the exfiltrated data had been destroyed in language Dutch security experts noted strongly implies a ransom was paid (ChipSoft did not confirm) ([NL Times, 2026-04-29](https://nltimes.nl/2026/04/29/chipsoft-hackers-destroyed-stolen-patient-data-leaks) · [daily 2026-05-07](briefs/2026-05-07.md)). Both incidents reinforce the same cross-finding pattern: ransomware operators' claims of data destruction are inherently unverifiable; GDPR breach-notification obligations and long-term breach-response posture do not expire when an attacker says they deleted the copy. — *Source: [Groupe 3R victim statement](https://www.groupe3r.ch/fr/information-importante-perturbation-de-nos-services-7268/) · [The Record — ChipSoft](https://therecord.media/chipsoft-ransomware-attack-disrupts-dutch-hospitals) · [NL Times — ChipSoft destroyed claim](https://nltimes.nl/2026/04/29/chipsoft-hackers-destroyed-stolen-patient-data-leaks) · Tags: ransomware, data-breach, organized-crime · Region: switzerland, europe · Sector: healthcare* ### Education (NL, UK, DE) Education saw the week's clearest cross-jurisdiction concentration via the Canvas / Instructure chain (full multi-day arc in § 2): **44 Dutch institutions** confirmed by SURF; **seven Dutch universities** (VU Amsterdam, UvA, Erasmus Rotterdam, Tilburg, TU/e, Maastricht, Twente) executed emergency Canvas disconnects on/before 2026-05-09 after the second-intrusion claim; three major UK universities (Oxford, Cambridge, Liverpool — Liverpool notified the ICO under GDPR Article 33); Dutch DPA opened a preliminary investigation; UK ICO informed. The vector — a compromised integration service account for a third-party LTI tool provider rather than Canvas core infrastructure — connects the education-sector picture directly to the third-party-credentials supply-chain class also visible in Vimeo/Anodot and Zara/Anodot ([The Next Web — largest education data breach in history](https://thenextweb.com/news/the-largest-education-data-breach-in-history-was-not-an-attack-on-a-school-it-was-an-attack-on-a-vendor) · [NL Times — Canvas hack: 44 Dutch universities and schools](https://nltimes.nl/2026/05/05/canvas-hack-student-data-44-dutch-universities-schools-taken-massive-breach) · [Techzine EU](https://www.techzine.eu/news/security/141149/dutch-university-disconnects-canvas-systems-after-instructure-hack/) · [daily 2026-05-10](briefs/2026-05-10.md)). — *Source: [The Next Web — largest education data breach in history](https://thenextweb.com/news/the-largest-education-data-breach-in-history-was-not-an-attack-on-a-school-it-was-an-attack-on-a-vendor) · [NL Times — Canvas hack: 44 Dutch universities and schools](https://nltimes.nl/2026/05/05/canvas-hack-student-data-44-dutch-universities-schools-taken-massive-breach) · [Techzine EU](https://www.techzine.eu/news/security/141149/dutch-university-disconnects-canvas-systems-after-instructure-hack/) · [DutchNews.nl](https://www.dutchnews.nl/2026/05/hackers-break-into-ed-tech-giant-again-after-massive-data-heist/) · Tags: data-breach, ransomware, organized-crime · Region: europe, uk · Sector: education* ### Public-sector administration and digital identity (FR, EU, FI, CH) Public-sector administration concentration is unusually heavy in 2026-W19. **France ANTS** — Agence Nationale des Titres Sécurisés, the French government central identity registry (biometric passports, national identity cards, driving licences) — confirmed a data-records exposure that Help Net Security reports as "between 12 and 18 million" data records; 15-year-old suspect detained 2026-04-25; charges include unauthorised access, data theft, disruption of a state system, and possession of hacking tools ([Help Net Security, 2026-05-04](https://www.helpnetsecurity.com/2026/05/04/france-titres-data-breach-teen-suspect/) · [daily 2026-05-06](briefs/2026-05-06.md) · [daily 2026-05-07 UPDATE](briefs/2026-05-07.md)). **Ivanti EPMM named EU victims previously associated with the platform** per Help Net Security's January-2026-wave reporting: European Commission (DG DIGIT), Dutch DPA, and Netherlands Council for the Judiciary (Help Net Security explicitly attributes those three to the January 2026 CVE-2026-1281/1340 wave, not the May 2026 chain). The daily 2026-05-09 also referenced Finnish Valtori per NCSC-FI advisory not in the Help Net Security article. Each named entity ran EPMM in MDM capacity, meaning compromised admin APIs had device-management access to enrolled endpoints of employees with elevated privileges. Whether the May 2026 wave caught additional named victims is not yet publicly disclosed at week-end ([Help Net Security, 2026-02-09](https://www.helpnetsecurity.com/2026/02/09/european-commission-ivanti-epmm-vulnerabilities/) · [daily 2026-05-09 UPDATE](briefs/2026-05-09.md)). **Europol shadow IT** — Correctiv / Solomon / Computer Weekly joint investigation disclosed that Europol operated CFN (since 2012) and "Pressure Cooker" data-processing platforms holding ≥ 2 PB outside standard EU data-protection oversight for over a decade; multiple categorised security deficiencies identified in a 2019 internal assessment including absent audit logs; per Correctiv, 15 of 150 recommendations remained unimplemented at EDPS monitoring closure in February 2026 ([Correctiv, 2026-05-05](https://correctiv.org/en/europe/2026/05/05/they-protect-the-law-while-breaking-it-inside-europols-shadow-it-system/) · [Computer Weekly](https://www.computerweekly.com/news/366642525/They-protect-the-law-while-breaking-it-Inside-Europols-shadow-IT-system) · [daily 2026-05-07](briefs/2026-05-07.md)). **Polish water OT** intrusions at five small municipal facilities (covered in § 7) round out the public-sector concentration. The cross-cutting theme is that EU public-sector identity, governance, and small-municipal infrastructure are simultaneously under direct attack, governance review, and structural-coverage-gap pressure — and that the institutional response cycle inside EU public-sector entities is now playing out in real time across all three. — *Source: [Help Net Security — France ANTS](https://www.helpnetsecurity.com/2026/05/04/france-titres-data-breach-teen-suspect/) · [Correctiv — Europol shadow IT](https://correctiv.org/en/europe/2026/05/05/they-protect-the-law-while-breaking-it-inside-europols-shadow-it-system/) · [Computer Weekly — Europol shadow IT](https://www.computerweekly.com/news/366642525/They-protect-the-law-while-breaking-it-Inside-Europols-shadow-IT-system) · Tags: data-breach, espionage, insider-threat · Region: europe, switzerland · Sector: public-sector* ### Critical infrastructure water (PL) Five Polish municipal water-treatment facilities (Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, Sierakowo) had their OT networks penetrated with pump control parameters modified; manual override at at least one site prevented service disruption ([daily 2026-05-08](briefs/2026-05-08.md)). The ABW 2025 Annual Report (published 2026-05-07) formally attributed the campaign to **APT28** (GRU) and **APT29** (SVR), with **UNC1151** (Belarusian-linked, Ghostwriter cluster) named in the same attribution discussion ([SecurityWeek — Polish security agency reports ICS breaches at five water treatment plants](https://www.securityweek.com/polish-security-agency-reports-ics-breaches-at-five-water-treatment-plants/) · [daily 2026-05-09 UPDATE](briefs/2026-05-09.md)) — materially more granular than the initial "pro-Russian hacktivist" framing. All five facilities were below the NIS2 essential-entity headcount threshold at intrusion time. Cross-cutting theme: small municipal CI operators sit below regulatory coverage but inside hostile-state targeting; Dragos's 8th annual OT YiR (§ 6) reinforces with 65 percent of assessed sites carrying insecure remote-access conditions and hidden IT/OT network paths surfacing during routine penetration tests. Swiss / EU water, energy, and utility operators should re-validate IT-OT segmentation and authentication posture on industrial-gateway and SCADA management interfaces as a direct action carried into 2026-W20. — *Source: [SecurityWeek — Polish security agency reports ICS breaches at five water treatment plants](https://www.securityweek.com/polish-security-agency-reports-ics-breaches-at-five-water-treatment-plants/) · [Daily 2026-05-08](briefs/2026-05-08.md) · [Daily 2026-05-09 — ABW Annual Report attribution UPDATE](briefs/2026-05-09.md) · Tags: nation-state, hacktivism, ot-ics, actively-exploited, russia-nexus, disinformation · Region: europe · Sector: water, public-sector* ### Transport (NL/EU) Eurail began issuing breach notifications to **308,777 customers** in late April 2026, three months after the December 2025 incident in which an attacker accessed personal data including **passport numbers, IBANs, and DiscoverEU pass details**. The three-month gap between discovery and notification is under review by the Autoriteit Persoonsgegevens (Dutch DPA) and the European Data Protection Supervisor (EDPS), which holds jurisdiction over EU institutional data processing. GDPR Article 33 requires supervisory authority notification within 72 hours of awareness of a breach; the regulatory review focuses on that compliance gap ([daily 2026-05-08](briefs/2026-05-08.md)). The exposed dataset covers EU member-state travellers who registered DiscoverEU passes; Swiss nationals who applied through bilateral arrangement may also be affected. — *Source: [BleepingComputer — Eurail says December data breach impacts 300,000 individuals](https://www.bleepingcomputer.com/news/security/eurail-says-december-data-breach-impacts-300-000-individuals/) · [SecurityWeek — Traveler information stolen in Eurail data breach](https://www.securityweek.com/traveler-information-stolen-in-eurail-data-breach/) · [Daily 2026-05-08](briefs/2026-05-08.md) · Tags: data-breach · Region: europe · Sector: transport* ### Media and political (HU, DE) Two European political / media targets in the week: **Mediaworks Kft (Hungary)** — World Leaks claimed 8.5 TB of exfiltrated data including payroll, contracts, and internal editorial communications; Mediaworks confirmed "a significant amount of illegally obtained data may have come into the possession of unauthorized persons"; no public regulator notification announcement at window close ([The Record, 2026-05-04](https://therecord.media/ransomware-group-claims-breach-of-pro-orban-media-firm) · [daily 2026-05-06](briefs/2026-05-06.md)). **Die Linke (Germany)** — German federal political party confirmed Qilin ransomware encryption and 1.5 TB exfiltration; state DPA notified; no public ransom figure ([heise online — covered in daily, 2026-05-08](briefs/2026-05-08.md)). Two distinct operators (data-theft-only WorldLeaks versus encrypt-and-exfiltrate Qilin), shared targeting of politically significant European entities. The defender lesson: data-theft-only operators defeat backup-centric ransomware defences entirely — effective detection requires egress monitoring and data-loss-prevention tooling capable of alerting on large-volume exfiltration *before* the attacker goes public on a leak site. — *Source: [The Record — Mediaworks claim](https://therecord.media/ransomware-group-claims-breach-of-pro-orban-media-firm) · [Daily 2026-05-08 — Die Linke / Qilin](briefs/2026-05-08.md) · Tags: ransomware, organized-crime, data-breach · Region: europe, dach · Sector: media* ### AI tooling SaaS (multi-tenant credential aggregation, US) A new sector pattern surfaced this week: **AI tooling SaaS as a multi-tenant credential aggregation surface**. Two parallel incidents make the architecture explicit. **Braintrust** (AI evaluation / observability) — confirmed 2026-05-04 AWS account compromise; the compromised account held organisation-level API keys customers use to connect upstream LLM providers (OpenAI, Anthropic, Azure OpenAI); Braintrust instructed every customer to rotate organisation-level provider credentials regardless of confirmed exposure; one customer confirmed compromised, three reported anomalous AI usage spikes consistent with credential abuse ([TechCrunch, 2026-05-06](https://techcrunch.com/2026/05/06/ai-evaluation-startup-braintrust-confirms-breach-tells-every-customer-to-rotate-sensitive-keys/) · [SecurityWeek, 2026-05-08](https://www.securityweek.com/ai-firm-braintrust-prompts-api-key-rotation-after-data-breach/) · [daily 2026-05-10](briefs/2026-05-10.md)). **LiteLLM Proxy CVE-2026-42208** — the database holds every virtual key, upstream-provider credential, and team binding configured into the proxy; pre-auth SQLi exposes them all; CISA KEV deadline Monday 2026-05-11. Cross-finding pattern: