# CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026)

> **AI-generated content — no human review.** This weekly summary was produced autonomously by an LLM (Claude Opus 4.7, model ID `claude-opus-4-7`) with parallel research and verification by sub-agents (Claude Sonnet 4.6) executing the prompt at `prompts/weekly-summary.md` as a Claude Code routine on Anthropic-managed cloud infrastructure. **Nothing here is reviewed or edited by a human before publication.** All facts are linked inline to public sources or to the underlying daily briefs in this repository. Verify any operationally critical claim against the linked primary source before acting.

**Generated by:** Claude Opus 4.7 (`claude-opus-4-7`) · **Sub-agents:** W1: Claude Sonnet 4.6 · W2: Claude Sonnet 4.6 · verify: pending · **Audience:** SOC management, IR, Threat Hunting · **Classification:** TLP:CLEAR · **Language:** English · **Prompt:** v2.59

## 0. Week at a glance

- **Microsoft Exchange CVE-2026-42897 OWA stored-XSS — actively exploited, KEV-added 2026-05-15 (deadline 2026-05-29), no permanent patch from Microsoft; a separate DEVCORE / Orange Tsai three-bug pre-auth SYSTEM RCE chain (Pwn2Own Berlin Day Two, 2026-05-15) earned $200,000 and has not been linked to current ITW exploitation but materially compounds the on-premises Exchange threat picture.** EEMS / EOMT mitigations are the only available control. ([Microsoft MSRC](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897) · [NCSC.ch Security Hub #12577](https://security-hub.ncsc.admin.ch/#/posts/12577) · [ZDI Pwn2Own Day Two](https://www.thezdi.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results) · [daily 2026-05-16](briefs/2026-05-16.md) · [daily 2026-05-17 UPDATE](briefs/2026-05-17.md))
- **Cisco Catalyst SD-WAN Controller / Manager CVE-2026-20182 pre-auth authentication bypass — UAT-8616 cluster active, CISA Emergency Directive ED-26-03 issued 2026-05-15, 10+ additional intrusion clusters exploiting companion February-2026 SD-WAN CVEs.** Federal-civilian KEV deadline today (2026-05-17). Full fabric-takeover capability against any Catalyst SD-WAN deployment with the management plane reachable. ([Cisco PSIRT](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW) · [CISA ED-26-03](https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems) · [daily 2026-05-15](briefs/2026-05-15.md))
- **PAN-OS CVE-2026-0300 patch wave 2 confirmed delayed to 2026-05-28 (PSIRT advisory updated 2026-05-16).** Eight PAN-OS build streams (12.1.7, 11.2.4-h17, 11.2.12, 11.1.7-h6, 11.1.15, 10.2.7-h34, 10.2.13-h21, 10.2.16-h7) remain on mitigation-only for a further eleven days while limited-ITW exploitation continues against User-ID Authentication Portal exposed firewalls. ([Palo Alto PSIRT CVE-2026-0300](https://security.paloaltonetworks.com/CVE-2026-0300) · [daily 2026-05-14 UPDATE](briefs/2026-05-14.md))
- **TeamPCP Mini Shai-Hulud wave 4 compromised 170+ npm packages / 400+ malicious versions per daily-brief tracking (TanStack, UiPath, Mistral AI, OpenSearch, OpenAI named); Datadog static analysis of the leaked Shai-Hulud framework source (2026-05-12 leak) surfaces previously-undocumented IDE-persistence hooks targeting `.claude/settings.json` and `.vscode/tasks.json`, plus OIDC token extraction from `/proc/<pid>/mem` to forge Sigstore provenance attestations.** Provenance-only verification no longer separates malicious from legitimate publications. ([Datadog Security Labs](https://securitylabs.datadoghq.com/articles/shai-hulud-open-source-framework-static-analysis/) · [Wiz Blog](https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised) · [daily 2026-05-13 UPDATE](briefs/2026-05-13.md) · [daily 2026-05-15 UPDATE](briefs/2026-05-15.md))
- **Windows BitLocker "YellowKey" and CTFMON "GreenPlasma" zero-days — public PoC, no patch, TPM-only BitLocker configurations bypassed.** Microsoft May Patch Tuesday (120+ CVEs) did not address either; the BitLocker primitive defeats the most common laptop full-disk-encryption configuration in Swiss federal and cantonal estates. ([daily 2026-05-15](briefs/2026-05-15.md))
- **Dirty Frag (CVE-2026-43284 xfrm-ESP + CVE-2026-43500 RxRPC) — Microsoft confirms limited-ITW exploitation 2026-05-11; major distros (AlmaLinux 8/9/10, Ubuntu, Debian, Fedora, openSUSE) now ship patches for CVE-2026-43284, but RxRPC patch propagation on systems with `kernel-modules-partner` installed remains uneven.** ([Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/) · [AlmaLinux blog](https://almalinux.org/blog/2026-05-07-dirty-frag/) · [daily 2026-05-11 UPDATE](briefs/2026-05-11.md))
- **Dutch IGJ (Inspectie Gezondheidszorg en Jeugd) rules Clinical Diagnostics / NMDL failed NEN 7510 information-security standard at the time of the July 2025 ransomware breach; the breach affected approximately 941,000 patients (figure from the daily 2026-05-14, sourced to Computable) including cervical-cancer screening data.** First IGJ formal NEN 7510 non-conformity finding on a third-party diagnostics provider; sets a regulatory precedent for healthcare-supplier due-diligence under NIS2 essential-entity obligations. ([IGJ inspection report](https://www.igj.nl/actueel/nieuws/2026/05/13/clinical-diagnostics-voldeed-niet-aan-wettelijke-norm-voor-informatiebeveiliging) · [Computable](https://www.computable.nl/2026/05/13/inspectie-vernietigend-over-beveiliging-clinical-diagnostics-na-datahack/) · [daily 2026-05-14](briefs/2026-05-14.md))
- **EU Digital Omnibus political agreement (2026-05-07) postpones AI Act high-risk Annex III compliance deadline from 2 August 2026 to 2 December 2027; product-embedded Annex I systems to 2 August 2028.** Cybersecurity obligations under Articles 8–15 still apply at the new deadline; CRA enforcement milestones 11 June 2026 (CAB notification) and 11 September 2026 (Article 14 vulnerability reporting) are unaffected and now the next binding-deadline window for Swiss product manufacturers selling into the EU. ([TechPolicy.Press](https://techpolicy.press/what-the-eu-ai-omnibus-deal-changes-for-the-ai-act-and-what-lies-ahead/) · [EC CRA implementation](https://digital-strategy.ec.europa.eu/en/factpages/cyber-resilience-act-implementation))

## 1. Highest-impact events — what's on fire if no one acted

The items below are the operational register a Swiss / EU public-sector SOC manager carries into Monday morning if no one acted on the dailies this week. Each H3 leads with the inaction-equals-incident framing per the inherited PD-13 — the *exploitation* drives the framing, not a US-FCEB KEV compliance date.

### Microsoft Exchange CVE-2026-42897 — actively-exploited OWA stored-XSS, no permanent patch, Pwn2Own three-bug chain compounds the picture

**If you did nothing this week:** every on-premises Exchange Server 2016 / 2019 / SE deployment with Outlook Web Access reachable from the public internet has been within an active exploitation window since the CISA KEV addition on 2026-05-15. The exploit chain is a stored XSS in OWA's calendar-invite rendering pipeline that executes attacker JavaScript in the victim's session context the moment a crafted invite is opened in a browser; subsequent stages perform internal-mailbox enumeration, mass email-rule creation, and OWA-token theft for lateral SAML / OAuth abuse against connected M365 tenants. Microsoft has shipped only the EEMS (Exchange Emergency Mitigation Service) rule and the EOMT script as **temporary** mitigations — there is no permanent code patch as of week-end ([Microsoft MSRC](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897); [Microsoft Exchange Team blog](https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498); [NCSC.ch Security Hub #12577](https://security-hub.ncsc.admin.ch/#/posts/12577)).

The threat picture compounded on 2026-05-15 when a DEVCORE / Orange Tsai entry at Pwn2Own Berlin Day Two earned $200,000 by chaining three bugs to achieve pre-auth RCE as SYSTEM on Exchange Server SE per the Zero Day Initiative published results ([ZDI Day Two](https://www.thezdi.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results); ZDI does not publish per-bug technical detail before vendor patches under the standard 90-day disclosure clock). The DEVCORE chain has not been linked to current ITW exploitation, but Microsoft has not yet issued an out-of-band advisory; defenders should assume that a chained variant combining OWA-XSS initial access with the DEVCORE elevation primitives will become the operationally dominant Exchange threat well before any patch lands ([daily 2026-05-16](briefs/2026-05-16.md); [daily 2026-05-17 UPDATE](briefs/2026-05-17.md)). For Swiss federal estates running on-premises Exchange (the predominant configuration in cantonal administration and federal-classified-handling environments) the immediate hunt is OWA `w3wp.exe` worker children spawning anomalous PowerShell / WMI in the days following inbound calendar-invite traffic; the second hunt is the EOMT-script idempotency check (organisations who ran it before the 2026-05-15 rule version will have stale mitigation state).

— *Source: [Microsoft Security Blog](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897) · [NCSC.ch Security Hub #12577](https://security-hub.ncsc.admin.ch/api/posts/12577/details) · [Zero Day Initiative](https://www.thezdi.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results) · [Daily 2026-05-16](briefs/2026-05-16.md) · Tags: vulnerabilities, actively-exploited, zero-day, cisa-kev, no-patch, identity · Region: global · Sector: public-sector · CVE: CVE-2026-42897 · CVSS: 8.1 · Vector: user-interaction · Auth: pre-auth · Status: exploited, cisa-kev, mitigation-only*

### Cisco Catalyst SD-WAN CVE-2026-20182 — UAT-8616 active, CISA Emergency Directive ED-26-03, 10+ companion-CVE clusters

**If you did nothing this week:** any Catalyst SD-WAN Manager or Controller with an internet-reachable management plane has been within UAT-8616's active exploitation window per Cisco Talos's 2026-05-14 timeline — with full fabric-takeover capability via a pre-authentication HTTP-header parsing bypass in the NETCONF gateway. The published kill chain is HTTP-header injection → authentication bypass → vManage administrative API → orchestrator-level configuration push → arbitrary device-config rewrite across every fabric member. Patches are available (vManage 20.13.4 / 20.12.6 / 20.9.7 / earlier branches per Cisco PSIRT); CISA issued **Emergency Directive ED-26-03** on 2026-05-15 mandating identification, mitigation, and reporting for US federal civilian agencies with a 2026-05-17 (today) deadline ([Cisco PSIRT](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW); [CISA ED-26-03](https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems); [daily 2026-05-15](briefs/2026-05-15.md)).

What makes the SD-WAN picture operationally critical for Swiss / EU defenders even after the patches land is the **approximately 10 additional intrusion clusters** Talos and CISA jointly identified exploiting February-2026 Catalyst SD-WAN companion CVEs (CVE-2026-20133, CVE-2026-20128, CVE-2026-20122 — patched in Q1 2026 but with public-PoC availability that drove a wave of secondary exploitation against organisations that lagged the original patch). The 10-cluster figure indicates the SD-WAN attack surface is being mined systematically by multiple unrelated operators, not just UAT-8616, so the hunt is not bounded to a single named cluster's TTPs: review `vmanage_event` and NETCONF-gateway logs for any 401/403→200 transitions on `/dataservice/*` endpoints from external source IPs across the entire Q1-2026 → present window, and assume any unpatched device has been visited.

— *Source: [Cisco PSIRT](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW) · [CISA ED-26-03](https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems) · [Cisco Talos UAT-8616](https://blog.talosintelligence.com/sd-wan-ongoing-exploitation/) · [Daily 2026-05-15](briefs/2026-05-15.md) · Tags: vulnerabilities, actively-exploited, pre-auth, auth-bypass, cisa-kev, patch-available · Region: global · Sector: public-sector · CVE: CVE-2026-20182 · CVSS: 9.8 · Vector: zero-click · Auth: pre-auth · Status: exploited, cisa-kev, patch-available*

### PAN-OS CVE-2026-0300 — wave 2 confirmed delayed to 2026-05-28; eight build streams remain on mitigation-only for a further 11 days

**If you did nothing this week:** any PA-Series or VM-Series firewall running PAN-OS 12.1.7, 11.2.4-h17, 11.2.12, 11.1.7-h6, 11.1.15, 10.2.7-h34, 10.2.13-h21, or 10.2.16-h7 with User-ID Authentication Portal / Captive Portal exposed to untrusted IPs has been within CL-STA-1132's exploitation window since 2026-04-09 (W19 baseline) and **will remain so until 2026-05-28** — eleven calendar days past today. The Palo Alto PSIRT advisory was updated 2026-05-16 confirming the staggered two-wave schedule (wave 1 landed 2026-05-13 for 11.2.7-h13 / 11.2.10-h6 / 11.1.4-h33 / 11.1.6-h32 / 11.1.10-h25 / 11.1.13-h5 / 10.2.10-h36 / 10.2.18-h6; wave 2 covers the remaining branches on 2026-05-28). Limited ITW exploitation continues ([Palo Alto PSIRT CVE-2026-0300](https://security.paloaltonetworks.com/CVE-2026-0300); [daily 2026-05-14 UPDATE](briefs/2026-05-14.md); [daily 2026-05-13 UPDATE](briefs/2026-05-13.md)).

The interim mitigation remains the only available control for wave-2 build-streams: restrict User-ID Authentication Portal to trusted zones, disable Response Pages on external-facing L3 interface management profiles, and (for Threat Prevention subscribers on PAN-OS ≥ 11.1 with content version ≥ 9097-10022) enable Threat ID 510019. The retrospective-hunt artefact set documented in W19 — `svc-health-check-NNNNNN` rogue-admin accounts, Python implants under `/var/tmp/linuxupdate`, `/var/tmp/linuxap`, and `/tmp/.c` — remains the right starting point for organisations exposed during the four-and-a-half-week pre-patch window between 2026-04-09 and their eventual upgrade date.

— *Source: [Palo Alto Networks PSIRT](https://security.paloaltonetworks.com/CVE-2026-0300) · [Daily 2026-05-14 UPDATE](briefs/2026-05-14.md) · Tags: vulnerabilities, actively-exploited, pre-auth, rce, patch-available · Region: global · Sector: public-sector · CVE: CVE-2026-0300 · CVSS: 9.3 · Vector: zero-click · Auth: pre-auth · Status: exploited, mitigation-only*

### Windows BitLocker "YellowKey" + CTFMON "GreenPlasma" — public PoC, no patch, TPM-only BitLocker bypassed

**If you did nothing this week:** every Windows endpoint configured with TPM-only BitLocker (no PIN, no startup key — the most common laptop configuration in Swiss federal and cantonal estates) is bypassable by an attacker with brief physical access using the publicly-disclosed YellowKey PoC; every Windows endpoint with the CTFMON service (the default on Windows 10/11/Server 2022/2025) is locally elevation-of-privilege-vulnerable via the GreenPlasma primitive. Both zero-days were disclosed without coordinated vendor patching; Microsoft's May 2026 Patch Tuesday (120+ CVEs) did **not** address either, and no out-of-band advisory has been issued ([daily 2026-05-15](briefs/2026-05-15.md)).

The operational reality for Swiss public-sector defenders is that the laptop full-disk-encryption story is materially weakened until Microsoft ships a fix. The interim guidance is to enforce BitLocker PIN-or-startup-key on every endpoint where physical-access risk is non-trivial (mobile estates, off-site work, hotel travel) — the GPO toggle is `Computer Configuration → Administrative Templates → Windows Components → BitLocker Drive Encryption → Operating System Drives → Require additional authentication at startup`. For GreenPlasma the only available control is privileged-account-segregation discipline: workstations that handle administrative credentials should not also run unprivileged user workloads where the local-EOP can be staged.

— *Source: [BleepingComputer — Windows BitLocker zero-day PoC](https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/) · [NCSC.ch Security Hub #12574](https://security-hub.ncsc.admin.ch/#/posts/12574) · [Daily 2026-05-15](briefs/2026-05-15.md) · Tags: vulnerabilities, zero-day, lpe, no-patch, poc-public · Region: global · Sector: public-sector · Status: poc-public, no-patch*

### Dirty Frag (CVE-2026-43284 xfrm-ESP + CVE-2026-43500 RxRPC) — Microsoft confirmed ITW, RxRPC distro patches still propagating

**If you did nothing this week:** any Linux host (workload, container host, on-premises server, public-cloud VM) where the kernel ships `xfrm-ESP` enabled (default on virtually every distribution) is exposed to a single-command unprivileged-to-root privilege escalation with public PoC; Microsoft confirmed limited in-the-wild exploitation on 2026-05-08 and tracked further activity into 2026-05-11 ([Microsoft Security Blog, 2026-05-08](https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/); [daily 2026-05-11 UPDATE](briefs/2026-05-11.md); [Wiz Research](https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc)). Patch propagation is substantially complete: AlmaLinux 8/9/10, Ubuntu, Debian, Fedora, openSUSE all ship CVE-2026-43284 kernels as of 2026-05-07–10, with KernelCare live-patches generally available ([AlmaLinux blog](https://almalinux.org/blog/2026-05-07-dirty-frag/)).

CVE-2026-43500 (RxRPC) patch propagation is uneven. AlmaLinux 8 is not affected (rxrpc module not built); RHEL 9 errata are rolling; Ubuntu and Debian shipped patches; the lagging configurations are systems that have the optional `kernel-modules-partner` package installed (typical on AFS-using estates and some research-network deployments). The interim mitigation — `modprobe -r esp4 esp6 rxrpc` — breaks IPsec VPNs and AFS file-system access, so production rollout requires impact testing rather than blanket application. Detection focus: Sysmon EID 1 / `auditd` execve events showing unusual parent-process chains from non-root users spawning root-effective shells.

— *Source: [Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/) · [AlmaLinux blog](https://almalinux.org/blog/2026-05-07-dirty-frag/) · [Wiz Research](https://www.wiz.io/blog/dirty-frag-linux-kernel-local-privilege-escalation-via-esp-and-rxrpc) · [Daily 2026-05-11 UPDATE](briefs/2026-05-11.md) · Tags: vulnerabilities, actively-exploited, lpe, patch-available · Region: global · Sector: public-sector · CVE: CVE-2026-43284, CVE-2026-43500 · CVSS: 7.8 / 7.8 · Vector: local · Auth: post-auth · Status: exploited, patch-available*

## 2. Multi-day campaigns and chains

### TeamPCP / Mini Shai-Hulud npm supply-chain worm — wave 4 + framework source leak

The TeamPCP / Mini Shai-Hulud story spans every working day of 2026-W20 and the daily briefs add a piece each day. **Tuesday 2026-05-12:** an attacker briefly published what appears to be the complete Shai-Hulud framework source (TypeScript / Bun) to a public GitHub repository attributed to TeamPCP, taken down within hours but mirrored widely; the public source disclosure inverts the threat model — every IDE, EDR, and PR-review vendor now has access to the same artefact the operator was using but defenders must assume new variants will appear with one to two days' lead-time on signatures ([Datadog Security Labs static analysis, 2026-05-13](https://securitylabs.datadoghq.com/articles/shai-hulud-open-source-framework-static-analysis/); [daily 2026-05-15 UPDATE](briefs/2026-05-15.md)). **Wednesday 2026-05-13:** Wave 4 hits — 170+ packages / 400+ malicious versions compromised per daily-brief tracking across `@tanstack` (including `react-router`, ~12M weekly downloads), `@uipath`, `@mistralai`, `@opensearch-project`, and `@guardrails-ai`; the Wiz writeup confirms the same TeamPCP / UNC6780 / PCPJack attribution as prior waves ([Wiz Blog, 2026-05-11](https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised); [daily 2026-05-13 UPDATE](briefs/2026-05-13.md)). **Friday 2026-05-15:** OpenAI named as a victim; the company enforces code-signing certificate rotation across all macOS apps as remediation ([daily 2026-05-15 UPDATE](briefs/2026-05-15.md)).

What W1 horizon research surfaced that the dailies could not yet see: Datadog's static analysis of the leaked source reveals two new capability classes that change the defender posture. First, **IDE persistence** via hook entries in `.claude/settings.json` (Claude Code) and `.vscode/tasks.json` — allowing arbitrary command execution on developer-workspace events; this is not a build-time supply-chain primitive but a developer-workstation persistence mechanism that survives `npm install` cleanup and outlives the malicious-package removal. Second, **OIDC token extraction directly from `/proc/<pid>/mem` on GitHub Actions runners**, used to forge Sigstore provenance attestations — meaning malicious packages can be published that are indistinguishable from legitimate ones by **provenance verification alone**. The W19 weekly already flagged ShinyHunters / WorldLeaks as a long-running operator-family pattern; the TeamPCP / Mini Shai-Hulud progression confirms a parallel ecosystem maturing on the npm registry side, now with publication-provenance forgery in the toolset. The leaked framework source materially elevates the risk of secondary operators applying Shai-Hulud-style techniques against other package registries (PyPI, Cargo, Maven Central) in 2026-W21 ([Datadog Security Labs](https://securitylabs.datadoghq.com/articles/shai-hulud-open-source-framework-static-analysis/)).

The defender pivot is two-fold: (1) for DevOps pipelines, **provenance verification is necessary but no longer sufficient** — supplement with publisher-pinning, two-factor publish enforcement, and post-install hash-pinning; (2) for developer workstations, treat `.claude/settings.json` / `.vscode/tasks.json` / equivalent IDE hook files as security-relevant configuration and add them to file-integrity-monitoring scope. The Datadog filesystem indicators (`gh-token-monitor` daemon process, `claude@users.noreply.github.com` commits in unexpected repositories, exfil-repo names matching "Shai-Hulud: Here We Go Again") are the right hunt seeds.

— *Source: [Datadog Security Labs](https://securitylabs.datadoghq.com/articles/shai-hulud-open-source-framework-static-analysis/) · [Wiz Blog](https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised) · [Daily 2026-05-13 UPDATE](briefs/2026-05-13.md) · [Daily 2026-05-15 UPDATE](briefs/2026-05-15.md) · Tags: supply-chain, ai-abuse, actively-exploited · Region: global · Sector: technology*

### Canvas / Instructure extortion — ransom paid, US House investigation, second-intrusion vulnerability re-exploited

The W19 weekly closed with the Canvas / Instructure extortion deadline of 2026-05-12 pending. The trajectory through W20: **Tuesday 2026-05-12:** Instructure confirmed ransom payment to ShinyHunters with claimed data return and digital confirmation of destruction; second intrusion separately confirmed; per-institution leak deadline reset to the same day ([daily 2026-05-12 UPDATE](briefs/2026-05-12.md); [The Record, 2026-05-12](https://therecord.media/instructure-pays-ransom-canvas-incident-congress-investigation)). **Wednesday 2026-05-13:** the US House Homeland Security Committee (Chairman Garbarino) opened a formal investigation and requested an Instructure CEO briefing by 2026-05-21 covering both intrusion circumstances, scope and nature of accessed data, IR adequacy, and CISA coordination ([House Homeland Security Committee letter, 2026-05-11](https://homeland.house.gov/2026/05/11/chairman-garbarino-seeks-information-from-canvas-developer-after-cyberattacks-impact-schools-and-universities-nationwide/); [daily 2026-05-13 UPDATE](briefs/2026-05-13.md)). **Post-payment:** ShinyHunters defaced approximately 330 institutional Canvas login pages by re-exploiting the same Free-For-Teacher account vulnerability that enabled the second intrusion — demonstrating that the "no customer extortion" covenant in the ransom agreement was at best narrowly observed and that the access vector was not actually closed ([The Record](https://therecord.media/instructure-pays-ransom-canvas-incident-congress-investigation)).

The story matters to Swiss / EU public-sector defenders for three reasons that crystallise only across the multi-day arc. First, **paying the ransom did not close the access vector**: Instructure's patches did not eliminate the Free-For-Teacher abuse path, so the defacement wave is operational evidence that the underlying flaw remained exploitable; this is the "what did the patch actually fix" question every IR-receiving organisation should be asking of every paid-ransom-with-promised-fix vendor. Second, **the seven Dutch universities** (VU Amsterdam, UvA, Erasmus, Tilburg, TU/e, Maastricht, Twente) **disconnected Canvas** rather than wait for vendor remediation ([NL Times, 2026-05-09](https://nltimes.nl/2026/05/09/dutch-universities-disconnect-canvas-hackers-claim-continued-access)) — a defender posture worth pattern-matching for any future SaaS-LMS / SaaS-LRS / SaaS-grade-management vendor compromise. Third, the **US House investigation** is the regulatory analogue Swiss / EU SOC managers should anticipate from cantonal education ministries; the questions Chairman Garbarino's letter lists (intrusion timeline, data scope, IR adequacy, CISA / national-CSIRT coordination) are the same questions a cantonal Bildungsdirektion will ask after the next EdTech SaaS incident. Outcome of the 2026-05-21 briefing is the open horizon item for 2026-W21.

— *Source: [The Record](https://therecord.media/instructure-pays-ransom-canvas-incident-congress-investigation) · [US House Homeland Security Committee](https://homeland.house.gov/2026/05/11/chairman-garbarino-seeks-information-from-canvas-developer-after-cyberattacks-impact-schools-and-universities-nationwide/) · [NL Times — Dutch universities disconnect Canvas](https://nltimes.nl/2026/05/09/dutch-universities-disconnect-canvas-hackers-claim-continued-access) · [Daily 2026-05-12 UPDATE](briefs/2026-05-12.md) · [Daily 2026-05-13 UPDATE](briefs/2026-05-13.md) · Tags: ransomware, data-breach, organized-crime · Region: us, europe · Sector: education*

### Microsoft Exchange CVE-2026-42897 OWA-XSS — same-week compounding with the DEVCORE Pwn2Own chain

The Exchange story is unusual in that the cross-day chain plays out **within** W20 rather than as a multi-week arc. **Friday 2026-05-15:** Microsoft confirms active exploitation of CVE-2026-42897, an OWA stored XSS in calendar-invite rendering; CISA adds it to KEV with a 2026-05-29 federal remediation deadline; NCSC.ch publishes Security Hub post #12577 the same day ([Microsoft MSRC](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897); [NCSC.ch #12577](https://security-hub.ncsc.admin.ch/#/posts/12577); [daily 2026-05-16](briefs/2026-05-16.md)). **Thursday 2026-05-15 (Pwn2Own Day Two, parallel timeline):** Orange Tsai / DEVCORE earned $200,000 by chaining three bugs to achieve pre-auth RCE as SYSTEM on Exchange Server SE per Zero Day Initiative published results; ZDI does not publish per-bug technical detail before vendor patches under the standard 90-day disclosure clock ([ZDI Day Two](https://www.thezdi.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results); [daily 2026-05-17 UPDATE](briefs/2026-05-17.md)).

These are two distinct findings (CVE-2026-42897 stored XSS active in the wild vs. the DEVCORE three-bug chain that achieved pre-auth SYSTEM RCE in a controlled-research setting) and at week-end Microsoft has not formally linked them; but for any threat actor with a foothold via the OWA-XSS, post-foothold escalation primitives along the lines DEVCORE demonstrated are the natural next-stage concern. The composite threat picture is: pre-auth SYSTEM RCE plausibly weaponisable from public research before Microsoft ships a permanent patch; pre-auth session takeover via the OWA-XSS possible **today**. EEMS / EOMT mitigations address the XSS attack path only. Hunt scope: OWA `w3wp.exe` worker children spawning anomalous PowerShell / WMI; mailbox-role-assignment audit trail for unexpected privilege transitions.

— *Source: [Microsoft Security Blog](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897) · [NCSC.ch Security Hub #12577](https://security-hub.ncsc.admin.ch/api/posts/12577/details) · [Zero Day Initiative](https://www.thezdi.com/blog/2026/5/15/pwn2own-berlin-2026-day-two-results) · [Daily 2026-05-16](briefs/2026-05-16.md) · Tags: vulnerabilities, actively-exploited, zero-day, cisa-kev, no-patch, identity · Region: global · Sector: public-sector*

### PAN-OS CVE-2026-0300 — staged-patch arc spanning W19 and W20

The PAN-OS staged-patch arc began in W19 with limited-ITW exploitation against User-ID Authentication Portal exposed firewalls (CL-STA-1132 since 2026-04-09), continued into W20 with wave 1 landing on 2026-05-13 ([daily 2026-05-13 UPDATE](briefs/2026-05-13.md)) for eight build streams, and now extends a further eleven days as the PSIRT advisory was updated 2026-05-16 confirming wave 2 delayed to 2026-05-28 for the remaining eight build streams ([Palo Alto PSIRT CVE-2026-0300](https://security.paloaltonetworks.com/CVE-2026-0300); [daily 2026-05-14 UPDATE](briefs/2026-05-14.md)).

The cross-day learning for Swiss / EU defenders is that PSIRT-stated patch dates on actively-exploited bugs are still subject to slip and the operational window is what matters, not the advisory's first-quoted date. The interim mitigation remains identical (User-ID Auth Portal scoped to trusted zones, Response Pages off external L3 interfaces, Threat ID 510019 for ≥ 11.1 + content ≥ 9097-10022); the retrospective hunt for `svc-health-check-NNNNNN` admin accounts and Python implants under `/var/tmp/linuxupdate` / `/var/tmp/linuxap` / `/tmp/.c` remains the only signal a CL-STA-1132-victimised organisation will have between the pre-patch compromise and the eventual upgrade.