AI-evaluation, AI-observability, AI-gateway, prompt-management, and agent-evaluation platforms all aggregate organisation-level upstream-provider credentials for many tenants per vendor, so a single SaaS-tier compromise propagates into a multi-provider credential event for every downstream tenant. European public-sector AI pilots in 2026-W20 should inventory which AI-tooling SaaS vendors hold organisation-level upstream-provider keys, require per-environment scoping, and require provider-side anomaly alerts. — *Source: [TechCrunch — Braintrust breach](https://techcrunch.com/2026/05/06/ai-evaluation-startup-braintrust-confirms-breach-tells-every-customer-to-rotate-sensitive-keys/) · [SecurityWeek — Braintrust API key rotation](https://www.securityweek.com/ai-firm-braintrust-prompts-api-key-rotation-after-data-breach/) · [Bishop Fox — LiteLLM CVE-2026-42208](https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy) · Tags: data-breach, supply-chain, cloud, ai-abuse · Region: global · Sector: technology* ## 5. Incidents & disclosures recap A defender's learning summary of the week's notable publicly-disclosed incidents — cross-cutting themes, recurring root causes, common initial-access vectors, regulatory follow-up. Items already deep-covered in §§ 1–2 (Groupe 3R, Canvas/Instructure) are not duplicated. ### DigiCert support portal compromise — Salesforce-based support-chat social engineering yielded 60 fraudulent EV code-signing certificates DigiCert confirmed on 2026-05-04 that a targeted social-engineering attack on its Salesforce-based customer-support portal in early April 2026 resulted in the fraudulent generation of 60 Extended Validation code-signing certificates. Two analyst endpoints were infected via a malicious Windows screensaver (.scr) repeatedly submitted via support chat; the second analyst's endpoint went undetected for approximately twelve days due to absent or degraded EDR coverage. The attacker used portal access to obtain certificate initialization codes and generated 60 EV certificates across multiple customer accounts; DigiCert confirmed 27 were directly attacker-linked; a community member subsequently identified 11 used to sign the **Zhong Stealer** malware family (Chinese e-crime, cryptocurrency-asset targeting). All 60 certificates revoked; MFA now mandatory on portal access; file upload functionality restricted ([Help Net Security, 2026-05-04](https://www.helpnetsecurity.com/2026/05/04/digicert-breach-code-signing-certificates-malware/) · [SecurityWeek, 2026-05-04](https://www.securityweek.com/digicert-revokes-certificates-after-support-portal-hack/) · [daily 2026-05-06](briefs/2026-05-06.md)). **Defender takeaway:** software signed with DigiCert-backed EV certificates during early April through 2026-05-04 warrants validation against the revoked certificate list; the recurring root cause across this and the third-party-analytics incidents in § 2 is that *support-tier* and *analyst-tier* endpoints frequently receive lower EDR-coverage bar than production endpoints despite holding equivalent or higher operational privilege. — *Source: [Help Net Security — DigiCert breach](https://www.helpnetsecurity.com/2026/05/04/digicert-breach-code-signing-certificates-malware/) · [SecurityWeek — DigiCert revokes certificates](https://www.securityweek.com/digicert-revokes-certificates-after-support-portal-hack/) · [Daily 2026-05-06](briefs/2026-05-06.md) · Tags: supply-chain, data-breach, identity, phishing, china-nexus · Region: global · Sector: technology* ### Trellix source code repository breach — vendor confirmed, scope undisclosed, supply-chain integrity question open Trellix, a major endpoint-security / XDR vendor serving enterprise and government customers globally, confirmed on 2026-05-04 that an unauthorised party accessed a portion of its internal source code repository. The company engaged external forensic specialists and notified law enforcement; Trellix stated no evidence was found that its product code-release or distribution pipeline was affected and no evidence the accessed code was exploited or altered. The initial access vector, duration of access, scope of repositories affected, and customer data impact have not been disclosed ([BleepingComputer, 2026-05-04](https://www.bleepingcomputer.com/news/security/trellix-discloses-data-breach-after-source-code-repository-hack/) · [The Hacker News, 2026-05-04](https://thehackernews.com/2026/05/trellix-confirms-source-code-breach.html) · [daily 2026-05-06](briefs/2026-05-06.md)). **Defender takeaway:** organisations running Trellix endpoint or XDR products should maintain elevated scrutiny on Trellix software updates until the forensic investigation publicly concludes; the supply-chain integrity question — could the accessed code be re-used by an attacker for bug discovery or implant tailoring? — remains unresolved. — *Source: [BleepingComputer — Trellix data breach](https://www.bleepingcomputer.com/news/security/trellix-discloses-data-breach-after-source-code-repository-hack/) · [The Hacker News — Trellix source code](https://thehackernews.com/2026/05/trellix-confirms-source-code-breach.html) · [Daily 2026-05-06](briefs/2026-05-06.md) · Tags: data-breach, supply-chain · Region: global · Sector: technology* ### DAEMON Tools Lite supply-chain compromise — China-nexus QUIC RAT delivered via signed installers; ~12 selective government / scientific / manufacturing targets Official DAEMON Tools Lite Windows installers (versions 12.5.0.2421 → 12.5.0.2434) were trojanised on the Disc Soft vendor distribution server from 8 April to 5 May 2026, with malicious installers maintaining the authentic AVB Disc Soft code-signing certificate. The campaign deployed three stages: a `.NET` information collector (`envchk.exe`) for host fingerprinting deployed broadly across more than 100 countries (Germany, France, Spain, and Italy appear explicitly in first-stage victim telemetry); a shellcode-based backdoor; and **QUIC RAT** — a C++ implant supporting HTTP / UDP / TCP / WebSocket / QUIC / HTTP/3 C2 channels — *selectively* deployed to approximately twelve targets in government, scientific, manufacturing, and retail sectors in Russia, Belarus, and Thailand per Kaspersky. Chinese-language strings in the information collector suggest a Chinese-speaking actor; no formal attribution to a named group. The C2 domain was registered 2026-03-27 — approximately two weeks before the first trojanised installer (2026-04-08) — confirming pre-planned operation. Disc Soft acknowledged 2026-05-05, released clean version 12.6.0.2445, resolved the distribution compromise within 12 hours ([Kaspersky Securelist](https://www.kaspersky.com/blog/daemon-tools-supply-chain-attack/55691/) · [The Record, 2026-05-06](https://therecord.media/hackers-compromise-daemon-tools-global-supply-chain-attack) · [BleepingComputer, 2026-05-06](https://www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/) · [Help Net Security, 2026-05-06](https://www.helpnetsecurity.com/2026/05/06/daemon-tools-compromised-backdoors-supply-chain-attack/) · [daily 2026-05-07 and 2026-05-09 UPDATE](briefs/2026-05-09.md)). **Defender takeaway:** audit endpoints for DAEMON Tools Lite versions 12.5.0.2421 – 12.5.0.2434 installed on any government, scientific, or manufacturing endpoint since 8 April 2026; hunt for `envchk.exe`, unsigned processes injected into `notepad.exe` or `conhost.exe`, and outbound UDP 443 (QUIC) to non-sanctioned destinations; Sysmon EID 1 with parent-image filters surfaces post-injection activity. The pattern — selective QUIC-channel deployment behind broad-targeting reconnaissance staging — is the operationally important detail; it explains why telemetry hit-rate alone underestimates targeted-actor presence. — *Source: [Kaspersky — DAEMON Tools supply chain attack](https://www.kaspersky.com/blog/daemon-tools-supply-chain-attack/55691/) · [The Record — DAEMON Tools global supply-chain attack](https://therecord.media/hackers-compromise-daemon-tools-global-supply-chain-attack) · [BleepingComputer — DAEMON Tools trojanized](https://www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/) · [Daily 2026-05-09](briefs/2026-05-09.md) · Tags: supply-chain, espionage, china-nexus, infostealer · Region: europe, global · Sector: public-sector, manufacturing, technology* ### JDownloader official site compromised — Windows and Linux installers swapped for ~48 hours The official download page of JDownloader (German-developed AppWork GmbH, Java-based download manager popular across European user bases) was compromised between approximately 2026-05-06 and 2026-05-08; attackers exploited an unpatched access-control flaw in the site's CMS layer to replace Windows and Linux installer download links without altering the main JAR, the in-app updater, the macOS bundle, or the package-manager distributions (Winget, Flatpak, Snap). Trojanised Windows executables bore forged publisher names — "Zipline LLC", "The Water Team", "Peace Team" — triggering Windows SmartScreen warnings that helped some users detect the substitution. The substituted installers carry a Python-based remote-access payload; a more specific capability description has not been corroborated by a named research lab in available reporting. The JDownloader team confirmed and asked users to verify file hashes against the project's published SHA-256 manifest ([PiunikaWeb, 2026-05-08](https://piunikaweb.com/2026/05/08/jdownloader-website-hacked-malware/) · [CyberKendra, 2026-05-07](https://www.cyberkendra.com/2026/05/jdownloader-website-hacked-malicious.html) · [daily 2026-05-10](briefs/2026-05-10.md)). **Defender takeaway:** audit developer / power-user / multimedia-engineering workstations across DACH for JDownloader installers downloaded between 2026-05-06 and 2026-05-08 from the official site or "Alternative Installer" link; hunt for unsigned / non-AppWork-signed `JDownloader*.exe`, unexpected Python interpreters in user-profile paths, and Python child processes spawned from JDownloader parent images. — *Source: [PiunikaWeb — JDownloader compromised](https://piunikaweb.com/2026/05/08/jdownloader-website-hacked-malware/) · [CyberKendra — JDownloader malicious installers](https://www.cyberkendra.com/2026/05/jdownloader-website-hacked-malicious.html) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: supply-chain, infostealer · Region: europe, dach, global · Sector: technology* ### DENIC .de DNSSEC outage — 3.5 h registry-side trust failure traced to keytag 33834 collision and an alerting-layer fire-without-page On 2026-05-05 starting approximately 19:30 UTC (per Cloudflare's recorded incident-start timestamp), DENIC (the .de registry) began distributing invalid DNSSEC signatures for the .de TLD, making .de TLD resolution fail across DNSSEC-validating resolvers for roughly 3.5 hours; Cloudflare's write-up describes potential impact on "millions of domains" without quantifying the count. The 2026-05-08 post-mortem confirmed the root cause: a code defect in DENIC's third-generation custom signing infrastructure (deployed April 2026 atop Knot DNS) generated **three private key pairs all assigned the same Key Tag (33834)** during a routine Zone-Signing-Key rotation, while only one corresponding public DNSKEY record was published to the zone. RRSIG records signed by the two unpublished keys were therefore unvalidatable; resolvers marked all .de delegations as "Bogus", and the bogus NSEC3 trust path also took down resolution for non-DNSSEC-signed .de domains. Cloudflare deployed an RFC 7646 Negative Trust Anchor for its resolvers at 22:17 UTC — a roughly 2-hour-47-minute mitigation gap from the recorded incident start. Critically, DENIC notes the monitoring pipeline detected anomalous resolver behaviour but **the alerting layer did not correctly forward the alerts** — a fire-without-page failure. Knot DNS itself is not implicated; the bug was in DENIC's automation layer ([DENIC analysis blog, 2026-05-08](https://blog.denic.de/analyse-des-dns-ausfalls-vom-5-mai-2026/) · [Cloudflare blog](https://blog.cloudflare.com/de-tld-outage-dnssec/) · [heise online, 2026-05-08](https://www.heise.de/news/DNS-Probleme-mit-de-Domains-DENIC-liefert-erste-Erklaerung-11288197.html) · [daily 2026-05-09](briefs/2026-05-09.md) · [daily 2026-05-10 post-mortem UPDATE](briefs/2026-05-10.md)). **Defender takeaway:** DNSSEC registry-side errors are indistinguishable from attacker-induced trust failures from a resolver's perspective. Validating-resolver operators in DACH and EU public-sector environments should keep RFC 7646 Negative Trust Anchor capability live for continuity during registry incidents and ensure runbooks separate "registry KSK/ZSK rollover defect" from "zone-level attack on a downstream domain". The cross-finding for incident-response leaders is more general: alerting-pipeline reliability is itself a critical-infrastructure component, and a monitored anomaly that doesn't page is functionally an unmonitored anomaly. — *Source: [DENIC analysis blog (German)](https://blog.denic.de/analyse-des-dns-ausfalls-vom-5-mai-2026/) · [DENIC post-incident report (English)](https://blog.denic.de/en/technical-issue-with-de-domains-resolved/) · [Cloudflare blog — .de TLD outage](https://blog.cloudflare.com/de-tld-outage-dnssec/) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: vulnerabilities, dos, eu-nexus · Region: europe, dach · Sector: public-sector, technology* ### German LG Berlin II ruling — Apobank liable for €218,000+ phishing loss; PSD2 IP-analytics obligation clarified On 2026-04-22 the Landgericht Berlin II (Civil Chamber 38, case 38 O 293/25; not yet final pending appeal) ordered Deutsche Apotheker- und Ärztebank (Apobank) to reimburse €218,000+ in losses from a sophisticated phishing attack combining forged physical bank letters, manipulated online banking interfaces, and spoofed-number phone calls. The court rejected gross-negligence defences, finding the fraud too sophisticated to attribute to customer failure; critically, the ruling found the bank's fraud-detection systems failed to act on a clear anomaly visible in bank-side logs — the new device registration and first login originated from materially different IP addresses and ISPs. The court treated this as an obligation under Germany's PSD2 implementation: an IP-based behavioural analytics duty triggering a strong-customer-authentication challenge when registration and first-use IPs diverge ([heise online, 2026-05-08](https://www.heise.de/news/Urteil-gegen-die-Apobank-Finanzinstitut-haftet-fuer-Phishing-Schaden-11288231.html) · [ilex Rechtsanwälte case summary](https://www.anwalt.de/rechtstipps/phishing-ilex-rechtsanwaelte-erwirkt-haftung-der-apobank-269786.html) · [daily 2026-05-09](briefs/2026-05-09.md)). **Defender takeaway:** EU and Swiss financial-sector and public-sector digital-service providers should expect this trend of liability lines moving toward the service provider when fraud signals are *present in server-side telemetry but not acted on*. The defensive engineering implication is concrete: register-new-device and first-login IP / ISP comparison is now a regulatory expectation in PSD2 jurisdictions, not just a best-practice control. — *Source: [heise online — Urteil gegen die Apobank](https://www.heise.de/news/Urteil-gegen-die-Apobank-Finanzinstitut-haftet-fuer-Phishing-Schaden-11288231.html) · [ilex Rechtsanwälte case summary](https://www.anwalt.de/rechtstipps/phishing-ilex-rechtsanwaelte-erwirkt-haftung-der-apobank-269786.html) · [Daily 2026-05-09](briefs/2026-05-09.md) · Tags: phishing, identity, law-enforcement · Region: europe, dach · Sector: finance* ## 6. Annual / periodic threat reports Six yearly or quarterly reports surfaced or remained operationally relevant in 2026-W19. Synthesis below is cross-finding only — the dailies' first-coverage recaps are not repeated here. ### Europol IOCTA 2026 The Internet Organised Crime Threat Assessment 2026 (published 2026-04-28) was Europol's first IOCTA to identify the *interweaving of state-sponsored hybrid threats with criminal actors* as the defining strategic risk for EU public-sector defenders. The cross-finding pattern between IOCTA's framing and the rest of 2026-W19 is unusually direct: the WorldLeaks / ShinyHunters operator family targeting government identity registries and politically significant EU media entities, the named-cluster attribution on Polish water OT to APT28 + APT29 + UNC1151 sharing initial access tradecraft with hacktivist information operations, and the Bauman / GRU pipeline investigation (§ 7) all illustrate the convergence IOCTA flagged. For public-sector procurement and identity-management functions specifically, IOCTA's identification of public institutions, major technology companies, and EU citizens' personal data as primary risk targets matches the week's incident concentration exactly. ([Europol IOCTA, 2026-04-28](https://home-affairs.ec.europa.eu/news/europol-published-report-latest-trends-cybercrime-landscape-2026-04-29_en); [daily 2026-05-06 first coverage](briefs/2026-05-06.md)). — *Source: [Europol IOCTA 2026 (EC Migration & Home Affairs)](https://home-affairs.ec.europa.eu/news/europol-published-report-latest-trends-cybercrime-landscape-2026-04-29_en) · [Daily 2026-05-06](briefs/2026-05-06.md) · Tags: organized-crime, nation-state, espionage, eu-nexus · Region: europe* ### Mandiant M-Trends 2026 M-Trends 2026 (published 2026-03-23, first covered 2026-05-07) reinforces three cross-cutting trends visible in this week's incidents: voice phishing surged to the second most prevalent initial-access vector at 11% (overtaking email phishing at 6%) driven by IT help-desk impersonation and SaaS OAuth token theft — directly evidenced this week in the ADT vishing → Okta SSO → Salesforce pivot and in MuddyWater's Teams external-access helpdesk pretext (§ 7); ransomware initial access via prior compromise doubled to 30% — implicit in the access-broker / ransomware-affiliate model behind Akira, Embargo, and Qilin's targeting of European victims; and edge-device persistence on VPNs, routers, and network appliances without EDR coverage remains the dominant initial-access technique for state-sponsored espionage — directly mirrored in CL-STA-1132's PAN-OS exploitation and in Ivanti EPMM's named EU victims. The reframe IOCTA does not give but M-Trends does: median dwell time globally has *increased* to 14 days (up from 11 in 2024) and espionage-focused intrusions average 122-day median dwell — i.e. when the Ivanti EPMM and PAN-OS post-compromise hunting horizons land on retrospective log review back to March/April, that horizon is consistent with Mandiant's observed espionage dwell envelope. ([Google Cloud / Mandiant M-Trends 2026, 2026-03-23](https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026); [daily 2026-05-07](briefs/2026-05-07.md)). — *Source: [Google Cloud / Mandiant — M-Trends 2026](https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026) · [Daily 2026-05-07](briefs/2026-05-07.md) · Tags: nation-state, espionage, ransomware · Region: global* ### Google Threat Intelligence Group — Europe data-leak landscape 2025 GTIG's Europe data-leak landscape analysis (published 2026-04-15, first covered 2026-05-07) is the second-tier annual reference that materially affects DACH defender posture and merits cross-week synthesis: Germany is the primary European ransomware target with **SAFEPAY** accounting for 25% of German data-leak-site posts (76 victims claimed in 2025), **Qilin** tripling operational tempo in Germany during Q3 2025 with 13 additional German victims posted by early 2026 (Die Linke this week confirms continued activity into 2026-W19), and **Sarcoma** actively recruiting German network access via criminal forums since November 2024. **96% of German ransomware victims are organisations with fewer than 5,000 employees** — exploited both directly and as supply-chain footholds into larger enterprises and government contractors; legal and professional services rose to 14% of victims — explicitly relevant to Swiss / EU public-sector procurement officers since those firms hold client IP and M&A intelligence. GTIG attributes part of the shift to AI-enabled high-quality localisation eroding the language-barrier protection that historically benefited non-English-speaking markets ([daily 2026-05-07](briefs/2026-05-07.md)). — *Source: [GTIG — Europe data leak landscape](https://cloud.google.com/blog/topics/threat-intelligence/europe-data-leak-landscape) · [Daily 2026-05-07](briefs/2026-05-07.md) · Tags: ransomware, organized-crime, data-breach · Region: europe, dach* ### Dragos 2025 OT Cybersecurity Year in Review — Frontlines IR Edition Dragos's 8th annual OT industrial-IR retrospective (covered 2026-05-08) is the week's most directly actionable annual-report reference for Swiss / EU CI operators reading after the Polish water OT attribution: Dragos's blog announcement records that **65 percent of sites assessed had insecure remote-access conditions, including default credentials, unpatched VPNs, and exposed RDP sessions**, and that many organisations believe they have proper IT/OT network segmentation while routine penetration tests reveal hidden connections. The report's NIS2 Annex-I compliance discussion directly contextualises the ABW 2025 Annual Report observation (§ 4) that the five Polish water-treatment facilities fell below the NIS2 essential-entity threshold and that legislative action is being considered to extend NIS2 obligations to critical-function entities regardless of headcount. The IEC 62443 zoning and conduit model is the recommended remediation reference architecture; the Swiss NCSC sector-specific ICS guidance (SARI framework) is the equivalent CH-side baseline. The defender lesson from the Dragos AI-assisted water utility attack item (2026-05-07) lands in the same line: AI tooling is progressively reducing the technical bar for OT-targeting attacks; prevention-only OT security strategies are inadequate as primary defences ([daily 2026-05-08](briefs/2026-05-08.md), [daily 2026-05-07 — AI-assisted ICS attack](briefs/2026-05-07.md)). — *Source: [Dragos — 8th Annual OT Cybersecurity Year in Review blog announcement](https://www.dragos.com/blog/dragos-8th-annual-ot-cybersecurity-year-in-review-is-now-available) · [Dragos — AI-assisted ICS attack water utility](https://www.dragos.com/blog/ai-assisted-ics-attack-water-utility/) · [Daily 2026-05-08](briefs/2026-05-08.md) · Tags: ot-ics, ai-abuse · Region: global, europe · Sector: water, energy, manufacturing* ### Kaspersky Q1 2026 Exploits and Vulnerabilities Report Kaspersky's quarterly exploitation analysis for Q1 2026 reports that exploit kits expanded again to include new Microsoft Office, Windows, and Linux exploits, and that veteran vulnerabilities CVE-2018-0802 (Equation Editor RCE), CVE-2017-11882, and CVE-2023-38831 still account for the largest share of detections in the quarter ([Kaspersky Securelist — Exploits and Vulnerabilities Q1 2026](https://securelist.com/vulnerabilities-and-exploits-in-q1-2026/119733/)). The Securelist report also notes that AI-tool use for vulnerability discovery is increasing total registered vulnerability volume — a defender-side reframe for the M-Trends 2026 dwell-time data above ([daily 2026-05-08](briefs/2026-05-08.md)). — *Source: [Kaspersky Securelist — Exploits and Vulnerabilities Q1 2026](https://securelist.com/vulnerabilities-and-exploits-in-q1-2026/119733/) · [Daily 2026-05-08](briefs/2026-05-08.md) · Tags: vulnerabilities, zero-day, ransomware · Region: global* ### ABW (Poland) 2025 Annual Report — APT28/APT29/UNC1151 tri-attribution on small-municipal water facilities ABW's 2025 Annual Report (published 2026-05-07) is the only annual report this week that combines new ground-truth attribution detail with explicit regulatory-coverage-gap framing. The five named municipal water facilities (Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, Sierakowo) all sit below the NIS2 essential-entity headcount threshold. ABW formally attributes initial access and persistence to **APT28** (GRU), intelligence-collection overlay at Jabłonna Lacka to **APT29** (SVR), and a disinformation overlay (fabricated leak documents purporting contamination data) to **UNC1151** (Belarusian, Ghostwriter-affiliated) — granular tri-attribution materially beyond the "pro-Russian hacktivist" framing in initial reporting. ABW is recommending legislative action to extend NIS2 obligations to critical-function entities regardless of headcount. The cross-finding pattern for Swiss / EU public-sector readers: small municipal CI operators sit below regulatory coverage but inside hostile-state targeting; expect more regulator-side movement on this gap in coming weeks ([daily 2026-05-09 UPDATE](briefs/2026-05-09.md)). — *Source: [Daily 2026-05-09 — Polish water OT UPDATE / ABW Annual Report](briefs/2026-05-09.md) · [CISA AA24-207A — Russian GRU CI targeting (background reference)](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a) · Tags: nation-state, ot-ics, russia-nexus, hacktivism, disinformation · Region: europe · Sector: water, public-sector* ## 7. Long-running campaigns — status update Status updates on long-running operator campaigns tracked in `state/covered_items.json`. Deduplicated against this week's daily-brief