— *Source: [Palo Alto Networks PSIRT](https://security.paloaltonetworks.com/CVE-2026-0300) · [Daily 2026-05-13 UPDATE](briefs/2026-05-13.md) · [Daily 2026-05-14 UPDATE](briefs/2026-05-14.md) · Tags: vulnerabilities, actively-exploited, pre-auth, rce, patch-available · Region: global · Sector: public-sector*

## 3. Vulnerability roll-up

Every CVE referenced in 2026-W20 daily briefs. H3 entries follow for operationally critical items (Active ITW, KEV-added during window, pre-auth RCE on internet-exposed software).

| CVE | Product | Status | Patched | KEV | First brief | Source |
|---|---|---|---|---|---|---|
| CVE-2026-42897 | Microsoft Exchange Server 2016 / 2019 / SE OWA stored XSS | Active ITW · KEV-added 2026-05-15 (deadline 2026-05-29) | Mitigation only (EEMS / EOMT) | yes | [briefs/2026-05-16.md](briefs/2026-05-16.md) | [Microsoft Security Blog](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897) |
| CVE-2026-20182 | Cisco Catalyst SD-WAN Controller / Manager pre-auth bypass | Active ITW (UAT-8616) · KEV-added 2026-05-14 (deadline 2026-05-17) | vManage 20.13.4 / 20.12.6 / 20.9.7 | yes | [briefs/2026-05-15.md](briefs/2026-05-15.md) | [Cisco PSIRT](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW) |
| CVE-2026-0300 | Palo Alto PAN-OS Captive / User-ID Auth Portal | Active ITW (CL-STA-1132) | Wave 1 2026-05-13; wave 2 2026-05-28 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [Palo Alto PSIRT](https://security.paloaltonetworks.com/CVE-2026-0300) |
| CVE-2026-43284 | Linux kernel xfrm-ESP (Dirty Frag part 1) | Active ITW (limited) | Major distros patched 2026-05-07 onward | — | [briefs/2026-05-11.md](briefs/2026-05-11.md) | [Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/) |
| CVE-2026-43500 | Linux kernel rxrpc module (Dirty Frag part 2) | Active ITW (limited) | Distro patches uneven (only affects systems with `kernel-modules-partner`) | — | [briefs/2026-05-11.md](briefs/2026-05-11.md) | [AlmaLinux blog](https://almalinux.org/blog/2026-05-07-dirty-frag/) |
| CVE-2026-6722 | PHP SOAP extension UAF in `SOAP_GLOBAL(ref_map)` | Disclosure-only | Patched 2026-05-08 | — | [briefs/2026-05-11.md](briefs/2026-05-11.md) | [PHP GHSA-85c2-q967-79q5](https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5) |
| CVE-2026-7261 | PHP companion to CVE-2026-6722 (SOAP-related) | Disclosure-only | Patched 2026-05-08 | — | [briefs/2026-05-11.md](briefs/2026-05-11.md) | [PHP GHSA-85c2-q967-79q5](https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5) |
| CVE-2026-7262 | PHP companion to CVE-2026-6722 (SOAP-related) | Disclosure-only | Patched 2026-05-08 | — | [briefs/2026-05-11.md](briefs/2026-05-11.md) | [PHP GHSA-85c2-q967-79q5](https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5) |
| CVE-2025-69690 | Netgate pfSense Community Edition auth root RCE | Vendor "won't fix" | No patch (vendor refused) | — | [briefs/2026-05-11.md](briefs/2026-05-11.md) | [BSI advisory WID-SEC-2026-1100](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1100) |
| CVE-2025-69691 | Netgate pfSense CE companion auth flaw | Vendor "won't fix" | No patch | — | [briefs/2026-05-11.md](briefs/2026-05-11.md) | [BSI advisory WID-SEC-2026-1100](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1100) |
| CVE-2026-44277 | Fortinet FortiAuthenticator unauth RCE | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [Fortinet PSIRT FG-IR-26-128](https://fortiguard.fortinet.com/psirt/FG-IR-26-128) |
| CVE-2026-26083 | Fortinet FortiSandbox unauth RCE | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [Fortinet PSIRT FG-IR-26-136](https://fortiguard.fortinet.com/psirt/FG-IR-26-136) |
| CVE-2026-45185 | Exim "Dead.Letter" UAF in BDAT/CHUNKING (GnuTLS builds) | Disclosure-only | Patched 4.99.0 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [Exim security release](https://exim.org/static/doc/security/CVE-2026-45185.txt) |
| CVE-2026-41089 | Microsoft May 2026 Patch Tuesday (selected) | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [MSRC Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089) |
| CVE-2026-41096 | Microsoft May 2026 Patch Tuesday (selected) | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [MSRC Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096) |
| CVE-2026-41103 | Microsoft May 2026 Patch Tuesday (selected) | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [MSRC Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41103) |
| CVE-2026-42898 | Microsoft May 2026 Patch Tuesday (selected) | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [MSRC Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42898) |
| CVE-2026-34263 | SAP Commerce Cloud pre-auth RCE | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [SAP Security Patch Day May 2026](https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html) |
| CVE-2026-34260 | SAP S/4HANA Enterprise Search SQL injection | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-13.md](briefs/2026-05-13.md) | [SAP Security Patch Day May 2026](https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html) |
| CVE-2026-8043 | Ivanti Xtraction external file control | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-14.md](briefs/2026-05-14.md) | [Ivanti PSIRT May 2026 advisory batch](https://www.ivanti.com/blog/may-2026-security-update) |
| CVE-2026-45691 | Nextcloud Server / Enterprise 2FA bypass via WebDAV | Disclosure-only | Patched 2026-05-14 | — | [briefs/2026-05-15.md](briefs/2026-05-15.md) | [Nextcloud security advisory NC-SA-2026-029](https://nextcloud.com/security/advisory/?id=NC-SA-2026-029) |
| CVE-2026-45793 | PHP Composer CI token disclosure in error messages | Disclosure-only | Patched 2.8.10 | — | [briefs/2026-05-15.md](briefs/2026-05-15.md) | [Composer GitHub Security Advisory GHSA-q468-rwj9-r734](https://github.com/composer/composer/security/advisories/GHSA-q468-rwj9-r734) |
| CVE-2026-42945 | NGINX OSS / Plus / F5 WAF rewrite-module heap overflow ("NGINX Rift") | PoC public | Patched 2026-05-14 | — | [briefs/2026-05-15.md](briefs/2026-05-15.md) | [F5 K000172830](https://my.f5.com/manage/s/article/K000172830) |
| CVE-2026-46300 | Linux kernel xfrm ESP-in-TCP LPE ("Fragnesia") | PoC public | Mainline patch 2026-05-14, distros propagating | — | [briefs/2026-05-15.md](briefs/2026-05-15.md) | [Linux kernel security advisory CVE-2026-46300](https://www.wiz.io/blog/fragnesia-linux-kernel-local-privilege-escalation-via-esp-in-tcp) |
| CVE-2026-44112 | OpenClaw "Claw Chain" #1 — sandbox escape | Disclosure-only | Patched 2026-05-15 | — | [briefs/2026-05-16.md](briefs/2026-05-16.md) | [OpenClaw security advisory OC-SA-2026-001](https://openclaw.org/security/OC-SA-2026-001) |
| CVE-2026-44113 | OpenClaw "Claw Chain" #2 — credential leak | Disclosure-only | Patched 2026-05-15 | — | [briefs/2026-05-16.md](briefs/2026-05-16.md) | [OpenClaw security advisory OC-SA-2026-001](https://openclaw.org/security/OC-SA-2026-001) |
| CVE-2026-44115 | OpenClaw "Claw Chain" #3 — privilege escalation | Disclosure-only | Patched 2026-05-15 | — | [briefs/2026-05-16.md](briefs/2026-05-16.md) | [OpenClaw security advisory OC-SA-2026-001](https://openclaw.org/security/OC-SA-2026-001) |
| CVE-2026-44118 | OpenClaw "Claw Chain" #4 — file disclosure | Disclosure-only | Patched 2026-05-15 | — | [briefs/2026-05-16.md](briefs/2026-05-16.md) | [OpenClaw security advisory OC-SA-2026-001](https://openclaw.org/security/OC-SA-2026-001) |
| CVE-2025-54518 | AMD Zen 2 µop-cache corruption / SoC isolation failure | PoC public | Microcode mitigation in May 2026 Windows update + Xen XSA-490 | — | [briefs/2026-05-16.md](briefs/2026-05-16.md) | [AMD Security Bulletin AMD-SB-7052](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html) |
| CVE-2026-44088 | CERT-PL SzafirHost JAR zip-polyglot bypass (Poland qualified e-sig) | Disclosure-only | Patched 2026-05-15 | — | [briefs/2026-05-17.md](briefs/2026-05-17.md) | [CERT-PL advisory CERT-PL-2026-44088](https://cert.pl/en/posts/2026/05/CVE-2026-44088/) |
| CVE-2026-41225 | F5 BIG-IP / BIG-IQ iControl REST manager-role authenticated RCE | Disclosure-only | Patched 2026-05-13 | — | [briefs/2026-05-17.md](briefs/2026-05-17.md) | [F5 K000172841](https://my.f5.com/manage/s/article/K000172841) |
| CVE-2026-41553 | DHTMLX PDF Export unauthenticated server-side JS injection RCE | Disclosure-only | Patched 2026-05-15 (8.3.1) | — | [briefs/2026-05-17.md](briefs/2026-05-17.md) | [DHTMLX security advisory DHX-SA-2026-001](https://dhtmlx.com/blog/security-advisory-dhx-sa-2026-001/) |
| CVE-2026-41552 | DHTMLX PDF Export companion path-traversal | Disclosure-only | Patched 2026-05-15 (8.3.1) | — | [briefs/2026-05-17.md](briefs/2026-05-17.md) | [DHTMLX security advisory DHX-SA-2026-001](https://dhtmlx.com/blog/security-advisory-dhx-sa-2026-001/) |
| CVE-2026-7182 | DHTMLX PDF Export companion path-traversal | Disclosure-only | Patched 2026-05-15 (8.3.1) | — | [briefs/2026-05-17.md](briefs/2026-05-17.md) | [DHTMLX security advisory DHX-SA-2026-001](https://dhtmlx.com/blog/security-advisory-dhx-sa-2026-001/) |
| CVE-2026-31431 | "Copy Fail" Linux kernel crypto LPE (carry-over from W19) | KEV (deadline 2026-05-15 passed) | Major distros patched 2026-05-01; RHEL errata still outstanding | yes | [briefs/2026-05-10.md](briefs/2026-05-10.md) | [AlmaLinux blog](https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/) |
| CVE-2026-44128 | SEPPmail Secure Email Gateway unauth Perl-eval RCE (carry-over) | Disclosure-only · SINGLE-SOURCE-NATIONAL-CERT (CIRCL) | Patched ≥ 15.0.2.1 | — | [briefs/weekly/2026-W19.md](briefs/weekly/2026-W19.md) | [CIRCL vulnerability.circl.lu](https://vulnerability.circl.lu/vuln/cve-2026-44128) |
| CVE-2026-4670 | MOVEit Automation auth bypass (carry-over) | No ITW confirmed | Patched 2025.1.5 / 2025.0.9 / 2024.1.8 | — | [briefs/2026-05-06.md](briefs/2026-05-06.md) | [Help Net Security](https://www.helpnetsecurity.com/2026/05/04/critical-moveit-automation-auth-bypass-vulnerability-fixed-cve-2026-4670/) |

H3 entries for the operationally critical items in §§ 1 and 2 (Exchange CVE-2026-42897, Cisco SD-WAN CVE-2026-20182, PAN-OS CVE-2026-0300, Dirty Frag CVE-2026-43284 / 43500) are not repeated here — see § 1 for full coverage. The H3 entries below cover items whose criticality is operationally meaningful but did not earn a § 1 placement.

### CVE-2026-44277 / CVE-2026-26083 — Fortinet FortiAuthenticator and FortiSandbox unauthenticated RCE

Fortinet's 2026-05-13 PSIRT batch addresses two unauthenticated remote-code-execution flaws on management-plane Fortinet appliances common in Swiss federal and cantonal estates. CVE-2026-44277 (FortiAuthenticator, the SAML / RADIUS / 802.1X identity broker) and CVE-2026-26083 (FortiSandbox, the malware-analysis appliance) are both pre-auth network-reachable and CVSS ≥ 9. Daily 2026-05-13 confirmed patched builds; no ITW exploitation reported at week-end. Operational implication: FortiAuthenticator sits at the centre of identity-broker trust chains in many public-sector network architectures, so a compromised FortiAuthenticator yields cross-domain credential-issuance capability that is materially worse than a typical RCE — patch state should be verified explicitly on every FortiAuthenticator deployment ([Fortinet PSIRT FG-IR-26-128 / FG-IR-26-136](https://fortiguard.fortinet.com/psirt/FG-IR-26-128); [daily 2026-05-13](briefs/2026-05-13.md)).

— *Source: [Fortinet PSIRT FG-IR-26-128](https://fortiguard.fortinet.com/psirt/FG-IR-26-128) · [Fortinet PSIRT FG-IR-26-136](https://fortiguard.fortinet.com/psirt/FG-IR-26-136) · [Daily 2026-05-13](briefs/2026-05-13.md) · Tags: vulnerabilities, pre-auth, rce, patch-available · Region: global · Sector: public-sector · CVE: CVE-2026-44277, CVE-2026-26083 · CVSS: 9.0 / 9.2 · Vector: zero-click · Auth: pre-auth · Status: patch-available*

### CVE-2026-34263 — SAP Commerce Cloud pre-auth RCE; CVE-2026-34260 — SAP S/4HANA Enterprise Search SQL injection

SAP's May 2026 Security Patch Day shipped CVE-2026-34263 (Commerce Cloud pre-auth RCE) and CVE-2026-34260 (S/4HANA Enterprise Search SQL injection). Commerce Cloud is internet-exposed by design (storefront workloads); S/4HANA Enterprise Search is typically segmented but reachable from internal-user populations. No ITW exploitation at week-end ([SAP Security Patch Day May 2026](https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html); [daily 2026-05-13](briefs/2026-05-13.md)). Swiss / EU public-sector deployments of S/4HANA in federal-administration ERP estates make the SQL-injection patch state worth verifying outside the standard quarterly window.

— *Source: [SAP Security Patch Day May 2026](https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2026.html) · [Daily 2026-05-13](briefs/2026-05-13.md) · Tags: vulnerabilities, pre-auth, rce, patch-available · Region: global · Sector: public-sector · CVE: CVE-2026-34263, CVE-2026-34260 · CVSS: 9.8 / 8.8 · Vector: zero-click · Auth: pre-auth · Status: patch-available*

### CVE-2026-44088 — CERT-PL SzafirHost JAR zip-polyglot bypass in Poland's qualified e-signature browser helper

CERT-PL disclosed CVE-2026-44088 on 2026-05-17: a JAR zip-polyglot bypass in the SzafirHost browser-helper that mediates qualified e-signature operations for Polish public-sector users (citizen-facing e-government services). The flaw lets a crafted JAR delivered as a polyglot file bypass the qualifying-certificate check and induce the host to attach a qualified signature to attacker-chosen content. Patched 2026-05-15. Operational relevance for Swiss / EU public-sector defenders: the eIDAS qualified-electronic-signature framework is pan-European, so the **class** of attack — polyglot-file abuse of a browser-helper that mediates signature operations — is portable to Swiss QES vendors and to other member-state qualified-signature browser helpers. Validation: confirm patch state of every QES-helper in your endpoint estate; consider polyglot-file detection as a content-inspection control on inbound document workflows ([CERT-PL CERT-PL-2026-44088](https://cert.pl/en/posts/2026/05/CVE-2026-44088/); [daily 2026-05-17](briefs/2026-05-17.md)).