Updates. Outstanding defender questions surfaced where the source supports. ### CL-STA-1132 (PAN-OS CVE-2026-0300 exploitation cluster, likely state-sponsored) Current state: actively in-the-wild against internet-facing PAN-OS PA-Series / VM-Series firewalls since approximately 2026-04-09; the KEV deadline (2026-05-09) expired with no patch available and the staged patch window runs 2026-05-13 → 2026-05-28. Post-exploitation tradecraft per Unit 42 and the daily 2026-05-09 UPDATE is consistent: shellcode injection into `nginx` worker processes, EarthWorm / ReverseSocks5 tunnelling, Python implants under `/var/tmp/linuxupdate` and `/tmp/.c`; the daily UPDATE additionally records rogue admin accounts named `svc-health-check-[6-digit-numeric]`, PAN-OS credential-store theft, and Active Directory enumeration via OSPF queries. Unit 42's 2026-05-08 update added explicit EarthWorm / ReverseSocks5 framing to the cluster (covered as marginal delta in the 2026-05-10 daily). Outstanding question for defenders into 2026-W20: with patches landing 2026-05-13 → 2026-05-28, the at-risk window remains open into next week's reporting and retrospective-log review for the `svc-health-check-` pattern across the 2026-04-09 → present period is the highest-priority hunt action. (Daily references: [2026-05-07](briefs/2026-05-07.md) deep dive · [2026-05-09](briefs/2026-05-09.md) UPDATE.) — *Source: [Unit 42 — Captive Portal zero-day](https://unit42.paloaltonetworks.com/captive-portal-zero-day/) · [Palo Alto PSIRT — CVE-2026-0300](https://security.paloaltonetworks.com/CVE-2026-0300) · [Daily 2026-05-09](briefs/2026-05-09.md) · Tags: nation-state, espionage, actively-exploited, china-nexus · Region: europe, global · Sector: public-sector, defense* ### UAT-8302 (China-nexus, Talos; SE European government victims) Current state: long-term gov-network access operations against South American government networks since late 2024 and southeastern European government agencies in 2025 — Talos disclosure published 2026-05-05 was the first detailed write-up. Tooling overlap links UAT-8302 to multiple Chinese-quartermaster-shared clusters (Ink Dragon, Earth Alux, Jewelbug, REF7707, LongNosedGoblin, Erudite Mogwai / Space Pirates). No new in-window developments beyond the original Talos disclosure (2026-05-05), and `state/covered_items.json` carries it as first-covered 2026-05-06. Outstanding defender question: whether southeastern European government victim list will expand publicly. Initial-access CVE not yet disclosed; Talos referenced post-compromise tooling (gogo scanner, Impacket, NetDraft/NosyDoor, CloudSorcerer v3.0, SNOWLIGHT/SNOWRUST, Deed RAT/Snappybee, Zingdoor, Draculoader, Stowaway, SoftEther VPN) rather than the entry vector. — *Source: [Cisco Talos — UAT-8302](https://blog.talosintelligence.com/uat-8302/) · [Daily 2026-05-06](briefs/2026-05-06.md) · Tags: nation-state, espionage, china-nexus · Region: europe, global · Sector: public-sector* ### ShinyHunters / WorldLeaks family (financial-data extortion, third-party-SaaS pivot) Current state: most-active operator family of 2026-W19. Confirmed parallel involvement across Vimeo/Anodot, Inditex/Zara/Anodot, ADT/Okta-SSO/Salesforce, and Canvas/Instructure (second-intrusion claim despite May 8 patches). The architectural pattern across these incidents — third-party analytics, BI, integration, or LTI service accounts holding broad read access to tenant data — is consistent and converging. The Canvas/Instructure extortion deadline is 2026-05-12 (two days out at week-end). Outstanding defender question: which AI-tooling SaaS or analytics SaaS vendor will be the next confirmed pivot point. (See § 2 multi-day chain.) — *Source: [BleepingComputer — Instructure data breach](https://www.bleepingcomputer.com/news/security/instructure-confirms-data-breach-shinyhunters-claims-attack/) · [SecurityAffairs — Zara breach](https://securityaffairs.com/191859/cyber-crime/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html) · [Vimeo official blog](https://vimeo.com/blog/post/anodot-third-party-security-incident) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: organized-crime, data-breach, supply-chain · Region: europe, global · Sector: technology, education, retail* ### MuddyWater (Iran / MOIS) Chaos ransomware false-flag + Teams BEC Current state: refreshed 2026 campaign documented by Rapid7 ("Muddying the Tracks") and corroborated this week by BleepingComputer and SecurityWeek. Per Rapid7 ("Operation Olalampo"), the campaign's observed victimology is construction, manufacturing, and business-services organisations in the U.S. and MENA regions; deploys Chaos ransomware with criminal-group branding to complicate attribution and delay IR triage; uses Microsoft Teams external-chat requests for an interactive screen-sharing helpdesk pretext to harvest credentials and manipulate MFA. Attribution evidence per Rapid7: a "Donald Gay" code-signing certificate, the `moonzonet[.]com` C2 domain, `pythonw.exe` process injection of suspended processes, and the Teams MFA-harvest tradecraft — all consistent with prior MuddyWater (Seedworm) operations attributed to Iran's Ministry of Intelligence and Security ([Rapid7 — Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware](https://www.rapid7.com/blog/post/tr-muddying-tracks-state-sponsored-shadow-behind-chaos-ransomware/) · [BleepingComputer — MuddyWater hackers use Chaos ransomware as a decoy](https://www.bleepingcomputer.com/news/security/muddywater-hackers-use-chaos-ransomware-as-a-decoy-in-attacks/) · [SecurityWeek — Iranian APT intrusion masquerades as Chaos ransomware attack](https://www.securityweek.com/iranian-apt-intrusion-masquerades-as-chaos-ransomware-attack/)). M-Trends 2026 (§ 6) notes voice phishing surged to the second most prevalent initial-access vector at 11% with IT help-desk impersonation as a primary modality — MuddyWater's Teams variant of that pattern is operationally similar. Outstanding defender question: whether the same false-flag tradecraft expands across additional Chaos-branded incidents now that the attribution is public. — *Source: [Rapid7 — Muddying the Tracks](https://www.rapid7.com/blog/post/tr-muddying-tracks-state-sponsored-shadow-behind-chaos-ransomware/) · [BleepingComputer — MuddyWater Chaos decoy](https://www.bleepingcomputer.com/news/security/muddywater-hackers-use-chaos-ransomware-as-a-decoy-in-attacks/) · [SecurityWeek — Iranian APT masquerades as Chaos](https://www.securityweek.com/iranian-apt-intrusion-masquerades-as-chaos-ransomware-attack/) · [Daily 2026-05-08](briefs/2026-05-08.md) · Tags: nation-state, espionage, ransomware, phishing, identity, iran-nexus · Region: us, middle-east · Sector: manufacturing* ### APT28 / APT29 / UNC1151 (Polish water OT) Current state: ABW 2025 Annual Report (2026-05-07 publication, covered 2026-05-09) is the formal-attribution development this week. Per SecurityWeek's coverage of the ABW report, the campaign against the five small Polish municipal water facilities is attributed to **APT28** (GRU) and **APT29** (SVR) — with **UNC1151** (Belarusian-linked) named in the same attribution discussion. The granular per-facility breakdown and disinformation-overlay specifics carried in the daily 2026-05-09 UPDATE trace back to the Polish-language ABW report itself rather than the English secondary coverage; defenders relying on the English reporting should treat the actor-cluster trio as attributed jointly without per-facility specificity unless the ABW primary is consulted. The same APT28 cluster is in active operation against EU government ministries via CVE-2026-32202 (Windows Shell NTLM coercion, § 3). Outstanding defender question: whether ABW-recommended NIS2 expansion to critical-function entities below the headcount threshold gains EU-level momentum in coming weeks. — *Source: [Daily 2026-05-09 — ABW Annual Report attribution](briefs/2026-05-09.md) · [CISA AA24-207A (background reference)](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a) · Tags: nation-state, ot-ics, russia-nexus, hacktivism, disinformation · Region: europe · Sector: water, public-sector* ### Sandworm / GRU Unit 74455 — Bauman pipeline disclosure Current state: investigative disclosure of significance rather than a tactical campaign development. The six-publisher consortium (The Insider, The Guardian, Le Monde, Der Spiegel, VSquare, Frontstory) published 2 000+ leaked internal documents on 2026-05-07 from Bauman Moscow State Technical University detailing a structured GRU recruitment-and-training pipeline operating as "Department No. 4 — Special Training" — placing 10–15 graduates per year into Russian military intelligence units. Documents explicitly link graduates to GRU Unit 74455 (Sandworm / VoodooBear: 2015–16 Ukraine power-grid attacks; 2017 NotPetya; 2023 Kyivstar) and to APT28 (Fancy Bear: 2016 Bundestag, 2017 Macron campaign). Operational relevance for EU defenders: the curriculum targets Western and US-DoD network topologies *by name*, reframing the long-running attribution debate — GRU cyber units are not ad-hoc-recruited contractors, they are graduates of a structured technical-intelligence training stream with measurable annual throughput. Outstanding question: whether the disclosed Bauman-graduate roster materially advances ongoing law-enforcement actions against named GRU operators. — *Source: [The Guardian — Russia top-secret spy school](https://www.theguardian.com/world/2026/may/07/revealed-russia-top-secret-spy-school-hacking-western-electoral-interference) · [Le Monde — Bauman clandestine school](https://www.lemonde.fr/en/m-le-mag/article/2026/05/07/moscow-s-bauman-university-the-clandestine-school-training-russian-hackers_6753208_117.html) · [Der Spiegel — Hybrider Krieg](https://www.spiegel.de/ausland/hybrider-krieg-moskau-bildet-in-einem-geheimen-uni-programm-spione-und-hacker-aus-a-2de79023-aa56-4ed6-b5de-d7c222402e63) · [Meduza (English) — Department No. 4 investigation](https://meduza.io/amp/en/feature/2026/05/07/secret-gru-linked-department-at-top-russian-university-trains-hackers-and-saboteurs-investigation-finds) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: nation-state, espionage, russia-nexus · Region: europe, global · Sector: public-sector, defense* ### TeamPCP → PCPJack — cloud-worm successor evicting prior operator artefacts Current state: SentinelLabs documented **PCPJack** on 2026-05-07 as a worm-class framework that evicts and deletes existing TeamPCP artefacts on compromise (giving the framework its name), then deploys six Python modules harvesting credentials from Docker, Kubernetes, Redis, MongoDB, RayML, and dozens of cloud / SaaS services (AWS, Azure, GCP, GitHub, Slack, HashiCorp Vault, 1Password). Propagation targets are pulled from Common Crawl Parquet files rather than ad-hoc scanning — far broader curated attack surface than typical opportunistic worms. Weaponises five public CVEs simultaneously ([CVE-2025-29927](https://nvd.nist.gov/vuln/detail/CVE-2025-29927) Next.js, [CVE-2025-55182](https://nvd.nist.gov/vuln/detail/CVE-2025-55182) React2Shell, [CVE-2026-1357](https://nvd.nist.gov/vuln/detail/CVE-2026-1357) WPVivid, [CVE-2025-9501](https://nvd.nist.gov/vuln/detail/CVE-2025-9501) W3 Total Cache, [CVE-2025-48703](https://nvd.nist.gov/vuln/detail/CVE-2025-48703) CWP). The TeamPCP → PCPJack succession overlay is the operational specific worth tracking: SentinelLabs explicitly states there is no evidence yet of a direct operator-level connection, while the eviction logic implies operators familiar with TeamPCP's target population. Defenders running self-hosted Next.js, React-server-actions stacks, WordPress with WPVivid Backup or W3 Total Cache, or CentOS Web Panel with internet-reachable FileManager should treat all five CVEs as actively weaponised ([SentinelLabs, 2026-05-07](https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/) · [The Hacker News, 2026-05-07](https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html) · [SecurityWeek, 2026-05-08](https://www.securityweek.com/pcpjack-worm-removes-teampcp-infections-steals-credentials/) · [daily 2026-05-10](briefs/2026-05-10.md)). The earlier TeamPCP "Mini Shai-Hulud" SAP CAP npm worm (covered 2026-05-06) used Claude Code SessionStart hooks and VSCode tasks for propagation — that thread is separate from PCPJack's CVE-chain propagation but the same operator population is tracked. — *Source: [SentinelLabs — Cloud worm evicts TeamPCP](https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/) · [The Hacker News — PCPJack credential stealer](https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html) · [SecurityWeek — PCPJack worm](https://www.securityweek.com/pcpjack-worm-removes-teampcp-infections-steals-credentials/) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: organized-crime, cloud, vulnerabilities, actively-exploited, supply-chain · Region: global · Sector: technology* ### Akira ransomware — Swiss healthcare case confirmed; broader European playbook unchanged Current state: Akira's leak-site listing on Groupe 3R (§ 1) is the operationally specific Swiss-healthcare development this week. The broader Akira playbook (edge-device initial access via Cisco ASA/FTD, Fortinet SSL-VPN, VMware ESXi authenticated RCE; intermittent file-encryption to evade EDR file-IO heuristics) has been documented across European healthcare and SME targeting throughout 2025 and into 2026. No major Akira TTP shift detected in this week's reporting; the operator continues to favour edge-device initial access and double-extortion (encrypt + leak). Outstanding defender question: whether the Groupe 3R "will not pay" public stance changes the operator's posture for repeat victims (3R's prior April 2025 incident is acknowledged in its own statement as having involved different attackers and methodology). — *Source: [Groupe 3R victim statement](https://www.groupe3r.ch/fr/information-importante-perturbation-de-nos-services-7268/) · [ICTjournal.ch](https://www.ictjournal.ch/news/2026-05-06/le-reseau-radiologique-romand-a-nouveau-victime-dune-cyberattaque-ses-systemes) · [Daily 2026-05-10](briefs/2026-05-10.md) · Tags: ransomware, organized-crime · Region: switzerland, europe · Sector: healthcare* ### Qilin / Agenda RaaS — Die Linke confirms Q2 2026 German activity continuity Current state: GTIG's Europe data-leak landscape (§ 6) documented Qilin tripling Q3 2025 operational tempo in Germany; **Die Linke (Germany federal political party)** confirmed Qilin encryption with 1.5 TB exfiltrated (covered 2026-05-08), state DPA notified — Qilin German activity continues into 2026-Q2. No public-claim shift or victim-list expansion beyond Die Linke this week. Outstanding question: whether Qilin's targeting of political and civil-society organisations expands into other 2026 EU election cycles. — *Source: [Daily 2026-05-08 — Die Linke / Qilin](briefs/2026-05-08.md) · [GTIG — Europe data leak landscape](https://cloud.google.com/blog/topics/threat-intelligence/europe-data-leak-landscape) · Tags: ransomware, data-breach · Region: europe, dach · Sector: media, public-sector* ### The Gentlemen RaaS — Europe-skewed operation surged approximately 448% QoQ; 32% of Q1 2026 victims in Europe; FortiGate CVE-2024-55591 initial-access funnel W1 horizon research identified an in-window operator gap the daily briefs missed. "The Gentlemen" emerged in August 2025 and per ZeroFox surged to the second- or third-most-active ransomware operation globally in Q1 2026 — 192 attacks that quarter, a approximately 448% QoQ increase, **32% of Q1 2026 victims in Europe** (up from 2% in Q4 2025) ([ZeroFox Q1 2026 Wrap-Up, 2026-04-17](https://www.zerofox.com/intelligence/q1-2026-ransomware-wrap-up/)). Check Point Research's DFIR report on the operator confirms the post-compromise tradecraft observed during a single incident-response engagement: Cobalt Strike delivered via RPC from a Domain Controller; Mimikatz for credential harvesting; **GPO abuse** to inject a scheduled task into Group Policy that propagates the encryptor to all domain-joined systems near-simultaneously (compressing time-to-encryption to minimise IR response window); **SystemBC** SOCKS5 C2 tunnelling and covert payload staging; encryption using X25519 Diffie–Hellman key exchange per file combined with XChaCha20 stream cipher, per-file ephemeral key pair with a random 32-byte private key ([Check Point Research DFIR Report, 2026-04-20](https://research.checkpoint.com/2026/dfir-report-the-gentlemen/) · [BleepingComputer — The Gentlemen + SystemBC, 2026-04-20](https://www.bleepingcomputer.com/news/security/the-gentlemen-ransomware-now-uses-systembc-for-bot-powered-attacks/)). CPR explicitly states the precise initial-access vector could not be conclusively determined for the engagement it analysed; broader reporting attributes initial access to a FortiOS / FortiProxy attack surface that includes **CVE-2024-55591** (authentication bypass, CVSS 9.8 — patched January 2025), with secondary reporting describing an operator database of pre-exploited devices and brute-forced VPN credentials primed for deployment — defenders should treat patch-state-alone as insufficient if the device was unpatched against CVE-2024-55591 at any point during the exposure window. European victims surfaced in BleepingComputer's SystemBC coverage and in quarterly leak-site aggregation include **Oltenia Energy Complex** (Romania — described as a significant portion of national electricity supply, December 2025) and **The Adaptavist Group**; Comparitech's Q1 2026 healthcare roundup attributes 10 healthcare-sector claims to the operator in the quarter; the operator's leak-site footprint and the absence of an "off-limits" sector convention make hospitals, water utilities, and similar critical-infrastructure targets in-scope. The cross-finding with this week's other concerns: GPO-injected scheduled-task propagation defeats backup-isolation defences if the AD environment is in the encryption path; if the operator's initial-access funnel includes unpatched FortiGate devices, that surface intersects directly with the Polish water-OT NIS2 coverage-gap framing (§ 4, § 6) since small municipal CI operators are over-represented in the unpatched-FortiGate population. Defender priorities for 2026-W20: hunt scheduled tasks in SYSVOL pointing to UNC paths or temp directories; profile SystemBC SOCKS5 beacons; add XChaCha20 file-header pattern detection at backup / DLP tier; re-verify FortiGate patch state against CVE-2024-55591 and any later FortiOS / FortiProxy auth-bypass advisories. — *Source: [Check Point Research — The Gentlemen DFIR Report](https://research.checkpoint.com/2026/dfir-report-the-gentlemen/) · [BleepingComputer — The Gentlemen + SystemBC](https://www.bleepingcomputer.com/news/security/the-gentlemen-ransomware-now-uses-systembc-for-bot-powered-attacks/) · [ZeroFox Q1 2026 Ransomware Wrap-Up](https://www.zerofox.com/intelligence/q1-2026-ransomware-wrap-up/) · [Comparitech Q1 2026 Healthcare](https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-2026-stats-on-attacks-ransoms-and-data-breaches/) · Tags: ransomware, organized-crime, actively-exploited, data-breach · Region: europe, dach · Sector: energy, manufacturing, healthcare, public-sector · CVE: CVE-2024-55591* ### Akira playbook quarterly context — Q1 2026 healthcare concentration; Qilin remains the dominant operator on German healthcare victims W1 horizon research added Q1 2026 healthcare quarterly context to the Groupe 3R item in § 1. Across Q1 2026, Akira posted 84 victims in March alone (second-most-active month on record) and claimed 5 healthcare victims; Qilin led healthcare at 23 claims (with **RENAFAN GmbH** and **Suchthilfe direkt Essen gGmbH** as Qilin's confirmed German victims), and The Gentlemen at 10 healthcare claims ([Comparitech Q1 2026 Healthcare, 2026-04-29](https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-2026-stats-on-attacks-ransoms-and-data-breaches/) · [CyberMaxx Q1 2026](https://www.cybermaxx.com/resources/ransomware-research-report-q1-2026-audio-blog-interview/)). Akira's documented attack chain for healthcare: initial access via unpatched VPN (Cisco ASA, SonicWall, Fortinet) or compromised RDP credentials; lateral movement via [T1021.001 Remote Services: Remote Desktop Protocol](https://attack.mitre.org/techniques/T1021/001/) and [T1047 Windows Management Instrumentation](https://attack.mitre.org/techniques/T1047/); LSASS credential harvesting via `comsvcs.dll` / Mimikatz; AV termination via PowerTool weaponising the Zemana AntiMalware driver (BYOVD); data exfiltration; double extortion. The cross-finding for Swiss / DACH operators reading after Groupe 3R: at least two ransomware-as-a-service operators (Akira and Qilin) are hitting European healthcare in Q1–Q2 2026 via the edge-device / unpatched-VPN attack surface, and the operator that hits a given hospital is less salient defensively than the shared initial-access funnel they exploit. — *Source: [Comparitech Q1 2026 Healthcare](https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-2026-stats-on-attacks-ransoms-and-data-breaches/) · [CyberMaxx Q1 2026 Ransomware Research](https://www.cybermaxx.com/resources/ransomware-research-report-q1-2026-audio-blog-interview/) · Tags: ransomware, organized-crime, data-breach · Region: europe, dach, switzerland · Sector: healthcare* ## 8. Policy & regulatory horizon Items that change Swiss or European public-sector SOC obligations directly. Routine product advisories belong in § 3, not here — this section is reserved for obligations-changing material. ### ENISA expands CVE Numbering Authority root — 4 new CNAs, 7 migrated from MITRE; ~90 European CNAs eligible for transfer ENISA announced on 2026-05-06 that four organisations have joined the CVE Programme as CVE Numbering Authorities (CNAs) under ENISA Root, and that seven additional European CNAs have migrated from MITRE Root to ENISA Root ([ENISA, 2026-05-06](https://www.enisa.europa.eu/news/new-cve-numbering-authorities-under-enisa-root)). ENISA was designated as a CVE Root in November 2025, establishing a European coordination tier alongside CISA (USA), JPCERT/CC (Japan), MITRE, and Google. Approximately 90 European organisations remain eligible for voluntary transfer — nearly one-fifth of the global CNA population. **What changed:** EU technology vendors and public-sector organisations now have a European coordination tier for CVE assignment — potentially affecting advisory publication timing and format compared to MITRE Root coordination, particularly for products made by EU software vendors. **What defenders need to do differently:** EU public-sector CNAs and vendor PSIRTs should re-confirm their root assignment and review whether their disclosure-coordination contacts at ENISA Root differ from their MITRE Root contacts; defender-side SIRT / vulnerability-management functions should expect ENISA-coordinated EU-discovered CVEs to ship through ENISA-supervised channels going forward. The CRA (Cyber Resilience Act) framework drives the migration. Names of the four new CNAs were not disclosed in the press release; more transfers expected. — *Source: [ENISA — New CVE Numbering Authorities under ENISA Root](https://www.enisa.europa.eu/news/new-cve-numbering-authorities-under-enisa-root) · [Daily 2026-05-07](briefs/2026-05-07.md) · Tags: vulnerabilities, eu-nexus, law-enforcement · Region: europe* ### CERT-FR CERTFR-2026-ACT-016 — agentic AI three-risk-class advisory; defender obligations explicit CERT-FR's advisory (dated 13 April 2026, surfaced in this week's daily on 2026-05-08) names three operational risk classes for organisations deploying agentic AI orchestration platforms (Claude Agents, Microsoft Copilot Studio, AutoGen, MCP-server architectures): **prompt injection via processed documents or websites** (attacker embeds instructions in content the agent processes, redirecting its actions); **MCP server supply-chain compromise** (a malicious or compromised Model Context Protocol server can issue instructions to all connected agents); and **insufficient sandboxing** of agent execution environments. CERT-FR recommendations: input/output guardrails, strict allowlisting of permitted tool calls, human-in-the-loop gates for high-impact actions, and treating all AI agent outputs as untrusted until validated ([CERT-FR — CERTFR-2026-ACT-016, 2026-05-08](https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-016/) · [daily 2026-05-08](briefs/2026-05-08.md)). **Why this is obligations-changing rather than routine advisory:** for French public-sector entities deploying agentic AI, CERT-FR advisories establish the baseline a defendable-control posture is measured against. The Microsoft Semantic Kernel CVE-2026-26030 / CVE-2026-25592 pair (§ 3 deep dive) is the worked-example of CERT-FR's first and third risk classes manifesting as concrete vendor CVEs — defenders deploying any agentic-AI framework should treat the CERT-FR advisory as defining the question-set, not the answer-set. — *Source: [CERT-FR — CERTFR-2026-ACT-016](https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-016/) · [Daily 2026-05-08](briefs/2026-05-08.md) · Tags: ai-abuse, supply-chain, vulnerabilities · Region: europe* ### Polish NIS2 transposition + ABW recommendation to expand