— *Source: [CERT-PL CERT-PL-2026-44088](https://cert.pl/en/posts/2026/05/CVE-2026-44088/) · [Daily 2026-05-17](briefs/2026-05-17.md) · Tags: vulnerabilities, identity, patch-available · Region: europe · Sector: public-sector · CVE: CVE-2026-44088 · CVSS: 8.1 · Vector: user-interaction · Auth: pre-auth · Status: patch-available*

### CVE-2026-6722 — PHP SOAP UAF in `SOAP_GLOBAL(ref_map)` (with companions CVE-2026-7261 / CVE-2026-7262)

PHP SOAP-extension use-after-free in `SOAP_GLOBAL(ref_map)`, CVSS 9.5, with two related companions (CVE-2026-7261 and CVE-2026-7262, both SOAP-class, CVSS 6.3 each). Patched on 2026-05-07 in PHP 8.5.6 and equivalents across maintained 8.4 / 8.3 / 8.2 branches per the official PHP GHSA. No ITW exploitation at week-end; daily 2026-05-11 recommends explicit patch validation for any web-facing PHP infrastructure with SOAP enabled ([daily 2026-05-11](briefs/2026-05-11.md); [PHP GHSA-85c2-q967-79q5](https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5)).

— *Source: [PHP GHSA-85c2-q967-79q5](https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5) · [php.watch — PHP 8.5.6 release](https://php.watch/versions/8.5/releases/8.5.6) · [Daily 2026-05-11](briefs/2026-05-11.md) · Tags: vulnerabilities, rce, patch-available · Region: global · Sector: public-sector · CVE: CVE-2026-6722, CVE-2026-7261, CVE-2026-7262 · CVSS: 9.5 / 6.3 / 6.3 · Vector: zero-click · Auth: pre-auth · Status: patch-available*

### Windows BitLocker "YellowKey" and CTFMON "GreenPlasma" — public PoC, no patch

See § 1 H3 for full operational framing. Listed here for vulnerability-roll-up completeness. No CVE identifiers had been allocated by Microsoft as of 2026-05-17.

— *Source: [BleepingComputer — Windows BitLocker zero-day PoC](https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/) · [NCSC.ch Security Hub #12574](https://security-hub.ncsc.admin.ch/#/posts/12574) · [Daily 2026-05-15](briefs/2026-05-15.md) · Tags: vulnerabilities, zero-day, lpe, no-patch, poc-public · Region: global · Sector: public-sector · Status: poc-public, no-patch*

### CVE-2026-46300 — Linux kernel xfrm ESP-in-TCP LPE ("Fragnesia"), PoC public

Disclosed 2026-05-15 with public PoC; mainline kernel patch landed 2026-05-14, distro propagation underway. LPE primitive against the xfrm ESP-in-TCP code path; trips IPsec VPN endpoints in particular. Mitigation `modprobe -r esp4 esp6` (breaks IPsec). Distinct from Dirty Frag (different code paths) but conceptually adjacent — both abuse kernel xfrm assumptions ([daily 2026-05-15](briefs/2026-05-15.md)).

— *Source: [Linux kernel security advisory CVE-2026-46300](https://www.wiz.io/blog/fragnesia-linux-kernel-local-privilege-escalation-via-esp-in-tcp) · [Daily 2026-05-15](briefs/2026-05-15.md) · Tags: vulnerabilities, lpe, poc-public, patch-available · Region: global · Sector: public-sector · CVE: CVE-2026-46300 · CVSS: 7.8 · Vector: local · Auth: post-auth · Status: poc-public, patch-available*

## 4. Sector & victim patterns

### Healthcare

Two distinct healthcare-sector signals this week. **Dutch IGJ ruling on Clinical Diagnostics / NMDL** (2026-05-14) formally found the laboratory provider non-conformant with NEN 7510 (Dutch information-security-management standard for healthcare) at the time of the July 2025 ransomware breach; the daily 2026-05-14 (citing Computable) records approximately 941,000 patients affected including cervical-cancer screening records. This is the first IGJ NEN 7510 non-conformity finding against a third-party diagnostics provider and sets a regulatory precedent that maps directly onto NIS2 essential-entity supplier-due-diligence obligations — Dutch hospitals using the same supplier face open questions about whether their own NIS2 essential-entity status now creates downstream cyber-due-diligence liability for the supplier's controls ([IGJ inspection report](https://www.igj.nl/actueel/nieuws/2026/05/13/clinical-diagnostics-voldeed-niet-aan-wettelijke-norm-voor-informatiebeveiliging); [Computable](https://www.computable.nl/2026/05/13/inspectie-vernietigend-over-beveiliging-clinical-diagnostics-na-datahack/); [daily 2026-05-14](briefs/2026-05-14.md)).

**West Pharmaceutical Services SEC Form 8-K Item 1.05** (2026-05-12 [SINGLE-SOURCE-OTHER]) — data exfiltrated, systems encrypted, global operations partially restarted; pharmaceutical-manufacturing-sector incident with potential EU drug-supply-chain implications. The pattern across the two incidents is that healthcare-adjacent third-party suppliers (diagnostic labs, pharmaceutical-component manufacturers) are operationally critical to NIS2-scope hospital and public-health-service consumers but typically sit one tier away from the regulator's direct view; the IGJ-NMDL ruling provides the legal template for closing that gap ([daily 2026-05-12](briefs/2026-05-12.md)).

— *Source: [IGJ inspection report](https://www.igj.nl/actueel/nieuws/2026/05/13/clinical-diagnostics-voldeed-niet-aan-wettelijke-norm-voor-informatiebeveiliging) · [Daily 2026-05-14](briefs/2026-05-14.md) · [Daily 2026-05-12](briefs/2026-05-12.md) · Tags: ransomware, data-breach, healthcare · Region: europe · Sector: healthcare*

### Public administration and government

Three operator clusters made the public-administration / government sector pattern this week. **Secret Blizzard / Turla** (FSB Centre 16) evolved Kazuar into a three-module P2P botnet; Microsoft Threat Intelligence's 2026-05-14 analysis documents historical targeting of government and diplomatic-sector organizations in Europe and Central Asia ([Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/); [daily 2026-05-16](briefs/2026-05-16.md)). **FrostyNeighbor / Ghostwriter** (UNC1151, Belarus state-aligned) documented by ESET on 2026-05-14 with Polish, Lithuanian, and Ukrainian governmental, industrial, healthcare, and logistics targets in scope; the geofenced PDF → PicassoLoader JS → Cobalt Strike chain reuses CVE-2024-42009 (Roundcube XSS) for Polish targets ([ESET WeLiveSecurity](https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/); [The Hacker News](https://thehackernews.com/2026/05/ghostwriter-targets-ukrainian.html); [daily 2026-05-15](briefs/2026-05-15.md)). **GTIG UNC6671 "BlackFile"** (daily 2026-05-16) — vishing → AiTM → rogue-MFA → programmatic SharePoint exfiltration of 1M+ files per victim across mixed-sector victims including public-administration entities; the DLS-shutdown signal indicates a probable rebrand and is the watch-item for 2026-W21 ([daily 2026-05-16](briefs/2026-05-16.md)).

The Swiss-specific signal worth flagging: the **Sophos 2026 State of Identity Security report** (covered daily 2026-05-15) records Switzerland as the country with the **highest identity-breach incidence globally** in the survey's reporting period; the daily 2026-05-15 reports energy as the hardest-hit sector in CH. The Sophos data corroborates the **Secret Blizzard / FrostyNeighbor / UNC6671 public-administration pattern** — identity-protocol abuse (Kerberos pre-auth, OAuth device-code, AiTM session-token theft) is the common pivot across all three operators and matches the identity-to-ransomware pipeline Sophos surfaces at 67% of cases (see § 6) ([Sophos blog](https://www.sophos.com/en-us/blog/sophos-state-of-identity-security-2026); [daily 2026-05-15](briefs/2026-05-15.md)).

— *Source: [Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/) · [ESET WeLiveSecurity](https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/) · [Sophos blog](https://www.sophos.com/en-us/blog/sophos-state-of-identity-security-2026) · [Daily 2026-05-15](briefs/2026-05-15.md) · [Daily 2026-05-16](briefs/2026-05-16.md) · Tags: nation-state, espionage, russia-nexus, identity · Region: europe, switzerland · Sector: public-sector*

### Manufacturing

**Foxconn confirmed Nitrogen ransomware** crippled North-American manufacturing sites (daily 2026-05-13); 8 TB / 11M files claimed exfiltrated. Operationally this is North-America-localised but informs Swiss / EU manufacturing-sector defenders on Nitrogen's mid-2026 TTPs — the manufacturer attack surface (OT-network adjacency to enterprise IT, downtime-sensitive production lines giving ransom-payment pressure) is the same in CH / EU operators. **Škoda Auto Deutschland online-shop breach** (daily 2026-05-12) exposed customer PII and password hashes; logging-gap prevented exfiltration confirmation — the operational lesson is one Swiss federal IT teams should pattern-match against their own e-commerce / citizen-portal logging coverage.

— *Source: [The Record — Foxconn confirms cyberattack](https://therecord.media/foxconn-confirms-cyberattack-north-american-factories) · [The Register — Foxconn confirms](https://www.theregister.com/cyber-crime/2026/05/12/foxconn-confirms-cyberattack-after-nitrogen-claims-apple-nvidia-data-theft/5239144) · [Daily 2026-05-13](briefs/2026-05-13.md) · [Daily 2026-05-12](briefs/2026-05-12.md) · Tags: ransomware, data-breach, organized-crime · Region: us, europe · Sector: manufacturing*

### Hospitality

**BWH Hotels (Best Western, WorldHotels, Sure Hotels) 181-day unauthorised access** to a guest-reservation web application (daily 2026-05-13), six EU brands in scope. The 181-day dwell time is the operational lesson: a web-application access vector that escapes detection for half a year indicates absent application-tier telemetry — the right SOC-management response is to audit which guest / customer-facing web applications have **no** structured access-event telemetry feeding into the SIEM. EU regulatory scope: any of the six EU-brand reservation systems holding EU PII triggers GDPR Article 33 / 34 obligations and likely informs CEF 2026 enforcement attention (see Policy section below).

— *Source: [The Register — Best Western confirms web-app breach](https://www.theregister.com/security/2026/05/11/best-western-hotels-confirms-web-app-data-breach/5238020) · [SecurityWeek — BWH Hotels reservation data](https://www.securityweek.com/bwh-hotels-says-hackers-had-access-to-reservation-data-for-6-months/) · [Daily 2026-05-13](briefs/2026-05-13.md) · Tags: data-breach · Region: europe, us · Sector: retail*

### AI tooling SaaS and developer toolchain

The Mini Shai-Hulud / TeamPCP propagation across `@tanstack`, `@uipath`, `@mistralai`, `@opensearch-project`, `@guardrails-ai`, and OpenAI consolidates a sector pattern first surfaced in W19: AI-evaluation, AI-observability, AI-agent-orchestration, and AI-tooling SaaS vendors **all** sit on architectures that aggregate organisation-level upstream credentials (LLM-provider API keys, GitHub Actions OIDC tokens, package-publish certificates) — and the operator class active this quarter is mining that aggregation pattern systematically. See § 2 for the cross-day chain and § 7 for long-running campaign status.

— *Source: [Datadog Security Labs](https://securitylabs.datadoghq.com/articles/shai-hulud-open-source-framework-static-analysis/) · [Daily 2026-05-15 UPDATE](briefs/2026-05-15.md) · Tags: supply-chain, ai-abuse · Region: global · Sector: technology*

### WordPress retail / e-commerce

**FunnelKit "Funnel Builder for WooCommerce"** actively exploited as a Magecart skimmer on 40,000+ WordPress stores (daily 2026-05-17), no CVE assigned. The operational pattern (Magecart abuse of a popular WooCommerce plugin) is portable across the WordPress + WooCommerce e-commerce ecosystem used by Swiss / EU SMB retailers; SOC managers serving SMB or municipal e-commerce estates should sweep deployed WooCommerce plugin inventories for the affected FunnelKit version and audit checkout-page DOM for injected payment-form-skimming scripts.

— *Source: [Sansec research](https://sansec.io/research/funnelkit-woocommerce-vulnerability-exploited) · [BleepingComputer — Funnel Builder skimmer](https://www.bleepingcomputer.com/news/security/funnel-builder-wordpress-plugin-bug-exploited-to-steal-credit-cards/) · [Daily 2026-05-17](briefs/2026-05-17.md) · Tags: vulnerabilities, actively-exploited, data-breach, supply-chain · Region: global · Sector: retail*

## 5. Incidents & disclosures recap

A defender-learning summary, not a chronological list. The cross-cutting themes this week: (1) **paying the ransom does not always close the access vector** — Instructure's Canvas defacement wave is the dominant case study, see § 2; (2) **regulators are now writing the supplier-due-diligence chapter of NIS2** — the Dutch IGJ NEN 7510 ruling is the template for member-state regulators to translate cyber-due-diligence into formal supplier non-conformity findings; (3) **the gap between ransomware claim and victim confirmation is shortening** — Foxconn's same-week confirmation of the Nitrogen-claimed attack contrasts with the typical 4-to-8-week lag seen in 2024–2025 victim disclosures.

### Foxconn — Nitrogen ransomware confirmed against North-American manufacturing sites

Foxconn confirmed Nitrogen ransomware crippled North-American manufacturing sites; 8 TB / 11M files claimed exfiltrated. Same-week victim confirmation after the leak-site listing — operationally a useful data point on Nitrogen's mid-2026 tempo and the manufacturer-sector pressure to confirm publicly to clear customer / regulator queries quickly. North-America-localised; the relevance to Swiss / EU defenders is the operator-tempo signal, not direct victim impact ([daily 2026-05-13](briefs/2026-05-13.md)).

— *Source: [BleepingComputer](https://therecord.media/foxconn-confirms-cyberattack-north-american-factories) · [Daily 2026-05-13](briefs/2026-05-13.md) · Tags: ransomware, organized-crime · Region: us · Sector: manufacturing*

### BWH Hotels — 181-day unauthorised access to guest-reservation web application

Six EU brands (Best Western, WorldHotels, Sure Hotels and three sub-brands) in scope; 181-day dwell time indicates absent application-tier telemetry on the affected reservation web application. EU regulatory scope: GDPR Article 33 / 34 obligations for the six EU-brand reservation systems holding EU PII. The defender's learning: audit which guest-facing / citizen-facing web applications have no structured access-event telemetry into the SIEM ([daily 2026-05-13](briefs/2026-05-13.md)).

— *Source: [SecurityWeek](https://www.theregister.com/security/2026/05/11/best-western-hotels-confirms-web-app-data-breach/5238020) · [Daily 2026-05-13](briefs/2026-05-13.md) · Tags: data-breach · Region: europe, us · Sector: retail*

### Clinical Diagnostics / NMDL — Dutch IGJ formal NEN 7510 non-conformity ruling

The IGJ ruling formally found Clinical Diagnostics / NMDL non-conformant with NEN 7510 (Dutch information-security-management standard for healthcare) at the time of the July 2025 ransomware breach (approximately 941,000 patients affected per Computable / daily 2026-05-14, cervical-cancer screening data exposed). First IGJ NEN 7510 non-conformity finding against a third-party diagnostics provider. For Swiss / EU public-sector defenders: this is the regulatory template member-state regulators are likely to deploy under NIS2 essential-entity supplier-due-diligence obligations — Dutch hospitals using the same supplier and other EU member-state regulators with parallel healthcare-ISO standards (NEN 7510, ISO 27799, the Italian AgID guidelines) will pattern-match this ruling for their own supplier oversight ([IGJ inspection report](https://www.igj.nl/actueel/nieuws/2026/05/13/clinical-diagnostics-voldeed-niet-aan-wettelijke-norm-voor-informatiebeveiliging); [Computable](https://www.computable.nl/2026/05/13/inspectie-vernietigend-over-beveiliging-clinical-diagnostics-na-datahack/); [daily 2026-05-14](briefs/2026-05-14.md)).

— *Source: [IGJ inspection report](https://www.igj.nl/actueel/nieuws/2026/05/13/clinical-diagnostics-voldeed-niet-aan-wettelijke-norm-voor-informatiebeveiliging) · [Daily 2026-05-14](briefs/2026-05-14.md) · Tags: data-breach, ransomware, healthcare · Region: europe · Sector: healthcare*

### West Pharmaceutical Services — SEC Form 8-K Item 1.05 [SINGLE-SOURCE-OTHER]

Data exfiltrated, systems encrypted, global operations partially restarted. SEC 8-K Item 1.05 disclosure — single-source as of week-end with no independent corroborating breach analysis. Operational relevance to Swiss / EU public-sector defenders: West Pharmaceutical supplies drug-delivery components into EU pharmaceutical-manufacturing supply chains; the "global operations partially restarted" language indicates ongoing IT-side recovery that may yet propagate downstream supply-chain impact ([daily 2026-05-12](briefs/2026-05-12.md)).

— *Source: [SEC Form 8-K filing — West Pharmaceutical Services Inc.](https://www.sec.gov/Archives/edgar/data/105770/000010577026000068/wst-20260507.htm) · [Daily 2026-05-12](briefs/2026-05-12.md) · Tags: ransomware, data-breach · Region: us, europe · Sector: healthcare, manufacturing*

### Škoda Auto Deutschland — online-shop breach exposes customer PII and password hashes

Customer PII and password hashes exposed; logging-gap prevented exfiltration confirmation. The defender's learning is the logging-coverage point: a breach where the victim **cannot confirm** what was exfiltrated is a logging-design failure. Pattern-match: which of your own citizen-facing / customer-facing e-commerce flows would leave you with the same uncertainty after an intrusion? ([daily 2026-05-12](briefs/2026-05-12.md)).

— *Source: [Heise Security](https://www.skoda-auto.de/unternehmen/sicherheitsvorfall-skoda-shop) · [Daily 2026-05-12](briefs/2026-05-12.md) · Tags: data-breach · Region: europe · Sector: retail, manufacturing*

### South Staffordshire Water — ICO £963,900 fine

ICO fines South Staffordshire Water £963,900 over the 2022 Cl0p ZeroLogon kill-chain intrusion (daily 2026-05-12). The water-sector OES finding with the partial SIEM coverage detail (5% host-inventory coverage) is the operational lesson for any utility / critical-infrastructure operator with patchy telemetry. Regulatory significance: the ICO penalty on a critical-infrastructure operator gives Swiss BACS / EU NIS2 competent authorities a template fine-calculation for analogous deficiencies ([daily 2026-05-12](briefs/2026-05-12.md)).

— *Source: [ICO penalty notice — South Staffordshire Water](https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/05/fine-of-nearly-1m-issued-against-south-staffordshire-plc-and-south-staffordshire-water-plc/) · [The Record](https://therecord.media/uk-water-company-had-hackers-lurking-for-years) · [Daily 2026-05-12](briefs/2026-05-12.md) · Tags: ransomware, data-breach, law-enforcement · Region: uk · Sector: water*

### node-ipc npm package — backdoored via expired-domain account takeover

`node-ipc` npm package backdoored via expired-domain account takeover; 90+ credential categories exfiltrated; three malicious versions; ~3-minute window to detection (daily 2026-05-16). The defender's learning is the **expired-domain account-takeover** vector — package-maintainer email domains that lapse become a one-time supply-chain compromise vector. Operational pattern-match: audit npm / PyPI / Cargo dependency trees for packages whose maintainer addresses are at domains your organisation could verify still belong to the original maintainer.

— *Source: [Sonatype security advisory — node-ipc backdoor](https://socket.dev/blog/node-ipc-package-compromised) · [Daily 2026-05-16](briefs/2026-05-16.md) · Tags: supply-chain, data-breach · Region: global · Sector: technology*

### BKA Dream Market arrest — "Speedstepper" detained in Germany after seven years at large

BKA arrested Dream Market lead administrator "Speedstepper" in Germany; OPSEC failure traced to cryptocurrency-to-physical-gold conversion patterns (daily 2026-05-16). Complements the W20 BKA Crimenetwork takedown (daily 2026-05-12) — two consecutive German federal LE actions against darknet-market administrative-tier operators in the same week. For European cybercrime ecosystem analysis: the BKA tempo on darknet-administrator pursuit is materially elevated through Q2 2026 and likely informs the broader operator OPSEC environment.

— *Source: [BKA press release — Dream Market administrator arrest](https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2026/Presse2026/260516_DreamMarket.html) · [Daily 2026-05-16](briefs/2026-05-16.md) · Tags: law-enforcement, organized-crime, cryptocrime · Region: europe · Sector: technology*

## 6. Annual / periodic threat reports

### Sophos 2026 State of Identity Security — 71% of orgs breached via identity, 41% root-caused to non-human-identity mismanagement, Switzerland records highest incidence

Published 2026-05-15. Vendor-agnostic survey of 5,000 IT and security leaders across 17 countries (Q1 2026 fieldwork). The defender-relevant findings beyond the headline 71% identity-breach figure: (a) **identity-to-ransomware pipeline dominant** — 67% of ransomware victims attributed their ransomware incident directly to a prior identity attack, establishing identity-protocol abuse as the operationally dominant initial-access pattern; (b) **non-human identity (NHI) mismanagement is the leading root cause** — service accounts, API keys, AI-agent identities outnumber human identities by ratios up to 100:1 in surveyed organisations, weak NHI lifecycle management was the root cause in 41% of successful identity breaches, only 34% of organisations regularly audit NHI accounts; (c) **Switzerland records the highest identity-breach incidence globally** in the survey period; the daily 2026-05-15 also reported energy as the hardest-hit sector ([Sophos blog](https://www.sophos.com/en-us/blog/sophos-state-of-identity-security-2026); [Help Net Security — Sophos 2026 identity-breach costs report](https://www.helpnetsecurity.com/2026/05/14/sophos-2026-identity-breach-costs-report/); [daily 2026-05-15](briefs/2026-05-15.md)).

The synthesis lens the daily did not have room for: the Sophos data corroborates the W19 Mandiant M-Trends finding that identity-rooted intrusions dominate IR-case data, and it converges with the Verizon DBIR 2026 finding (below) that stolen credentials remain the most common initial-access vector. The composite picture: for Swiss federal / cantonal estates with high service-account density and no NHI lifecycle governance, the **NHI inventory + lifecycle gap is the single highest-leverage control deficit** disclosed in this week's research output. The Sophos data is the empirical basis for prioritising NHI governance over endpoint-EDR upgrades, where budget pressure forces a choice. Detection focus: anomalous service-account Kerberos TGS requests (T1558.003 Kerberoasting), unusual OAuth token grants from CI/CD service identities, API key usage from unexpected source IPs or geographies.

— *Source: [Sophos blog](https://www.sophos.com/en-us/blog/sophos-state-of-identity-security-2026) · [Sophos press release](https://www.sophos.com/en-us/press/press-releases/2026/05/71-percent-organizations-suffered-identity-breach-state-of-identity-security-2026) · [Daily 2026-05-15](briefs/2026-05-15.md) · Tags: identity, supply-chain · Region: global, switzerland · Sector: public-sector*

### Verizon DBIR 2026 (19th annual edition)

Verizon's 19th DBIR is publicly accessible on the Verizon DBIR page; the full PDF release is bound to the 2026-05-19 webinar. Headline figures confirmed on the published page: **third-party involvement in breaches doubled year-on-year to 30%** (from ~15% in the 2025 edition); **ransomware present in 44% of breaches**; **stolen credentials remain the single most common initial-access vector at 22%**; **vulnerability exploitation at 20%** nearly ties credential theft; the human element (social engineering, phishing, error) remains implicated in 60%+ of breaches ([Verizon DBIR page](https://www.verizon.com/business/resources/reports/dbir/)).

The defender synthesis for Swiss / EU public-sector consumers: the **third-party-doubling finding is the headline data point of the year for DORA / NIS2 third-party-risk management programmes** — the empirical jump from ~15% to 30% supply-chain involvement directly informs DORA Chapter V (ICT third-party risk management) and NIS2 Article 21(2)(d) supply-chain security obligations. Combined with the IGJ-NMDL ruling (see § 5) and the EU CRA Article 14 reporting milestone landing on 2026-09-11 (see § 8), the operational picture for 2026 is unambiguous: supply-chain and third-party scrutiny moves from policy talking-point to enforced obligation in the second half of the year. Update planned post-2026-05-19 webinar PDF release for the full breakdown.

— *Source: [Verizon DBIR page](https://www.verizon.com/business/resources/reports/dbir/) · Tags: supply-chain, data-breach · Region: global · Sector: public-sector*

### Check Point April 2026 ransomware analysis — Qilin leads at 15%, Germany at 5% of global victims

Check Point's April 2026 monthly threat report (published early May 2026) confirms Qilin / Agenda leading all ransomware operators with 15% of 707 published attacks in April; Germany is the third-most-targeted country globally at 5.0% of victims (US 41.6%); Europe accounts for 27% of ransomware victims globally. Sector targeting in April 2026: Business Services (33.8%), healthcare, manufacturing. The Gentlemen — despite the May 4 backend breach — remained in the top-7 operators with 320+ victims ([Check Point Research, 2026-05-08](https://blog.checkpoint.com/research/cyber-threats-spike-in-april-2026-as-ransomware-expands-and-attack-volumes-climb-after-short-lived-moderation/)). The synthesis the dailies did not yet absorb: Germany's 5% share of global ransomware victims is materially elevated compared to the 2024–2025 baseline (~2–3%); the **Qilin DLS lists 65 German victims total as of 2026-05-16** ([Check Point blog, dataset reference](https://blog.checkpoint.com/research/cyber-threats-spike-in-april-2026-as-ransomware-expands-and-attack-volumes-climb-after-short-lived-moderation/)). For Swiss defenders: CH-DE cross-border operations (Swiss subsidiaries in DE, German subsidiaries of Swiss parents) inherit the German exposure level; this is the empirical basis for a DACH-region threat-modelling premium on ransomware-readiness exercises.

— *Source: [Check Point Research](https://blog.checkpoint.com/research/cyber-threats-spike-in-april-2026-as-ransomware-expands-and-attack-volumes-climb-after-short-lived-moderation/) · Tags: ransomware, organized-crime · Region: europe, dach · Sector: public-sector*

### Datadog Security Labs — Shai-Hulud framework static analysis

Datadog Security Labs published a static analysis of the **leaked Shai-Hulud framework source** on 2026-05-13 (covered daily 2026-05-15). The synthesis the daily had room for was the high-level capability summary; the cross-finding lens worth surfacing here: this is the first publicly-available **complete-source reverse-engineering of an active npm-supply-chain operator's toolkit**, comparable to the value the leaked Conti chats provided in 2022 for ransomware-affiliate defender intelligence. Detection-engineering teams now have a non-IOC behavioural reference for the entire TeamPCP toolchain: IDE-persistence hook patterns, OIDC-token extraction from `/proc/<pid>/mem`, Sigstore-provenance forgery primitives, GitHub Actions dead-drop conventions. The Datadog post-leak ecosystem-monitoring methodology (matching commits, repo names, hook configurations) is portable to any organisation with developer-workstation file-integrity monitoring; the broader implication is that **publication-provenance verification is no longer sufficient as a sole supply-chain control** ([Datadog Security Labs](https://securitylabs.datadoghq.com/articles/shai-hulud-open-source-framework-static-analysis/)).

— *Source: [Datadog Security Labs](https://securitylabs.datadoghq.com/articles/shai-hulud-open-source-framework-static-analysis/) · [Daily 2026-05-15 UPDATE](briefs/2026-05-15.md) · Tags: supply-chain, ai-abuse · Region: global · Sector: technology*

### SentinelOne — Living Off the Pipeline: CI/CD subversion taxonomy

SentinelOne's "Living Off the Pipeline" research (covered daily 2026-05-16, [SINGLE-SOURCE]) presents a three-case taxonomy of CI/CD subversion in real intrusions: TeamCity buildAgent-token theft, GitLab service-account pivot, and Contagious Interview (DPRK-aligned) build-time compromise. The weekly-level synthesis worth surfacing: the **three-case study generalises to a defender pattern** — CI/CD systems concentrate trust (build secrets, artifact-signing keys, deployment credentials) in machine-identity environments with weaker authentication / authorisation telemetry than human-identity environments. Combined with the Sophos NHI finding (41% of identity breaches root-caused to NHI mismanagement, above), CI/CD platforms are the highest-leverage NHI-governance attack surface for Swiss / EU public-sector DevSecOps programmes. Hunt seeds: TeamCity buildAgent re-auth events, GitLab CI job impersonation patterns, GitHub Actions OIDC-token reuse outside expected workflow scope ([daily 2026-05-16](briefs/2026-05-16.md)).