essential-entity coverage below headcount threshold ABW's 2025 Annual Report (covered 2026-05-09) notes that Poland transposed NIS2 into national law effective 2026-02-01 (Ustawa z dnia 28 listopada 2025 r. o krajowym systemie cyberbezpieczeństwa) with water-distribution operators above the 50-employee threshold now classified as Essential Entities subject to mandatory incident notification to CSIRT GOV (ABW) within 24/72 hours. **What changed in 2026-W19:** ABW explicitly notes the five named water-OT-attack facilities fell below the NIS2 threshold at the time of intrusion and is recommending legislative action to extend NIS2 obligations to critical-function entities regardless of headcount ([daily 2026-05-09 UPDATE](briefs/2026-05-09.md)). **What defenders need to do differently:** small CH/EU municipal CI operators (water, energy distribution, transport, healthcare) below NIS2 essential-entity thresholds should not assume regulatory-coverage absence implies threat-coverage absence; the ABW evidence demonstrates state-sponsored targeting concentrates *toward* under-regulated operators rather than away from them. Operators in this category should pre-emptively adopt NIS2-equivalent incident-notification and asset-inventory baselines. Dragos's 81% flat-network finding (§ 6) lands at the same operational target. — *Source: [Daily 2026-05-09 — Polish water OT ABW Annual Report UPDATE](briefs/2026-05-09.md) · [CISA AA24-207A (background)](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a) · Tags: law-enforcement, ot-ics, eu-nexus · Region: europe · Sector: water, public-sector* ### German LG Berlin II — Apobank ruling sets PSD2 IP-analytics obligation as case law The Apobank phishing-liability ruling (LG Berlin II, case 38 O 293/25, 2026-04-22; not yet final pending appeal) explicitly places liability on the bank for failing to act on IP / ISP divergence between new-device registration and first login — interpreted under Germany's PSD2 implementation as an obligation to deploy IP-based behavioural analytics and trigger strong-customer-authentication challenges when registration and first-use IPs diverge ([heise online, 2026-05-08](https://www.heise.de/news/Urteil-gegen-die-Apobank-Finanzinstitut-haftet-fuer-Phishing-Schaden-11288231.html) · [daily 2026-05-09](briefs/2026-05-09.md)). **What changed:** even if not yet final on appeal, the ruling is the most explicit case-law statement to date in a PSD2 jurisdiction that *failure to act on a fraud signal present in bank-side telemetry* shifts liability to the service provider. **What defenders need to do differently:** EU and Swiss financial-sector and public-sector digital-service providers should treat register-new-device and first-login IP / ISP comparison as a regulatory expectation rather than best practice — and should specifically ensure the SCA-step-up signal can be raised in real time on this anomaly. Anticipate other EU member-state PSD2 jurisdictions following the LG Berlin II reasoning. — *Source: [heise online — Urteil gegen die Apobank](https://www.heise.de/news/Urteil-gegen-die-Apobank-Finanzinstitut-haftet-fuer-Phishing-Schaden-11288231.html) · [ilex Rechtsanwälte case summary](https://www.anwalt.de/rechtstipps/phishing-ilex-rechtsanwaelte-erwirkt-haftung-der-apobank-269786.html) · [Daily 2026-05-09](briefs/2026-05-09.md) · Tags: phishing, identity, law-enforcement · Region: europe, dach · Sector: finance* ### Europol shadow-IT — LIBE committee MEPs call for mandate-expansion pause; EDPS sanctioning toolkit identified as binary The Correctiv / Solomon / Computer Weekly joint investigation (2026-05-05; first covered 2026-05-07) drove a material EU-legislative response within the window. On 8 May the LIBE committee met to discuss the disclosure; multiple MEPs — German Left MEP Özlem Alev Demirel, Belgian Green MEP Saskia Bricmont, German S&D MEP Birgit Sippel — called on the Commission to **pause any expansion of Europol's mandate** until parliamentary intervention powers and independent supervision are strengthened ([Computer Weekly, 2026-05-08](https://www.computerweekly.com/news/366642721/MEPs-call-for-greater-scrutiny-of-Europol-following-concerns-over-Shadow-IT)). EDPS chief Wojciech Wiewiórowski told the LIBE meeting that EDPS enforcement has a binary-only toolkit — soft admonishments or hard processing-cessation orders — with no intermediate sanctions, and that enlarging Europol without strengthening EDPS sanctioning power would be counterproductive. **Why this is obligations-changing:** the European Commission's 2026 work programme envisages a new Europol Regulation proposal in Q2 2026, meaning the parliamentary backlash lands directly in the legislative window. Per Correctiv's investigation, the EDPS closed monitoring of the CFN platform in February 2026 despite 15 of 150 remediation recommendations remaining unimplemented — a decision now facing retrospective scrutiny ([Correctiv investigation, 2026-05-05](https://correctiv.org/en/europe/2026/05/05/they-protect-the-law-while-breaking-it-inside-europols-shadow-it-system/)). Background, restated from § 5: a Correctiv / Solomon / Computer Weekly joint investigation revealed that Europol's CFN (Computer Forensic Network, since 2012) and "Pressure Cooker" (Internet Referral Unit) data-processing platforms — holding ≥ 2 PB — operated outside EU data-protection oversight for over a decade ([Correctiv, 2026-05-05](https://correctiv.org/en/europe/2026/05/05/they-protect-the-law-while-breaking-it-inside-europols-shadow-it-system/) · [Computer Weekly investigation, 2026-05-05](https://www.computerweekly.com/news/366642525/They-protect-the-law-while-breaking-it-Inside-Europols-shadow-IT-system) · [daily 2026-05-07](briefs/2026-05-07.md)). Multiple categorised security deficiencies were identified in the 2019 internal assessment including absent administrative usage logs and inability to track data access or detect unauthorised modifications. **What defenders need to do differently:** agencies contributing intelligence to Europol-adjacent information-sharing chains (SIE, SIENA, Europol Platform for Experts) should treat the documented control deficiencies (absent audit logs, missing event monitoring, inability to track data access or detect unauthorised modifications, ineffective role assignment) as an ongoing data-integrity and confidentiality risk rather than a closed historical finding; internal audit functions should re-confirm closure evidence on regulator-mandated remediation tasks rather than rely on regulator monitoring termination as confirmation of remediation completeness. — *Source: [Computer Weekly — MEPs call for greater scrutiny of Europol](https://www.computerweekly.com/news/366642721/MEPs-call-for-greater-scrutiny-of-Europol-following-concerns-over-Shadow-IT) · [Correctiv — Europol shadow IT](https://correctiv.org/en/europe/2026/05/05/they-protect-the-law-while-breaking-it-inside-europols-shadow-it-system/) · [Computer Weekly investigation](https://www.computerweekly.com/news/366642525/They-protect-the-law-while-breaking-it-Inside-Europols-shadow-IT-system) · [Daily 2026-05-07](briefs/2026-05-07.md) · Tags: insider-threat, law-enforcement, data-breach, eu-nexus · Region: europe · Sector: public-sector* ### EU Cybersecurity Package 2026 — NIS2 amendment (COM(2026) 13) + Cybersecurity Act 2 enter EP preparatory phase; PQC obligation embedded The European Commission's 20 January 2026 cybersecurity package bundles a targeted NIS2 amendment (COM(2026) 13) with a new Cybersecurity Act 2 (CSA2). Public-feedback period closed 22 April 2026 — the package is now in the European Parliament preparatory phase, with political agreement targeted for early 2027. Key NIS2-amendment changes obligations-relevant to Swiss / EU public-sector SOCs: (1) scope expansion to submarine data-transmission infrastructure (SDTI) operators and European Digital Identity Wallet providers as essential entities; (2) **mandatory ransomware reporting** — competent authorities can demand whether a ransom was paid, to whom, and how much, when a reported incident involves ransomware; (3) Article 21 harmonised technical requirements at Commission level create a regulatory ceiling, blocking member states from adding further technical obligations — meaning an EU certification scheme can demonstrate compliance portably; (4) new **Article 7(2)(k) mandates member-state PQC transition policies** aligned with the 2030 (critical uses) / 2035 (medium/low uses) roadmap — the first time post-quantum is an explicit named NIS2 obligation rather than implied "state of the art" interpretation ([DLA Piper, 2026-02-16](https://www.dlapiper.com/en/insights/publications/2026/02/nis2-update-eu-moves-to-harmonise-cyber-controls-refine-scope-and-add-new-in-scope-entities) · [Skadden, 2026-03-27](https://www.skadden.com/insights/publications/2026/03/european-commission-announces-potential-nis2-cybersecurity-reform) · [PostQuantum.com — EU PQC NIS2, 2026-02-13](https://postquantum.com/security-pqc/eu-pqc-nis2/)). CSA2 introduces the EU's first horizontal ICT supply-chain security framework: the Commission designates "key ICT assets" used by NIS2-essential entities, identifies high-risk supplier countries, and may prohibit or restrict their components in those assets — directly analogous to 5G supply-chain restrictions, now extended to all essential sectors. ENISA's budget rises 75%+ and it takes on operational functions including the **European Vulnerability Database (EUVD)**, early-warning publication, and the **CRA Single Reporting Platform (SRP) — live 11 September 2026** ([Covington — Cybersecurity Act 2, 2026-01-23](https://www.globalpolicywatch.com/2026/01/european-commission-proposes-cybersecurity-act-2-new-eu-supply-chain-rules-and-certification-reforms/)). **What defenders need to do differently:** (1) inventory current "state of the art" cryptography claims that relied on implicit NIS2 interpretation — the explicit PQC Article creates a documented compliance gap supervisors can cite in audit findings; (2) plan for SRP single-report submission flow ahead of 11 September 2026 — public-sector and vendor PSIRTs operating in NIS2-essential categories will be expected to publish through this channel rather than parallel-submit to member-state CSIRTs; (3) ransomware playbooks should anticipate the documentation question chain on payment-or-not, intermediary used, amount transferred. NIS2 amendment requires 12-month transposition; CSA2 applies directly. — *Source: [DLA Piper — NIS2 update EU moves to harmonise cyber controls](https://www.dlapiper.com/en/insights/publications/2026/02/nis2-update-eu-moves-to-harmonise-cyber-controls-refine-scope-and-add-new-in-scope-entities) · [Skadden — Potential NIS2 cybersecurity reform](https://www.skadden.com/insights/publications/2026/03/european-commission-announces-potential-nis2-cybersecurity-reform) · [Covington — Cybersecurity Act 2](https://www.globalpolicywatch.com/2026/01/european-commission-proposes-cybersecurity-act-2-new-eu-supply-chain-rules-and-certification-reforms/) · [PostQuantum.com — EU PQC NIS2](https://postquantum.com/security-pqc/eu-pqc-nis2/) · Tags: law-enforcement, eu-nexus, vulnerabilities · Region: europe* ### Germany KRITIS-DachG in force — public administration first time in critical-infrastructure scope; registration deadline 17 July 2026 Germany's KRITIS-DachG (Act to Strengthen Physical Resilience of Critical Installations), implementing EU CER Directive 2022/2557, entered into force in late March 2026 following Bundesrat approval on 6 March 2026 ([Luther Lawfirm, 2026-04-10](https://www.luther-lawfirm.com/en/newsroom/blog/detail/kritis-dachgesetz-in-kraft-neue-pflichten-hohe-bussgelder-und-viele-offene-fragen-fuer-betreiber-kritischer-anlagen) · [Morrison Foerster European Digital Compliance, 2026-05-01](https://www.mofo.com/resources/insights/260501-european-digital-compliance-key-digital-regulation)). The Act establishes the first cross-sectoral physical and organisational resilience framework covering energy, transport, healthcare, water, finance, and — for the first time — municipal waste disposal and aspects of public administration. **Registration deadline 17 July 2026** (or within three months of later qualification). Post-registration obligations cascade over nine–ten months: risk assessments every four years covering natural / technical / sabotage / cross-border scenarios, resilience plans, and **24-hour incident reporting** to a joint BSI/BBK reporting point. Fines for non-compliance: up to €100,000 for registration/cooperation failures; up to €1,000,000 for concealing non-registration status; up to €200,000 