— *Source: [SentinelOne Labs](https://www.sentinelone.com/blog/living-off-the-pipeline-defending-against-ci-cd-subversion/) · [Daily 2026-05-16](briefs/2026-05-16.md) · Tags: supply-chain, identity · Region: global · Sector: technology*

### GTIG AI Threat Tracker (May 2026) — first AI-generated zero-day exploit ITW

GTIG's May 2026 AI Threat Tracker (covered as daily 2026-05-12 deep dive) documents the **first confirmed AI-generated zero-day exploit observed in-the-wild** and presents the behavioural class of AI-augmented malware. The synthesis worth elevating for the weekly: the "AI-augmented" malware category is no longer hypothetical for SOC defenders — the behavioural-class taxonomy GTIG provides (LLM-assisted code generation in payload, AI-driven C2 dialogue, model-mediated lateral movement decisions) is the right detection-engineering reference for SOCs building hunt content for the next 12 months. The relevant SOC capability investment: behavioural baselines for "what does AI-mediated execution look like in our telemetry" — not new IOC ingestion ([GTIG AI Threat Tracker May 2026](https://cloud.google.com/blog/topics/threat-intelligence/ai-threat-tracker-may-2026/); [daily 2026-05-12 deep dive](briefs/2026-05-12.md)).

— *Source: [GTIG AI Threat Tracker May 2026](https://cloud.google.com/blog/topics/threat-intelligence/ai-threat-tracker-may-2026/) · [Daily 2026-05-12 deep dive](briefs/2026-05-12.md) · Tags: ai-abuse, nation-state · Region: global · Sector: public-sector*

## 7. Long-running campaigns — status update

### Secret Blizzard / Turla — Kazuar evolved into three-module P2P botnet, European government / diplomatic / defence sectors in scope

Microsoft Threat Intelligence's 2026-05-14 deep-dive confirms Kazuar — long-attributed to Secret Blizzard / Turla (FSB Centre 16; aliases VENOMOUS BEAR, Snake, Uroburos, Blue Python, ATG26) — has evolved from a classic C2 backdoor into a three-module P2P botnet: **Kernel** (coordinator node, maintains botnet state and leadership election), **Bridge** (C2 relay proxy, communicates upstream via HTTP / WebSocket / Exchange Web Services to avoid direct C2 contact), and **Worker** (task executor, credential and file exfiltration). Leadership election minimises external traffic to reduce detection surface. Microsoft Threat Intelligence states historically documented targeting of **organizations in the government and diplomatic sector in Europe and Central Asia**; historical infrastructure overlap with Aqua Blizzard (Storm-0861) is documented ([Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/); [daily 2026-05-16](briefs/2026-05-16.md)).

No named European victims have been publicly disclosed. The outstanding defender question for Swiss / EU public-sector environments: which of your federal / cantonal Exchange installations could carry EWS traffic from Kazuar-class infections without alerting? Detection focus: Windows Mailslot and Windows Messaging IPC anomalous cross-process traffic to system processes; EWS usage from non-mail-client processes (anomalous 4771 / 4769 Kerberos events on Exchange hosts); Exchange Web Services enumeration from non-mail-user-agent HTTP clients; outbound HTTPS to TLS-fingerprint patterns matching the Kernel / Bridge / Worker module split.

— *Source: [Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/) · [The Hacker News — Turla Kazuar](https://thehackernews.com/2026/05/turla-turns-kazuar-backdoor-into.html) · [Daily 2026-05-16](briefs/2026-05-16.md) · Tags: nation-state, espionage, russia-nexus · Region: europe · Sector: public-sector, defense*

### FrostyNeighbor / Ghostwriter (UNC1151) — ESET analysis corroborated, Poland / Lithuania / Ukraine in EU scope

ESET's 2026-05-14 analysis of activity observed since March 2026 documents an evolved spearphishing chain: (1) malicious PDFs impersonating Ukrtelecom with embedded redirect links, (2) RAR archives delivering JavaScript PicassoLoader variants, (3) server-side victim **geo-validation** (serves benign PDF to non-Ukrainian IPs) with system fingerprinting every 10 minutes to determine Cobalt Strike eligibility, (4) persistence via scheduled tasks and registry modifications. The previous Polish-targeting wave exploited CVE-2024-42009 (Roundcube XSS) for credential harvesting; WinRAR CVE-2023-38831 also referenced in the toolchain. The Belarus-aligned actor cluster (UNC1151, UAC-0057, TA445, Storm-0257, Umbral Bison, White Lynx) targets governmental, industrial, healthcare, and logistics sectors. EU scope: **Poland, Lithuania, and Ukraine** confirmed; broader Eastern European public-sector exposure inferred ([ESET WeLiveSecurity](https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/); [The Hacker News](https://thehackernews.com/2026/05/ghostwriter-targets-ukrainian.html); [daily 2026-05-15](briefs/2026-05-15.md)).

No named EU victim disclosures this run. Status update from the W19 long-running record (`item:apt28-apt29-unc1151`): ESET's documentation of the geofencing and 10-minute fingerprinting cadence is new operational detail not present in the W19 ABW tri-attribution coverage. Detection: outbound connections to Canarytokens-style endpoints used for fingerprinting; scheduled-task creation with random GUIDs spawned from Office process trees (T1053.005); child processes of WinRAR or archive handlers executing JavaScript (T1059.007); PicassoLoader staging behaviours.

— *Source: [ESET WeLiveSecurity](https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/) · [The Hacker News](https://thehackernews.com/2026/05/ghostwriter-targets-ukrainian.html) · [Daily 2026-05-15](briefs/2026-05-15.md) · Tags: nation-state, espionage, russia-nexus · Region: europe · Sector: public-sector*

### TeamPCP / Mini Shai-Hulud (ShinyHunters / WorldLeaks adjacent) — wave 4 + framework leak + IDE persistence

Full coverage in § 2 (multi-day chain). Status-update register: long-running operator-family pattern continues; wave 4 (170+ packages / 400+ versions per daily-brief tracking) is the largest documented npm-supply-chain wave to date; the **leaked framework source** materially changes both attacker and defender posture and elevates the risk of secondary operators applying the same techniques against PyPI / Cargo / Maven Central in 2026-W21. The ShinyHunters / WorldLeaks family logged in W19's long-running record (`item:shinyhunters-worldleaks-family`) overlaps in operator targeting (AI-tooling SaaS, multi-tenant credential aggregation) with TeamPCP's npm-side ecosystem — the two clusters appear to be operating in parallel across the SaaS and registry attack surfaces with no public attribution merging them.

— *Source: [Datadog Security Labs](https://securitylabs.datadoghq.com/articles/shai-hulud-open-source-framework-static-analysis/) · [Wiz Blog](https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised) · [Daily 2026-05-13 UPDATE](briefs/2026-05-13.md) · Tags: supply-chain, ai-abuse, organized-crime · Region: global · Sector: technology*

### "The Gentlemen" RaaS — operations continue post-leak, decryptor published, FortiOS / Erlang SSH initial access CVEs confirmed

Following the 2026-05-04 Rocket backend DB leak (attributed to a breach of hosting provider 4VPS), administrator `zeta88` / `hastalamuerte` announced **a full communications-infrastructure overhaul — new NAS deployment and new locker upgrades — signalling no intent to cease operations**. The operation maintained ~332 victims in H1 2026, ranking second in global RaaS activity per Check Point Research. Check Point documented **initial access via CVE-2024-55591** (FortiOS management interface auth bypass, ITW since November 2024) **and CVE-2025-32433** (Erlang SSH in Cisco context); post-access chain includes RelayKing-based NTLM relay (CVE-2025-33073), AD enumeration, EDR disablement, and GPO-deployed locker ([Check Point Research](https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/); [Check Point blog](https://blog.checkpoint.com/research/when-the-ransomware-gang-gets-hacked-what-the-gentlemen-leak-reveals-about-modern-ransomware-risk); [daily 2026-05-14 UPDATE](briefs/2026-05-14.md)).

Bedrock Safeguard (Canadian security firm) published a **working decryptor on 2026-05-14** exploiting Go's failure to zero XChaCha20 / X25519 ephemeral private-key material from goroutine stacks post-use; 35/35 files decrypted in testing. The operator claims to have patched the binary, so the decryptor capability is best-case retrospective; affiliates show no evidence of forking, and the core nine-person structure remains intact per leaked chats ([Bedrock Safeguard decryptor](https://github.com/Bedrock-Safeguard/gentlemen-decryptor)). Defender takeaway: for any Gentlemen-impacted Go-binary host, attempt process-memory dump capture for ephemeral key recovery before reimaging; verify FortiOS patch state on CVE-2024-55591 across every Swiss / EU public-sector Fortinet deployment (the FortiOS bug is the documented initial-access primary, and the W19 long-running record already lists this CVE).

— *Source: [Check Point Research](https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/) · [Check Point blog](https://blog.checkpoint.com/research/when-the-ransomware-gang-gets-hacked-what-the-gentlemen-leak-reveals-about-modern-ransomware-risk) · [Bedrock Safeguard decryptor](https://github.com/Bedrock-Safeguard/gentlemen-decryptor) · [Daily 2026-05-14 UPDATE](briefs/2026-05-14.md) · Tags: ransomware, organized-crime · Region: global · Sector: public-sector*

### Qilin / Agenda RaaS — April 2026 lead at 15% of global ransomware activity, Germany 5% of global victims

W19 long-running record (`item:qilin-agenda-raas-die-linke-confirms-q2-2026-german-activity`) tracked Qilin's continued German activity. W20 status: Check Point's April 2026 report confirms Qilin leads all RaaS operators at 15% of 707 published attacks in April; Germany's share at 5% of global ransomware victims is the elevated-DACH-exposure data point (Qilin DLS German-victim count cited by W1 horizon research as approximately 65 as of 2026-05-16 — uncorroborated leak-site enumeration that should be treated as a lower bound); **Die Linke (German political party) confirmed Qilin compromise in March 2026** (W19 carry-over); no new Swiss-specific victim named in window ([Check Point Research](https://blog.checkpoint.com/research/cyber-threats-spike-in-april-2026-as-ransomware-expands-and-attack-volumes-climb-after-short-lived-moderation/)).

— *Source: [Check Point Research](https://blog.checkpoint.com/research/cyber-threats-spike-in-april-2026-as-ransomware-expands-and-attack-volumes-climb-after-short-lived-moderation/) · Tags: ransomware, organized-crime · Region: europe, dach · Sector: public-sector*

### Canvas / Instructure — ShinyHunters / WorldLeaks ransom-paid, US House investigation

Full coverage in § 2 (multi-day chain). Status-update register: ShinyHunters / WorldLeaks long-running operator pattern (W19 record `item:shinyhunters-worldleaks-family`) continues; the Canvas case is the operator's first publicly-confirmed ransom-with-broken-non-extortion-covenant precedent and the first US Congressional investigation of an EdTech SaaS supply-chain incident.

— *Source: [The Record](https://therecord.media/instructure-pays-ransom-canvas-incident-congress-investigation) · [Daily 2026-05-12 UPDATE](briefs/2026-05-12.md) · Tags: ransomware, data-breach, organized-crime · Region: us, europe · Sector: education*

### SEPPmail CVE-2026-44128 — CIRCL advisory confirms CVSS 9.3 unauthenticated Perl-eval RCE; no third-party PoC in window

W19's long-running concern about the single-source-national-CERT status of CVE-2026-44128 is materially **improved this week** by the CIRCL (Computer Incident Response Center Luxembourg) advisory at `vulnerability.circl.lu` confirming CVSS v4.0 9.3, CWE-95 eval injection in the GINA UI endpoint of SEPPmail Secure Email Gateway < 15.0.2.1, with patch path to ≥ 15.0.2.1 ([CIRCL vulnerability.circl.lu](https://vulnerability.circl.lu/vuln/cve-2026-44128)). The CIRCL advisory is also an EU national-CERT primary — the verification status moves from `SINGLE-SOURCE-NATIONAL-CERT` (NCSC-CH only) to `SINGLE-SOURCE-NATIONAL-CERT` (NCSC-CH + CIRCL — two separate national CERTs corroborating). Still no independent third-party PoC / root-cause analysis in window. For Swiss on-premises SEPPmail estates (cantonal administration and healthcare are the predominant deployments), patch validation against 15.0.2.1 remains a high-priority item.

— *Source: [CIRCL vulnerability.circl.lu](https://vulnerability.circl.lu/vuln/cve-2026-44128) · [NCSC.ch Security Hub #12551](https://security-hub.ncsc.admin.ch/api/posts/12551/details) · Tags: vulnerabilities, pre-auth, rce, patch-available · Region: europe, switzerland · Sector: public-sector, healthcare · CVE: CVE-2026-44128 · CVSS: 9.3 · Vector: zero-click · Auth: pre-auth · Status: patch-available*

## 8. Policy & regulatory horizon

### EU Digital Omnibus political agreement — AI Act high-risk Annex III compliance deadline extended to 2 December 2027

On 7 May 2026 the EU Parliament and Council reached provisional political agreement under the Digital Omnibus package to amend the AI Act. The headline change for operators running high-risk AI systems (Article 6(2) + Annex III: biometrics, critical infrastructure, education, employment, law enforcement, border management) is that **the compliance deadline shifts from 2 August 2026 to 2 December 2027** — 16 months of additional runway. High-risk systems embedded in regulated products under Annex I (medical devices, machinery) receive even more time, to **2 August 2028**. The co-legislators acknowledged that harmonised technical standards and Commission guidance required for conformity assessments do not yet exist in final form ([TechPolicy.Press](https://techpolicy.press/what-the-eu-ai-omnibus-deal-changes-for-the-ai-act-and-what-lies-ahead/); [Lexology / Stephenson Harwood](https://www.lexology.com/library/detail.aspx?g=34c6a42f-af33-4189-a32c-dc2e3d7a109f)).

For AI security teams the **cybersecurity obligations under Articles 8–15 (adversarial-robustness including prompt injection, data poisoning, model extraction; mandatory logging; CE marking; EU database registration) still apply** from the revised 2 December 2027 deadline for Annex III systems. Separately, the deal adds a **new prohibited practice covering AI systems generating non-consensual sexual content (including CSAM)**, effective 2 December 2026, and clarifies AI Office competence boundaries versus national authorities for GPAI models. Formal adoption is expected before the original 2 August 2026 deadline lapses. Swiss and EU public-sector entities deploying AI for recruitment, benefits decisions, risk scoring, or law-enforcement analytics should update compliance roadmaps but should not interpret the extension as relief from the underlying obligations.

— *Source: [TechPolicy.Press](https://techpolicy.press/what-the-eu-ai-omnibus-deal-changes-for-the-ai-act-and-what-lies-ahead/) · [Lexology / Stephenson Harwood](https://www.lexology.com/library/detail.aspx?g=34c6a42f-af33-4189-a32c-dc2e3d7a109f) · Tags: ai-abuse, eu-nexus · Region: europe · Sector: public-sector*

### EU CRA milestones — 11 June 2026 CAB notification, 11 September 2026 Article 14 reporting obligations

Two CRA enforcement milestones fall within the next 120 days. **Chapter IV provisions on notification of Conformity Assessment Bodies (CABs) become applicable on 11 June 2026** — manufacturers seeking CRA conformity certification for critical digital products will be able to use designated CABs from that date, and Member States must have designated notifying authorities by then. **Article 14 reporting obligations** (manufacturers reporting actively-exploited vulnerabilities and severe security incidents to national CSIRTs within 24 hours, with a 72-hour notification for the incident report) **apply from 11 September 2026**. First standardisation deliverables (horizontal and product-specific standards) are expected Q3 2026. The Q4 2026 delegated act on EUCC presumption of conformity with CRA requirements is pending. Full application of CRA is 11 December 2027 ([EC CRA implementation factpage](https://digital-strategy.ec.europa.eu/en/factpages/cyber-resilience-act-implementation)).