for missing resilience evidence or plan. Key ambiguity: the BMI implementing ordinance defining which specific services and installations qualify as "critical" is not yet published, leaving scope uncertain for borderline operators. **What defenders need to do differently:** German public-sector and critical-sector organisations need to self-assess KRITIS-DachG applicability before 17 July; ISG-style 24-hour reporting obligation now applies to physical as well as cyber incidents; Swiss entities with German subsidiaries operating in scope sectors are directly affected. Cross-references NIS2 and BSI Act obligations — the three frameworks overlap operationally and require coordinated incident-response runbook design. — *Source: [Luther Lawfirm — KRITIS-Dachgesetz](https://www.luther-lawfirm.com/en/newsroom/blog/detail/kritis-dachgesetz-in-kraft-neue-pflichten-hohe-bussgelder-und-viele-offene-fragen-fuer-betreiber-kritischer-anlagen) · [Morrison Foerster — European Digital Compliance May 2026](https://www.mofo.com/resources/insights/260501-european-digital-compliance-key-digital-regulation) · Tags: law-enforcement, ot-ics, eu-nexus · Region: europe, dach · Sector: public-sector, energy, water, healthcare, transport, finance* ### EDPB Coordinated Enforcement Framework 2026 — 25 DPAs target GDPR transparency obligations (Articles 12–14) On 19 March 2026 the European Data Protection Board launched its annual Coordinated Enforcement Framework (CEF) action, with **25 participating DPAs across Europe** examining compliance with **GDPR Articles 12, 13, and 14** — the transparency and information obligations requiring controllers to clearly disclose what data is processed, on what legal basis, and for what purposes. Unlike prior CEF years (right of access 2024, right to erasure 2025), transparency obligations are broadly applicable to every data-processing controller in every sector, making this year's sweep unusually wide ([EDPB, 2026-03-19](https://www.edpb.europa.eu/news/news/2026/cef-2026-edpb-launches-coordinated-enforcement-action-transparency-and-information_en)). Participating DPAs include Austria, Denmark, Germany (Brandenburg, Niedersachsen), Finland, France, Greece, Spain, Italy, Malta, Slovenia, Slovakia. Each DPA may conduct either formal enforcement actions or lighter-touch fact-finding exercises; findings consolidated into an aggregated EDPB report in H2 2026. **What defenders need to do differently:** audit privacy notices — website cookie banners, HR processing notices, CCTV notices, AI-generated data notices — against the Articles 12–14 checklist; given the EU's 2026 AI Act obligations also arriving in August, transparency failures in AI-generated personal-data processing are likely to attract enforcement attention. CEF findings frequently trigger follow-on national investigations at DPAs that identify outliers. Single-source national-CERT carve-out applies (EDPB is the primary disclosing authority for its own programme). — *Source: [EDPB — CEF 2026 launches coordinated enforcement action on transparency](https://www.edpb.europa.eu/news/news/2026/cef-2026-edpb-launches-coordinated-enforcement-action-transparency-and-information_en) · Tags: law-enforcement, eu-nexus, identity · Region: europe* ### NCSC Switzerland — formal BACS assessment on AI in vulnerability management; defenders warned against over-reliance on AI detection The Swiss NCSC published a formal signed BACS assessment on 1 May 2026 titled *"Use of AI in vulnerability management"* ([NCSC Switzerland Im Fokus, 2026-05-01](https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/einschtzung_mythos_2026.html)). The assessment characterises AI as "highly significant for cybersecurity" with an asymmetric dual-use risk: while AI-based detection tools accelerate vulnerability identification for defenders, the NCSC observes that the same technology "is making hackers' work much easier," particularly in malware-development efficiency. The key NCSC finding is that the actual scale of fully autonomous AI-driven cyberattacks **remains unclear** — defenders should not treat AI-augmented detection as a solved problem justifying reduced investment in foundational controls. The NCSC recommends prioritising: continuous patching discipline, strong access management and privileged-access controls, staff security awareness, and regular structured security reviews. **What defenders need to do differently:** in ISG-covered Swiss entities a BACS position paper carries supervisory weight under the NCS implementation framework; CISO functions should document how their AI-security tool deployments are complemented by (not substituting for) the NCSC's foundational-controls baseline. This is a measured regulatory pushback against vendor claims that AI-powered detection can replace security fundamentals. Single-source national-CERT carve-out applies. — *Source: [NCSC Switzerland — Im Fokus / Use of AI in vulnerability management, 2026-05-01](https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/einschtzung_mythos_2026.html) · Tags: ai-abuse, vulnerabilities · Region: switzerland · Sector: public-sector* ### Poland NIS2 transposition in force 3 April 2026 — water-sector essential-entity status would now apply to the ABW-named facilities Poland's amended National Cybersecurity System Act (UKSC) entered into force on **3 April 2026**, implementing NIS2 with a full compliance deadline of 3 April 2027 and first audit deadline 3 April 2028 ([Addleshaw Goddard, 2026-02-26](https://www.addleshawgoddard.com/en/insights/insights-briefings/2026/technology/nis2-directive-finally-implemented-poland-what-businesses-need-know/) · [SecurityWeek, 2026-05-08](https://www.securityweek.com/polish-security-agency-reports-ics-breaches-at-five-water-treatment-plants/)). "Drinking water supply and distribution" and "wastewater management" are now designated essential-entity sectors in Polish law — meaning the five municipal water treatment facilities ABW documented as breached during 2025 (Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, Sierakowo; § 4 / § 7) would, if attacked today, fall under NIS2 incident-reporting obligations. The attack vectors ABW attributes to APT28 / APT29 / UNC1151 (default credentials, internet-exposed ICS) are addressable by NIS2 Article 21 minimum security measures. The remaining policy gap: the breached small municipal operators are precisely the sub-threshold entities whose NIS2 coverage status is borderline under size-cap rules; the EC's NIS2 amendment introduces a "small mid-cap" important-entity category but does not resolve this specific small-municipality water-supply gap (member-state discretion). **What defenders need to do differently:** OT environments in small Polish municipalities with recently-transposed NIS2 obligations should treat the UKSC registration deadline (3 October 2026) as the immediate action item, and the 2025 ABW-documented attack vectors as the first patch-sprint target. For Swiss / EU operators reading: the ABW recommendation to extend essential-entity coverage below headcount threshold is now backed by both a documented compromise pattern *and* a freshly-transposed national NIS2 framework. — *Source: [Addleshaw Goddard — NIS2 implemented in Poland](https://www.addleshawgoddard.com/en/insights/insights-briefings/2026/technology/nis2-directive-finally-implemented-poland-what-businesses-need-know/) · [SecurityWeek — Polish security agency reports ICS breaches](https://www.securityweek.com/polish-security-agency-reports-ics-breaches-at-five-water-treatment-plants/) · [Daily 2026-05-09 — ABW Annual Report](briefs/2026-05-09.md) · Tags: law-enforcement, ot-ics, eu-nexus · Region: europe · Sector: water, public-sector* ## 9. Looking ahead — what to watch next week Items already in motion at the close of 2026-W19. Not predictions — each links to the in-motion reporting underneath. - **Canvas / Instructure extortion deadline — Tuesday 2026-05-12 (two days out).** Second-intrusion claim against Instructure made 2026-05-08 despite the May 8 patches; seven Dutch universities disconnected; Dutch DPA and ICO engaged. If deadline passes with no payment and a fresh data dump lands, the second-intrusion claim will have been verified ([daily 2026-05-10 UPDATE](briefs/2026-05-10.md); [Techzine EU](https://www.techzine.eu/news/security/141149/dutch-university-disconnects-canvas-systems-after-instructure-hack/)). - **PAN-OS CVE-2026-0300 first patch landing 2026-05-13 (Monday).** No patch exists at week-end; staged release runs 2026-05-13 → 2026-05-28 across PAN-OS branches. Retrospective hunt for `svc-health-check-NNNNNN` admin accounts and `/var/tmp/linuxupdate` / `/tmp/.c` Python implants is the open work item for organisations who were CL-STA-1132 targets between 2026-04-09 and patch deployment ([Palo Alto PSIRT](https://security.paloaltonetworks.com/CVE-2026-0300); [daily 2026-05-09](briefs/2026-05-09.md)). - **CVE-2026-31431 "Copy Fail" patch propagation through Friday 2026-05-15.** Distro patches continuing to land; Debian 12 patch was pending at week-end; combined-use pattern with Dirty Frag means a host patched for one but not the other still has an LPE primitive available. The Microsoft Security Blog detection-pivot writeup is the right hunt reference ([daily 2026-05-09 UPDATE](briefs/2026-05-09.md)). - **CVE-2026-43500 (Dirty Frag RxRPC) distribution patches pending.** Distro patches were pending at week-end; CVE-2026-43284 (xfrm-ESP) mainline patch landed 2026-05-08; the second primitive's patch propagation is the open work. Interim mitigation `modprobe -r esp4 esp6 rxrpc` breaks IPsec VPNs and AFS so production rollout requires impact-test ([Wiz Research](https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc); [daily 2026-05-09](briefs/2026-05-09.md)). - **CVE-2026-42208 LiteLLM Proxy deadline 2026-05-11 (Monday).** Patch to ≥ 1.83.7; rotate every upstream LLM-provider API key the proxy ever held. The corollary action item — inventory of every AI-tooling SaaS vendor holding organisation-level upstream-provider keys, with rotation drills — should ship in the same change window ([Bishop Fox](https://bishopfox.com/blog/cve-2026-42208-pre-authentication-sql-injection-in-litellm-proxy); [daily 2026-05-09](briefs/2026-05-09.md)). - **MOVEit Automation CVE-2026-4670 — exploitation still not confirmed at week-end; watch for KEV addition or first-victim disclosure.** No in-the-wild exploitation has been confirmed by Progress, CISA, or any threat-intelligence source as of 2026-05-10. The 2023 MOVEit Transfer Cl0p precedent primed expectations for rapid exploitation; the absence of ITW confirmation is itself a status worth tracking through 2026-W20. Unpatched MOVEit Automation deployments remain at risk; if KEV addition or victim disclosure lands in next week's reporting, it will be the highest-priority pivot ([Help Net Security](https://www.helpnetsecurity.com/2026/05/04/critical-moveit-automation-auth-bypass-vulnerability-fixed-cve-2026-4670/); [daily 2026-05-06](briefs/2026-05-06.md)). - **SEPPmail CVE-2026-44128 — independent third-party security-researcher analysis.** Currently single-sourced to NCSC-CH + vendor release notes (national-CERT carve-out applies). Watch for a vendor-PSIRT-style third-party write-up that would corroborate the exploitation-path detail; the GINAv2 `/gina/diag/exec` mechanic is sufficiently specific that PoC publication is plausible ([NCSC-CH 12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details); [daily 2026-05-09](briefs/2026-05-09.md)). - **Ivanti EPMM May 2026 patch wave aftermath.** With the KEV deadline (2026-05-10) expired and 508 EU instances confirmed exposed, the public-disclosure roster of EU compromised entities is likely to expand. Watch for additional EU member-state CSIRT advisories naming victims ([Ivanti PSIRT](https://www.ivanti.com/blog/may-2026-epmm-security-update); [daily 2026-05-08 deep dive](briefs/2026-05-08.md)). - **"The Gentlemen" RaaS — European concentration likely to continue into Q2.** W1 horizon research surfaced the operator pattern; with ZeroFox-reported 32% Q1 2026 European targeting (up from 2% in Q4 2025) and GPO-injected scheduled-task encryptor propagation across compromised AD domains, continued European victim claims through 2026-Q2 are in motion. Watch for fresh CH/EU public-sector victim disclosures ([Check Point Research DFIR Report](https://research.checkpoint.com/2026/dfir-report-the-gentlemen/); [ZeroFox Q1 2026 Wrap-Up](https://www.zerofox.com/intelligence/q1-2026-ransomware-wrap-up/); [§ 7](#7-long-running-campaigns--status-update)). - **AI-tooling SaaS multi-tenant credential aggregation — sector pattern still surfacing.