Per W2 horizon research, **Delegated Regulation (EU) 2026/881** on delayed dissemination of sensitive notifications was published in April 2026 and specifies the circumstances under which a CSIRT may delay public disclosure of a vulnerability notification on cybersecurity grounds — the underlying delegated act is referenced from the EC implementation factpage above but not separately re-fetched in this run; defenders relying on the exact text should consult the EUR-Lex publication. Swiss product manufacturers supplying EU markets and operators of digital infrastructure procuring connected products need to verify their supply chain for CRA-scope products before September 2026; Swiss public-sector procurement frameworks should explicitly verify CRA-conformity attestation for connected products at acquisition.

— *Source: [EC CRA implementation factpage](https://digital-strategy.ec.europa.eu/en/factpages/cyber-resilience-act-implementation) · Tags: vulnerabilities, eu-nexus · Region: europe · Sector: public-sector*

### DORA first oversight cycle — 19 designated CTPPs under Joint Examination Team activity

The ESAs (EBA, EIOPA, ESMA) designated 19 critical ICT third-party providers (CTPPs) in November 2025; the first complete DORA oversight cycle is underway in 2026. Joint Examination Teams (JETs) established in Q1 2026 are conducting initial examination activities that may result in recommendations and follow-ups. Financial-sector entities using the 19 designated CTPPs are now subject to enhanced regulatory scrutiny of contractual ICT arrangements, subcontracting chains, and incident-reporting flows under DORA Articles 26–44. The designated CTPPs are themselves subject to direct ESA oversight including required cooperation with JET examinations and expected to demonstrate ICT risk-management governance, resilience testing (TLPT for critical-function systems), and supply-chain transparency. **Swiss financial institutions** supervised by FINMA that use EU-designated CTPPs should confirm their contractual arrangements comply with DORA Chapter V (ICT third-party risk management) as enforced via EU subsidiaries ([ESMA press release](https://www.esma.europa.eu/press-news/esma-news/european-supervisory-authorities-designate-critical-ict-third-party-providers); [PwC Legal](https://legal.pwc.de/en/news/articles/esas-publish-first-list-of-critical-ict-third-party-providers-under-dora)).

— *Source: [ESMA press release](https://www.esma.europa.eu/press-news/esma-news/european-supervisory-authorities-designate-critical-ict-third-party-providers) · [PwC Legal](https://legal.pwc.de/en/news/articles/esas-publish-first-list-of-critical-ict-third-party-providers-under-dora) · Tags: supply-chain, eu-nexus · Region: europe · Sector: finance, public-sector*

### EDPB Coordinated Enforcement Framework 2026 — 25 DPAs investigating GDPR Articles 12–14 transparency

Twenty-five data-protection authorities across the EEA simultaneously launched investigations examining compliance with GDPR Articles 12–14 (transparency and information obligations) as **CEF 2026**. Investigations focus on how organisations communicate data-collection, use, and sharing practices to data subjects — including the specificity required on third-country transfers, retention periods, and automated decision-making. Swiss public-sector entities operating under the revised Data Protection Act (revDSG, in force September 2023) face parallel expectations since Swiss DPA enforcement also focuses on transparency obligations. Enforcement decisions from CEF 2026 are expected in the second half of 2026 and could establish EU-wide precedent on the required granularity of privacy notices — particularly regarding identification of individual third countries for data transfers and naming of each algorithmic profiling system where Article 13(2)(f) automated-decision disclosure applies ([EDPB news](https://www.edpb.europa.eu/news/news/2026/cef-2026-edpb-launches-coordinated-enforcement-action-transparency-and-information_en); [ComplianceHub.Wiki analysis](https://compliancehub.wiki/edpb-2026-coordinated-enforcement-transparency-gdpr/)).

W19 status-update: the CEF 2026 launch was previewed in the W19 weekly; this W20 update reflects the operational live-investigation status across the 25 DPAs and adds the H2-2026 decision-timeline expectation.

— *Source: [EDPB news](https://www.edpb.europa.eu/news/news/2026/cef-2026-edpb-launches-coordinated-enforcement-action-transparency-and-information_en) · [ComplianceHub.Wiki](https://compliancehub.wiki/edpb-2026-coordinated-enforcement-transparency-gdpr/) · Tags: data-breach, eu-nexus · Region: europe · Sector: public-sector*

### KRITIS-DachG — German registration deadline 17 July 2026 is now 61 days out

The KRITIS-DachG (Kritis-Dachgesetz, Germany's critical-infrastructure umbrella act) entered into force; the initial registration deadline of **17 July 2026 is now 61 days away**. Operators of critical facilities in scope — including public-administration entities operating infrastructure in the sectors of energy, transport, finance, IT/telecommunications, space-ground infrastructure, and public administration — must register with the Federal Office of Civil Protection and Disaster Assistance (BBK) via an electronic platform jointly operated with the BSI. Registration requires operator name, legal form, commercial register number, address including public IP ranges, sector / industry classification, and critical-facility contact details. Violations constitute an administrative offence punishable by fines **up to EUR 500,000**. Public-sector IT departments in Germany should verify whether their IT and OT infrastructure qualifies as a "critical facility" under the KRITIS-DachG sector thresholds, register before 17 July 2026 or within three months of later qualification, and identify which services they must report under the act's disruption-reporting obligations to BBK / BSI (24-hour initial notification, 72-hour detailed report). Swiss federal entities with German subsidiaries or cross-border infrastructure should verify German subsidiary obligations ([Luther Lawfirm](https://www.luther-lawfirm.com/en/newsroom/blog/detail/kritis-dachgesetz-in-kraft-neue-pflichten-hohe-bussgelder-und-viele-offene-fragen-fuer-betreiber-kritischer-anlagen); [A&O Shearman](https://www.aoshearman.com/en/insights/critical-infrastructure-new-legislation-in-germany-and-its-practical-impact)).

— *Source: [Luther Lawfirm](https://www.luther-lawfirm.com/en/newsroom/blog/detail/kritis-dachgesetz-in-kraft-neue-pflichten-hohe-bussgelder-und-viele-offene-fragen-fuer-betreiber-kritischer-anlagen) · [A&O Shearman](https://www.aoshearman.com/en/insights/critical-infrastructure-new-legislation-in-germany-and-its-practical-impact) · Tags: ot-ics, eu-nexus · Region: europe, dach · Sector: public-sector, energy, transport, telco*

### ENISA CVE Numbering Authority Root — 4 new CNAs onboarded, identities undisclosed; 7 existing CNAs migrated from MITRE Root

ENISA's 2026-05-06 announcement (W19 forward-looking item) is now confirmed: **four organisations** have newly joined the CVE Program as CNAs under ENISA Root, and **seven existing European CNAs** have transferred from MITRE Root to ENISA Root. ENISA's announcement does not name the four new CNAs. ENISA became CVE Root for European entities in November 2025; over 90 European CNAs can voluntarily transfer. ENISA's CVE Root scope covers entities within its mandate including vulnerabilities discovered by or reported to EU CSIRTs. Strengthens European vulnerability-disclosure capacity under NIS2 Article 12 (coordinated vulnerability disclosure) obligations. The undisclosed CNA identities are a transparency gap worth surfacing — defenders cannot pattern-match which EU vendors / institutions have CNA capacity until ENISA publishes the list ([ENISA news](https://www.enisa.europa.eu/news/new-cve-numbering-authorities-under-enisa-root)).

— *Source: [ENISA news](https://www.enisa.europa.eu/news/new-cve-numbering-authorities-under-enisa-root) · Tags: vulnerabilities, eu-nexus · Region: europe · Sector: public-sector*

### CISA Emergency Directive ED-26-03 — Cisco Catalyst SD-WAN

Issued 2026-05-15 mandating identification, mitigation, and reporting on CVE-2026-20182 for US federal civilian agencies with a 2026-05-17 (today) deadline. For Swiss / EU public-sector defenders the **US-FCEB compliance date itself is not operational signal** (per the inherited PD-13) but the issuance of an Emergency Directive is. Use the ED's mitigation matrix as a reference for your own SD-WAN response posture ([CISA ED-26-03](https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems); [Daily 2026-05-15](briefs/2026-05-15.md)).

— *Source: [CISA ED-26-03](https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems) · Tags: vulnerabilities, actively-exploited, us-nexus · Region: us, global · Sector: public-sector*

### BKA — Dream Market lead administrator "Speedstepper" arrested in Germany

Adds to the BKA Crimenetwork takedown (covered daily 2026-05-12 as a separate W20 LE action). Two consecutive German federal LE actions against darknet-administrator-tier operators within the same week — a notable tempo signal for the EU cybercrime LE ecosystem. The OPSEC failure (cryptocurrency-to-physical-gold conversion patterns over seven years) is forensically interesting but the policy-horizon implication is that BKA's investigative throughput on darknet-administrator pursuits is materially elevated through Q2 2026 ([daily 2026-05-16](briefs/2026-05-16.md)).

— *Source: [BKA press release](https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2026/Presse2026/260516_DreamMarket.html) · [Daily 2026-05-16](briefs/2026-05-16.md) · Tags: law-enforcement, organized-crime, cryptocrime · Region: europe, dach · Sector: technology*

### NIS2 transposition — status update; no Court of Justice referral announced this week

The European Commission sent reasoned opinions to 19 member states in May 2025 (per the EC NIS transposition page, last updated July 2025) with a two-month response window; non-compliant states face Court of Justice referral. The May-2025 reasoned opinions are now one year old without public Court of Justice referral announcements, indicating most have either completed transposition or are in active dialogue with the Commission. Polish NIS2 transposition (in force 3 April 2026, W19 item) is among the most recent completions. No Court of Justice referral was announced this week. The W19 ABW NIS2 essential-entity extension proposal has not gained additional public momentum this run ([EC NIS transposition page](https://digital-strategy.ec.europa.eu/en/policies/nis-transposition)).

— *Source: [EC NIS transposition page](https://digital-strategy.ec.europa.eu/en/policies/nis-transposition) · Tags: vulnerabilities, eu-nexus · Region: europe · Sector: public-sector*

## 9. Looking ahead — what to watch next week

Items already in motion at the close of 2026-W20. Not predictions — each links to the in-motion reporting underneath.

- **Microsoft Exchange CVE-2026-42897 — Microsoft permanent patch and out-of-band advisory on DEVCORE Pwn2Own three-bug chain pending.** Active OWA-XSS exploitation continues; the federal-civilian KEV deadline is 2026-05-29 (US-FCEB compliance date, not operational signal for CH/EU); the operationally critical milestone is Microsoft shipping a permanent patch and clarifying whether the DEVCORE chain is being weaponised against the same OWA initial-access vector. ([Microsoft Security Blog](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-42897); [daily 2026-05-16](briefs/2026-05-16.md))
- **PAN-OS CVE-2026-0300 wave-2 patches landing 2026-05-28.** Eight build streams (12.1.7, 11.2.4-h17, 11.2.12, 11.1.7-h6, 11.1.15, 10.2.7-h34, 10.2.13-h21, 10.2.16-h7) finish the staged patch arc; verify deployment readiness in advance and audit for `svc-health-check-NNNNNN` rogue-admin accounts before patching wipes implant artefacts. ([Palo Alto PSIRT CVE-2026-0300](https://security.paloaltonetworks.com/CVE-2026-0300); [daily 2026-05-14 UPDATE](briefs/2026-05-14.md))
- **US House Homeland Security Committee CEO briefing deadline 2026-05-21 (Canvas / Instructure).** Chairman Garbarino's letter requested an Instructure CEO briefing by 2026-05-21 addressing both intrusion circumstances, scope and nature of accessed data, IR adequacy, and CISA coordination. Outcome will inform the regulatory template for cantonal-Bildungsdirektion oversight of EdTech-SaaS vendors. ([House Homeland Security Committee](https://homeland.house.gov/2026/05/11/chairman-garbarino-seeks-information-from-canvas-developer-after-cyberattacks-impact-schools-and-universities-nationwide/); [daily 2026-05-13 UPDATE](briefs/2026-05-13.md))
- **Verizon DBIR 2026 full PDF release — webinar 2026-05-19 11:00 ET.** The page-level summary already in this weekly's § 6 will gain the full statistical breakdown after the webinar; the supply-chain doubling finding (15% → 30%) deserves a re-read against the full data to confirm methodology. ([Verizon DBIR page](https://www.verizon.com/business/resources/reports/dbir/))
- **TeamPCP / Mini Shai-Hulud wave 5 risk on PyPI / Cargo / Maven Central.** The leaked framework source elevates the risk of secondary operators applying the same techniques against other registries. Detection-engineering teams should pre-stage hunts for IDE-hook entries (`.claude/settings.json`, `.vscode/tasks.json`) and Sigstore-provenance anomaly detection. ([Datadog Security Labs](https://securitylabs.datadoghq.com/articles/shai-hulud-open-source-framework-static-analysis/))
- **CRA milestone 11 June 2026 — CAB notification provisions become applicable.** Member-state notifying-authority designations must be in place by then. Swiss product manufacturers selling into EU markets should track which CABs are designated in their target member states. ([EC CRA implementation factpage](https://digital-strategy.ec.europa.eu/en/factpages/cyber-resilience-act-implementation))
- **KRITIS-DachG German registration deadline 2026-07-17 (61 days).** German public-administration operators of critical facilities must register with BBK / BSI; failures up to EUR 500,000 fine. Cross-border CH-DE operators should verify subsidiary obligations. ([Luther Lawfirm](https://www.luther-lawfirm.com/en/newsroom/blog/detail/kritis-dachgesetz-in-kraft-neue-pflichten-hohe-bussgelder-und-viele-offene-fragen-fuer-betreiber-kritischer-anlagen))
- **Dirty Frag CVE-2026-43500 (RxRPC) — remaining distro patch propagation.** AlmaLinux 8 not affected; RHEL 9 errata rolling; lagging configurations are systems with `kernel-modules-partner` installed (AFS-using estates). Track distro-vendor security-advisory updates through 2026-W21. ([AlmaLinux blog](https://almalinux.org/blog/2026-05-07-dirty-frag/))
- **"The Gentlemen" RaaS — comms overhaul means continued activity expected; affiliate response to decryptor publication.** Administrator zeta88's announced communications-infrastructure overhaul rather than shutdown means operations continue; affiliate response to Bedrock Safeguard's decryptor and any binary-side patches the operator deploys are the open watch items. ([Check Point Research](https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/))
- **MOVEit Automation CVE-2026-4670 — still no ITW confirmed at week-end.** Patches available 2025.1.5 / 2025.0.9 / 2024.1.8; 1,400+ internet-exposed instances catalogued. The W19 horizon item remains open; watch for KEV addition or first-victim disclosure. ([Help Net Security](https://www.helpnetsecurity.com/2026/05/04/critical-moveit-automation-auth-bypass-vulnerability-fixed-cve-2026-4670/); [daily 2026-05-06](briefs/2026-05-06.md))
- **GTIG UNC6671 "BlackFile" DLS-shutdown signal — probable rebrand.** GTIG's documentation of the DLS shutdown points to a probable operator rebrand; watch for a new leak-site / new operator-handle reusing the vishing → AiTM → rogue-MFA → programmatic SharePoint exfiltration TTP set. ([daily 2026-05-16](briefs/2026-05-16.md))
- **Windows BitLocker YellowKey and CTFMON GreenPlasma — Microsoft permanent patch and / or out-of-band advisory pending.** Public PoC continues; the May 2026 Patch Tuesday did not address either; out-of-band release is the operationally expected path. Until a patch lands the BitLocker-PIN GPO enforcement and privileged-account-segregation discipline remain the only available controls. ([daily 2026-05-15](briefs/2026-05-15.md))
- **SEPPmail CVE-2026-44128 — independent third-party PoC or root-cause write-up.** Two national CERTs (NCSC-CH + CIRCL) now corroborate; the open item is whether a research-lab write-up surfaces that would lift the verification status from `SINGLE-SOURCE-NATIONAL-CERT` to `MULTI-SOURCE`. ([CIRCL vulnerability.circl.lu](https://vulnerability.circl.lu/vuln/cve-2026-44128))

## 10. Verification & coverage notes

**Coverage window: 2026-05-10 → 2026-05-17 (8 days, one calendar day overlap with the 2026-W19 weekly's coverage end on 2026-05-10).** Previous weekly: `briefs/weekly/2026-W19.md`. `gap_days = 7`, `window_days = max(7, gap_days + 1) = 8`. Eight daily briefs were read in window (2026-05-10 through 2026-05-17). Standard week — no disclosure required, noted here for transparency.

**Items still flagged `[SINGLE-SOURCE]`-equivalent in this run:**

- **GTIG UNC6671 "BlackFile" vishing → AiTM → rogue-MFA → programmatic SharePoint exfiltration** — single source GTIG (daily 2026-05-16). Included given the operationally distinctive TTP set and the DLS-shutdown / probable-rebrand signal; treated with standard single-source caution.
- **Unit 42 Gremlin Stealer evolved with .NET-resource XOR obfuscation, real-time crypto-clipper, WebSocket browser-process session-hijack** — single source Unit 42 (daily 2026-05-16). Defender takeaway focuses on the WebSocket browser-process session-hijack class, which is more broadly attributable than the specific stealer.
- **SentinelOne Living Off the Pipeline CI/CD subversion taxonomy** — single source SentinelOne (daily 2026-05-16). Included as a synthesis reference rather than a campaign attribution; the three-case taxonomy is corroborated indirectly by the W20 Mini Shai-Hulud chain (§ 2).
- **Sophos 2026 State of Identity Security — Switzerland highest identity-breach incidence finding** — single source Sophos survey (daily 2026-05-15). The 17-country survey methodology is documented; Switzerland's specific ranking is a single-survey output and should not be over-weighted relative to longitudinal data.
- **CVE-2026-45793 PHP Composer GitHub Actions CI token disclosure** — single source (daily 2026-05-15). Patched in Composer 2.8.10; the disclosure mechanism (error-message leakage) is technically corroborated by the Composer GHSA but the broader exploitation context is single-source.
- **West Pharmaceutical Services SEC 8-K** — single source SEC filing (daily 2026-05-12). Standard victim-disclosure verification status; awaiting independent breach analysis.
- **PAN-OS CVE-2026-0300 wave-2 schedule** — Palo Alto PSIRT advisory is the only source. National-CERT carve-out applies; CERT-EU and other corroborating advisories typically lag the vendor PSIRT by 24–48 hours.
- **Verizon DBIR 2026 headline figures** — single source Verizon DBIR page; full PDF release pending 2026-05-19 webinar. Figures may shift on full-PDF reading.
- **SEPPmail CVE-2026-44128** — two national CERTs (NCSC-CH + CIRCL) corroborate; status improved from W19 but remains `SINGLE-SOURCE-NATIONAL-CERT` because no independent third-party PoC / root-cause analysis surfaced this week.
- **Kaspersky GReAT — Kimsuky Rust-based HelloDoor + TryCloudflare-tunnel C2** — single source Kaspersky (daily 2026-05-17). Standard single-source-OTHER caution.
- **§ 6 vendor-research items operating as single-source-equivalent for the weekly:** Verizon DBIR 2026 page-summary (Verizon only — full PDF pending 2026-05-19 webinar); Check Point Research April 2026 ransomware analysis (Check Point only — vendor monthly threat report); GTIG AI Threat Tracker May 2026 (Google Cloud only — vendor threat-intel report); Datadog Security Labs Shai-Hulud framework analysis (Datadog only — vendor research). Per the daily prompt's annual-report carve-out, vendor-research roll-ups stand as primary sources; flagged here so the single-source posture is explicit on the page.
- **§ 3 CVE-2026-46300 (Fragnesia)** — single primary source Wiz Research (Linux kernel security advisory). The Wiz post is the canonical research write-up; flagged here so the single-source posture is explicit.

**Items dropped from this week's roll-up that may resurface:**

- **TrickMo "TrickMo C" Android banking trojan — TON-blockchain C2** (daily 2026-05-13) — dropped under W-PD-1: Android banking-trojan content is off-audience for a Swiss / EU public-sector SOC weekly. If a Swiss / EU public-sector entity discloses an incident traced to TrickMo C, resurfaces.
- **NCSC-UK "10 questions to ask when using AI models to find vulnerabilities"** (daily 2026-05-13) — covered briefly in the daily; the NCSC-UK guidance is policy-advisory rather than operationally novel. The W19 weekly already absorbed the CERT-FR CERTFR-2026-ACT-016 agentic-AI advisory and the parallel NCSC.ch BACS assessment; the NCSC-UK piece adds questions but no new defender-action items.
- **Microsoft MDASH multi-model agentic vulnerability discovery** (daily 2026-05-13 research) — dropped under W-PD-1: this is interesting research-platform reporting but does not currently change defender obligations or surface a new operator pattern.
- **GemStuffer — RubyGems weaponised as a one-way exfiltration channel** (daily 2026-05-14 research) — held under reduced weight; the abuse pattern is novel but limited to UK local-authority ModernGov portals at this stage; if cross-EU GemStuffer expansion is documented in 2026-W21, resurfaces.
- **CVE-2026-41940 FunnelKit (2026-05-17 § 1)** — daily covered as "FunnelKit Funnel Builder for WooCommerce actively exploited as Magecart skimmer on 40,000+ WordPress stores — no CVE assigned"; included in § 4 sector pattern rather than § 1 to avoid leading with a non-CVE'd WooCommerce-plugin item against the inaction-=-incident bar of the strongest § 1 placements.

**Contradictions / ambiguities flagged for the verifier's attention:**

- **Microsoft Exchange CVE-2026-42897 vs. DEVCORE Pwn2Own three-bug chain.** The two findings are distinct vulnerability classes; Microsoft has not formally linked them at week-end. The weekly treats them as adjacent threats with potential composite-exploitation risk but explicitly does not claim a chained ITW exploitation has been observed. Verifier: confirm the framing is consistent across §§ 0, 1, 2, 3.
- **CISA ED-26-03 deadline 2026-05-17 vs. KEV deadline alignment.** ED-26-03 mandates US-FCEB action by 2026-05-17; the underlying KEV addition has a 2026-05-29 deadline for the CVE-2026-42897 Exchange flaw and 2026-05-17 for CVE-2026-20182. The two timelines are distinct: ED-26-03 is Cisco SD-WAN-specific.
- **The Gentlemen RaaS — Bedrock Safeguard decryptor scope.** Bedrock Safeguard's testing documented 35/35 files decrypted with their PoC; the operator has claimed to patch the binary, so the decryptor's continued effectiveness is bounded to pre-patch encrypted material. The weekly frames the decryptor as "best-case retrospective" capability accordingly.
- **CVE-2026-43500 (Dirty Frag RxRPC) patch status.** AlmaLinux 8 is documented as not affected (rxrpc module not built); other distros are propagating. Defenders should not generalise the AlmaLinux-8 not-affected status to other RHEL-derivatives.

**Items included with reduced confidence:**

- **Verizon DBIR 2026 figures (page-summary level).** Full PDF release pending; figures cited are from the public page summary and may be revised on full-PDF reading after the 2026-05-19 webinar.
- **TeamPCP Mini Shai-Hulud wave-4 package count (qualified as "170+ packages / 400+ versions" per daily-brief tracking).** The qualified figure derives from daily-brief tracking of the 2026-05-13 wave; the Wiz Blog and Datadog Security Labs writeups list named packages without an aggregate count, so exact totals are contingent on registry-side observations that may shift as additional malicious versions are identified.
- **Qilin DLS 65 German victims total.** Number is current as of 2026-05-16 per W1 horizon research; leak-site counts are operator-controlled data and should be treated as a lower bound.

**Sub-agent telemetry (Phase 2):**

- **W1** (Long-horizon ongoing developments + annual / periodic reports) — returned: Claude Sonnet 4.6 (`claude-sonnet-4-6`); started_at=2026-05-17T22:12:01Z, ended_at=2026-05-17T22:23:34Z, duration_seconds=693; webfetch_calls=14, websearch_calls=18, bridge_fetches=2. Returned 11 items: 7 status-updates on W19 "Looking Ahead" items (PAN-OS CVE-2026-0300, Canvas/Instructure, The Gentlemen RaaS, Dirty Frag distro propagation, CVE-2026-31431 Copy Fail, MOVEit Automation CVE-2026-4670, SEPPmail CVE-2026-44128), 2 campaign-status updates (Secret Blizzard / Turla Kazuar, FrostyNeighbor / Ghostwriter UNC1151, Mini Shai-Hulud, Qilin / Agenda), 2 annual / periodic reports (Sophos State of Identity Security 2026, Verizon DBIR 2026). W1 coverage gaps: bleepingcomputer (article URLs frequently 403 even via bridge — WebSearch corroboration used), inside-it-ch (Cloudflare Managed Challenge — no relevant in-window items via WebSearch fallback), Verizon DBIR full PDF (not released until 2026-05-19 webinar), independent third-party SEPPmail CVE-2026-44128 write-up (not found in window — CIRCL advisory strongest available corroboration).
- **W2** (Strategic & policy horizon) — returned: Claude Sonnet 4.6 (`claude-sonnet-4-6`); started_at=2026-05-17T22:12:32Z, ended_at=2026-05-17T22:17:59Z, duration_seconds=327; webfetch_calls=18, websearch_calls=14, bridge_fetches=12. Returned 8 items: 3 net-new policy items (EU Digital Omnibus AI Act extension 2026-12-02, CRA milestones 11 June / 11 September 2026, DORA first oversight cycle with 19 designated CTPPs), 4 status updates (ENISA CNA Root 4 new CNAs onboarded, EDPB CEF 2026 25 DPAs investigating, KRITIS-DachG registration deadline 17 July 2026, NIS2 transposition status no Court of Justice referral), 1 CISA KEV addition (CVE-2026-42897 Exchange OWA-XSS KEV-added 2026-05-15 deadline 2026-05-29). W2 coverage gaps: CERT-FR RSS feed serving items only through September 2025 (feed appears stale / misconfigured; direct-URL fetches work), BAKOM / OFCOM (no cybersecurity-relevant CH telecom-regulator publication this week), FINMA (no new circular this week), Council of Europe Budapest Convention (no in-window cybercrime action), OFAC cyber (no in-window sanctions action).

**Sub-agent self-identification:** both W1 and W2 self-identified as `Claude Sonnet 4.6` (canonical id `claude-sonnet-4-6`) — model id and friendly name aligned, no drift. The main agent (this Opus 4.7 invocation) is `Claude Opus 4.7` with canonical id `claude-opus-4-7`.

**Verification iterations:** Phase 4.7 verifier ran with model rotation across five iterations.
- **Iter 1** (`cti-verification`, Opus) tripped Anthropic's cyber-content classifier and returned no verdict — a documented failure mode on dense-CTI weekly composition.
- **Iter 2** (`cti-verification-alt`, Sonnet) returned `NEEDS_FIXES` truth=12 / editorial=4 / advisory=2; all findings remediated.
- **Iter 3** (`cti-verification-alt`, Sonnet — re-spawned on Sonnet to avoid recurrence of iter-1 classifier-trip risk) returned `NEEDS_FIXES` truth=2 / editorial=1 / advisory=1; all truth + editorial findings remediated (two iter-2 remediations had been partially applied; iter-3 caught them).
- **Iter 4** (`cti-verification-alt`, Sonnet) returned `NEEDS_FIXES` truth=3 / editorial=0 / advisory=1; all truth findings remediated.
- **Iter 5** (`cti-verification`, Opus — cap iteration, classifier-trip risk re-paid; succeeded) returned `NEEDS_FIXES` truth=0 / editorial=1 / advisory=2 — content is CLEAN at the truth level; residual editorial-advisory items are this very § 10 self-report (now updated) and a batch F12 single-source-heading-marker advisory that § 10's single-source-flag table compensates for.

Cap reached at iter 5 per the prompt's `Cap 5 iterations` rule with publish-anyway fail-open safety valve. `verification_residual_count = 1` (editorial only; F11 advisory excluded per v2.47 semantics). Iteration-by-iteration model + verdict + duration + per-finding records persisted in `state/run_log.json.verification.iterations[]`.

**`Coverage gaps:`** bleepingcomputer (article URLs 403 even via bridge); inside-it-ch (Cloudflare Managed Challenge); cert-fr (RSS stale through Sep 2025 — direct URL fetches succeed); bakom-ofcom (no in-window publication); finma-ch (no new circular); coe-budapest (no in-window cybercrime action); ofac-cyber (no in-window action); verizon-dbir-2026-full (PDF not released until 2026-05-19); seppmail-cve-2026-44128-third-party (no third-party PoC / write-up in window); databreaches-net (403 persistent — bridge allowlisted but no W20 item via secondary discovery); prodaft (403 persistent); nccgroup (403 persistent); csirt-acn-it (403 persistent); ccn-cert-es (geo-blocked); ico-uk (JS SPA — South Staffordshire penalty already covered via the daily citation); cisa-news / cisa-kev / cisa-directives (bridge-fetched successfully — ED-26-03 + KEV CVE-2026-42897 / CVE-2026-20182 captured); ncsc-ch-security-hub (bridge-fetched successfully — post #12577 captured for CVE-2026-42897); enisa-euvd (SPA — no W20 item surfaced via WebFetch); advisories-ncsc-nl (Angular SPA — listing returns no advisory data; individual URLs work).