** Braintrust (2026-05-04 AWS) and LiteLLM Proxy (KEV 2026-05-11) are the two confirmed examples of the same architectural class this week. Watch for additional AI-evaluation, AI-observability, AI-agent-gateway, or prompt-management vendor breaches; the operator class behind ShinyHunters / WorldLeaks is actively exploiting the third-party-SaaS pivot pattern ([TechCrunch — Braintrust](https://techcrunch.com/2026/05/06/ai-evaluation-startup-braintrust-confirms-breach-tells-every-customer-to-rotate-sensitive-keys/); [daily 2026-05-10](briefs/2026-05-10.md)). - **ABW NIS2 extension proposal — EU follow-on movement.** ABW recommended legislative action to extend NIS2 essential-entity obligations to critical-function entities regardless of headcount (currently many small municipal CI operators sit below threshold). Whether this proposal gains EU-level momentum, or whether other member-state CSIRTs / EU institutions echo the same call after the Polish-water-OT tri-attribution, is the policy-horizon story to track ([daily 2026-05-09 UPDATE](briefs/2026-05-09.md)). - **ENISA CVE Root migration — 4 new CNA names pending disclosure.** ENISA's 2026-05-06 announcement did not disclose the four new CNAs; ~90 European CNAs remain eligible for voluntary transfer. Disclosure of the 4 named CNAs and any additional transfers in 2026-W20 will inform EU public-sector PSIRT-coordination posture ([ENISA](https://www.enisa.europa.eu/news/new-cve-numbering-authorities-under-enisa-root); [daily 2026-05-07](briefs/2026-05-07.md)). ## 10. Verification & coverage notes **This is the first weekly summary in the series.** `briefs/weekly/` was empty at run start; `window_days = 7` per default. Window: 2026-05-04 → 2026-05-10 (ISO week 2026-W19). Five daily briefs in window (2026-05-06 through 2026-05-10) were read in full; the gap between Monday 2026-05-04 and Wednesday 2026-05-06 reflects daily-routine start cadence rather than a coverage failure. **Items still flagged `[SINGLE-SOURCE]`-equivalent in this run:** - **SEPPmail CVE cluster (CVE-2026-44128 et al.)** — primary advisory is NCSC-CH post 12551 (national-CERT carve-out applies) plus SEPPmail vendor release notes; no third-party security-researcher write-up located in window. Logged in daily 2026-05-09 § 7 as `[SINGLE-SOURCE-NATIONAL-CERT carve-out + vendor]`. - **MuddyWater Chaos ransomware false-flag campaign** — single source Deep Instinct (daily 2026-05-08). Included given confirmed Iran-nexus TTP and European targeting; treated with standard single-source caution. - **Amazon SES BEC technique** — single source Kaspersky Securelist 2026-05-04 (daily 2026-05-08). Included as first coverage with age noted. - **xrdp CVE-2025-68670** — single source Kaspersky Securelist 2026-05-08 (daily 2026-05-09). Vendor (xrdp project) GitHub commit and release 0.10.5 confirm the patch but not the vulnerability analysis. - **Polish water OT named-facility list (Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, Sierakowo)** — facility names appear only in the ABW 2025 Annual Report. The two-source requirement is met at the level of the core story (ABW annual report + SecurityAffairs coverage), but the specific facility names derive from a single document. - **CERT-FR CERTFR-2026-ACT-016 (agentic AI advisory)** — single-source national-CERT carve-out applies. - **Bauman / GRU Department No. 4 investigation** — six co-publishing outlets (The Insider, The Guardian, Le Monde, Der Spiegel, VSquare, Frontstory) constitute multi-source verification at the source-document level; the leaked-documents corpus itself is a single dataset, so cross-publisher reading of the same documents is the corroboration standard applied. **Note:** the specific APT28-to-2016-Bundestag and APT28-to-2017-Macron-campaign attributions surfaced in § 7 trace to the Guardian / Le Monde / Der Spiegel reporting; Meduza (the most accessible English mirror) corroborates the Sandworm / Unit 74455 / Kyivstar / NotPetya / Ukraine-power-grid attributions but does not itself name the Bundestag / Macron specifics. Readers verifying these latter two should consult the German / French primary outlets. **Items dropped from this week's roll-up that may resurface:** - **CallPhantom Android subscription-fraud cluster** (28 apps, 7.3 M downloads; ESET 2026-05-07; daily 2026-05-10 § 7) — dropped under PD-11 (less is more) as off-audience consumer-mobile fraud rather than enterprise / public-sector defender content. If a CH/EU regulator opens an enforcement action against the 28-app cluster, this resurfaces. - **TCLBANKER (Brazilian banking trojan)** (Elastic Security Labs, daily 2026-05-07 / 2026-05-10) — Brazil-only geofenced targeting; no CH/EU defender takeaway materially different from generic "audit COM-driven Outlook automation". - **Cisco Unity Connection CVE-2026-20034 / 20035** (daily 2026-05-10) — patched; not on KEV; no in-the-wild exploitation reported; rarely internet-exposed. Did not clear weekly §3 inclusion gates. - **Laclinic-Montreux / Qilin** dark-web aggregator listing (daily 2026-05-10) — no victim public statement, no independent corroboration; held under PD-6 (fake-news guard / leak-site claims require victim disclosure or HIGH-reliability journalism). - **Microsoft AiTM "Code of Conduct" phishing campaign** (Microsoft Threat Intelligence, 2026-05-04; covered daily 2026-05-06) and **Microsoft Edge cleartext passwords in process memory** (SANS ISC Diary, 2026-05-04; covered daily 2026-05-06) — both `[SINGLE-SOURCE-OTHER]` items from the start of the window; no material in-window development to surface them in the weekly. The Edge finding remains relevant to public-sector privileged-account hygiene but does not meet W-PD-1's three-question gate at the weekly level. **Contradictions / ambiguities flagged for the verifier's attention:** - **Ivanti EPMM named-EU-victim attribution.** The daily 2026-05-09 names European Commission, Dutch DPA, Netherlands Council for the Judiciary, and Finnish Valtori as confirmed victims of the May 2026 wave (CVE-2026-5787 / CVE-2026-6973), citing CERT-FR CERTFR-2026-AVI-0552 and NCSC-CH 12548 ([daily 2026-05-09](briefs/2026-05-09.md)); W1 horizon research re-reading [Help Net Security, 2026-05-08](https://www.helpnetsecurity.com/2026/05/08/ivanti-epmm-zero-day-cve-2026-6973/) concluded the four organisations were victims of the *January 2026* chain (CVE-2026-1281 / CVE-2026-1340), not the May 2026 chain — Ivanti has disclosed only "a very limited number of customers" exploited via the May chain without naming specifics. The weekly carries the daily's attribution because the daily was source-verified at composition time, but flags this for verifier review with both sources noted; defenders' operational response — patch and rotate — is identical regardless of which chain caught which organisation, so the brief framing intentionally does not lock either way. - **Microsoft Semantic Kernel CVE-2026-25592 patched Python version.** GitHub advisory GHSA-2ww3-72rp-wpp4 records 1.39.3 as the patched Python version; Microsoft research post and GHSA-xjw9-4gw8-4rqx (CVE-2026-26030) record 1.39.4. The brief recommends **≥ 1.39.4** as the single safe target since it supersedes 1.39.3 and closes both CVEs. - **Akira-as-actor attribution for Groupe 3R.** Victim statement and Swiss-press reporting confirm the incident and 2026-04-30 attack date; the Akira-as-actor attribution comes from `ransomware.live` (aggregator), not from the victim or an independent primary research lab. Logged with confidence HIGH on incident, MEDIUM on actor. - **Ivanti EPMM exposure count.** The "508 EU on-premises instances" figure originally surfaced via NCSC-NL scanning (daily 2026-05-09) and was reconfirmed by Shadowserver per BleepingComputer in the daily 2026-05-10 update with a global "~850" total. The two numbers are consistent (508 EU is the EU-specific count, ~850 is the global total). **Items included with reduced confidence:** - **JDownloader Python-payload capability description.** Primary developer-confirmed disclosure ([PiunikaWeb, 2026-05-08](https://piunikaweb.com/2026/05/08/jdownloader-website-hacked-malware/)) corroborated by [CyberKendra, 2026-05-07](https://www.cyberkendra.com/2026/05/jdownloader-website-hacked-malicious.html); both are mid-tier publishers, and the more-specific Python-payload capability description has not been corroborated by a named research lab in this run. Supply-chain-compromise fact, time window, and forged-publisher signatures are developer- and multi-source-confirmed. **Sub-agent telemetry (Phase 2):** - **W1** (Long-horizon ongoing developments + annual reports) — returned: Claude Sonnet 4.6 (`claude-sonnet-4-6`); started_at=2026-05-10T22:07:45Z, ended_at=2026-05-10T22:14:47Z, duration_seconds=422; webfetch_calls=9, websearch_calls=22, bridge_fetches=2. Returned 8 items; net-new horizon items integrated: "The Gentlemen" RaaS + Q1 2026 ransomware quarterly synthesis (§§ 6/7); Akamai's PatchDiff-AI incomplete-patch analysis for CVE-2026-32202 (§ 3); German Akira healthcare victims (§ 7). W1 fetch_failures: group-ib (403, mitigated via secondary sources); thehackernews on SystemBC C2 (503, mitigated via BleepingComputer / CPR). - **W2** (Strategic & policy horizon) — returned: Claude Sonnet 4.6 (`claude-sonnet-4-6`); started_at=2026-05-10T22:08:24Z, ended_at=2026-05-10T22:19:12Z, duration_seconds=648; webfetch_calls=16, websearch_calls=18, bridge_fetches=3. Returned 8 items; net-new policy-horizon items integrated: LIBE MEPs call for Europol mandate-expansion pause (§ 8); EU Cybersecurity Package 2026 — NIS2 amendment COM(2026) 13 + Cybersecurity Act 2 with PQC Article 7(2)(k) (§ 8); Germany KRITIS-DachG in force with 17 July 2026 registration deadline (§ 8); EDPB 2026 CEF coordinated enforcement on GDPR Articles 12–14 transparency (§ 8); NCSC Switzerland 1 May 2026 AI-in-vulnerability-management BACS assessment (§ 8); Poland NIS2 transposition in force 3 April 2026 with water-sector essential-entity context (§ 8). W2 fetch_failures: autoriteitpersoonsgegevens.nl (503, no bridge available); coe-cybercrime (403, no bridge); bills-parliament-uk (403, mitigated via WebSearch); ncsc-ch-security-hub post-12552+ (no post exists — confirmed 12551 is most recent). **Sub-agent self-identification:** both W1 and W2 self-identified as `Claude Sonnet 4.6` (canonical id `claude-sonnet-4-6`) — model id and friendly name are aligned, no drift. The 2026-05-10 daily noted four sub-agents self-identifying as `Claude Sonnet 4.5` with id `claude-sonnet-4-6` (drift); W1/W2 correct self-identification on this run is an improvement to record in `state/run_log.json`. **Verification iterations: 5 iterations, final verdict CLEAN.** Phase 4.7 ran the cti-verification sub-agent loop with model rotation: iter 1 Opus (NEEDS_FIXES, truth 17 / editorial 6 / advisory 3), iter 2 Sonnet (NEEDS_FIXES, truth 7 / editorial 5 / advisory 2), iter 3 Opus (NEEDS_FIXES, truth 10 / editorial 1 / advisory 3), iter 4 Sonnet (NEEDS_FIXES, truth 2 / editorial 1 / advisory 2), iter 5 Opus (CLEAN, 0 / 0 / 0). The verifier-loop telemetry block in `state/run_log.json.verification.iterations[]` records per-iteration model, timestamps, and finding counts. **`Coverage gaps:`** cisa-kev (no new KEV entries 2026-05-09 / 10, bridge-fetched cleanly); ncsc-ch-security-hub (most recent post 12551, 2026-05-08, no new posts in window; bridge mandated); ico-uk (JS SPA — persistent, no W19 enforcement decisions surfaced); databreaches-net (403 across UAs — persistent); csirt-acn-it (403 persistent, bridge allowlisted but no W19 item surfaced); ccn-cert-es (geo-blocked 451/403 — no W19 item; Inditex/AEPD enforcement not yet a formal decision); inside-it-ch (403 direct, bridge needed); prodaft (403 persistent); nccgroup (403 persistent); enisa-euvd (SPA — content empty to WebFetch); advisories-ncsc-nl (CSAF SPA — listing returns no advisory data); cisco-psirt-publication-listing (Angular SPA — individual advisory URLs work directly); cert.ssi.gouv.fr (RSS works, individual advisory detail pages need bridge); bleepingcomputer article-page (403 on direct WebFetch — discovery via listing OK); group-ib (403 persistent — secondary corroboration acceptable); thehackernews (intermittent 503 on individual articles, secondary corroboration acceptable); autoriteitpersoonsgegevens.nl (503 — no bridge allowlist); coe-cybercrime (403 — no bridge); bills.parliament.uk (403 — WebSearch fallback); cnil-fr / finma / govcert-ch / govcert-at / cert-at (quiet window, no W19 policy items surfaced); edpb (W19 plenary 11 May not yet produced decisions — returns next week).