CTI Weekly Summary — 2026-W23 (1–7 June 2026)

CVE-2026-20245 — Cisco Catalyst SD-WAN Manager: no-patch zero-day chain confirmed to push malicious configs to edge devices

If you did nothing this week: attackers with netadmin access to your Catalyst SD-WAN Manager can execute arbitrary commands as root and, per NCSC-CH's 5 June advisory update, push malicious configurations to every downstream edge device. No patch exists.

CVE-2026-20245 is a command injection in SD-WAN Manager's CLI file-upload handler (Cisco PSIRT; daily 2026-06-06). An authenticated attacker with netadmin privileges injects arbitrary OS commands that execute as root (T1059.004). In observed limited incidents, exploitation of CVE-2026-20245 resulted in malicious configurations pushed to downstream edge devices — extending attacker control from the management plane into the forwarding plane (NCSC-CH advisory 12579, updated 2026-06-05). The realistic attack path is a three-CVE chain: CVE-2026-20182 provides unauthenticated management-interface access (T1190), CVE-2026-20127 escalates to netadmin (T1078), and CVE-2026-20245 executes OS commands as root. The first two CVEs are patched in post-14-May SD-WAN Manager builds; CVE-2026-20245 has no fix — Cisco's only guidance is management-plane access restriction.

The forwarding-plane impact is the operationally critical new fact from this week: in transit-mode SD-WAN deployments, attacker-controlled edge-device configurations can cascade into routing-table manipulation, traffic interception, and service disruption across every site managed from the compromised Manager instance. Defender actions: apply the post-14-May SD-WAN Manager builds (patches chain entry points CVE-2026-20182/20127); ACL the management interface to a dedicated management VLAN; enforce MFA for netadmin and rotate Manager credentials; hunt the CLI audit log for anomalous file-upload events; and treat any unscheduled edge-device config-push as a hunting trigger.

CVE-2026-41089 — Windows Netlogon: pre-auth SYSTEM RCE on domain controllers, actively exploited

If you did nothing this week: pre-auth remote-code execution as SYSTEM on every unpatched domain controller in your forest. Belgium's CCB confirmed active exploitation on 1 June. The May Patch Tuesday fix has been available since 13 May.

CVE-2026-41089 (CVSS 9.8) is a stack-based buffer overflow in the Windows Netlogon service (MS-NRPC), first covered as an emergency action on 2 June (daily 2026-06-02). A crafted NRPC request to a domain controller triggers a memory-corruption condition before any credential exchange, allowing an unauthenticated network attacker to execute code as SYSTEM (Microsoft MSRC; BleepingComputer, 2026-06-01). All currently supported Windows Server releases including Server 2025 are affected. Belgium's Centre for Cybersecurity (CCB) confirmed active exploitation; at the time of the daily brief Microsoft had not yet updated its advisory to reflect it.

The operational priority here is the target class — domain controllers — and the fact that Netlogon is necessarily reachable from every domain-joined machine in the estate. An attacker who has compromised any domain-joined workstation can move laterally to a DC without credentials if the patch has not been applied. Detection concepts: anomalous NRPC session counts from non-DC source addresses; Windows Security EID 4625 (authentication failures) spikes on DCs correlated with unexpected source IPs; network-layer alerts on NRPC/RPC-over-named-pipe from workstation segments. Patch immediately. If patching is delayed, restrict Netlogon/LDAP exposure to trusted hosts at the network layer.

IronWorm + Miasma AI coding-agent injection: two supply-chain worms target cloud credentials and developer toolchains simultaneously

If you did nothing this week: any developer who cloned one of the 73 disabled Microsoft GitHub repositories and opened it in Claude Code, Cursor, Gemini CLI, or VS Code with AI extensions may have triggered malicious payload execution. Any CI/CD pipeline consuming azure-functions-action in the exposure window may have run attacker-controlled code. Any developer machine running npm packages from the affected @redhat-cloud-services or IronWorm-infected namespaces should be treated as credential-compromised.

IronWorm (disclosed by JFrog on 2026-06-03; daily 2026-06-06) is a self-propagating npm worm distributed across ~36 packages from a compromised publisher account (JFrog, 2026-06-03). Unlike the JavaScript-stager Shai-Hulud lineage, IronWorm executes a Rust ELF payload through a preinstall lifecycle hook (T1195.002), then deploys an eBPF object providing kernel-level process, socket and anti-debug concealment — hiding the implant from procfs-based enumeration and most EDR agents that rely on user-space telemetry. The command channel runs over Tor. The credential sweep targets AWS, GCP, Azure, HashiCorp Vault, Kubernetes, Docker, GitHub and npm tokens, plus the 2026 generation of AI-provider API keys (Anthropic, OpenAI, Gemini). Self-propagation reuses stolen npm Trusted Publishing credentials. Detection: alert on node/npm/npx spawning sh/bash during preinstall/postinstall; audit bpf() syscalls from non-privileged processes via auditd; watch CI/CD egress for Tor bootstrap traffic. Hardening: run npm install --ignore-scripts in CI, pin lockfile integrity, scope/rotate npm publish tokens.

Miasma's AI coding-agent injection (2026-06-05–06; daily 2026-06-06) planted a ~4.6 MB payload runner (4,643,745 bytes) in 73 Microsoft and Microsoft-adjacent GitHub repositories, wiring execution to workspace-config files — CLAUDE.md, .claude/commands/, .gemini/, .cursor/rules, .vscode/settings.json — so the trigger is a developer opening the repository in an AI-assisted IDE, not an npm install (StepSecurity; The Hacker News). GitHub disabled the affected repositories by June 6. StepSecurity forensics trace the entry-point account to the same contributor credentials compromised in the May 19 PyPI attack; full revocation was not confirmed (three hypotheses; non-revocation is the most parsimonious). Detection: treat workspace-config files from cloned repositories as untrusted data, not code, in CI/CD environments; monitor .claude/commands/, .gemini/, .cursor/rules for unexpected writes or outbound HTTP triggers; audit azure-functions-action workflows for execution in the exposure window.

Miasma / TeamPCP supply-chain worm: from npm credential theft to AI coding-agent config injection across the week

The Miasma arc produced the week's clearest attack-evolution story — two distinct technique pivots in five days, both in a single actor's ongoing CI/CD intrusion campaign.

Monday 2 June (daily 2026-06-02): TeamPCP used a compromised Red Hat maintainer GitHub account to inject malicious CI/CD workflows into 32 packages in the @redhat-cloud-services npm namespace via GitHub Actions OIDC trusted-publishing abuse, poisoning ~80,000–117,000 weekly downloads across 96 releases (Wiz; Aikido Security; Socket). The "Miasma" payload — a Mini Shai-Hulud descendant — swept GitHub Actions secrets, AWS keys, SSH keys, and added new dedicated collectors for GCP service-account and Azure managed-identity tokens, signalling a pivot from developer-host theft to cloud-account takeover.

Friday 6 June (daily 2026-06-06): Rather than continuing to poison npm packages, the actor shifted technique entirely: malicious commits were planted directly in the source repositories of 73 Microsoft and Microsoft-adjacent GitHub repos, wiring execution to AI coding agent workspace-config files rather than npm install lifecycle hooks (OpenSourceMalware; The Hacker News). GitHub disabled all 73 repos in a 105-second automated sweep. StepSecurity's forensic analysis found the entry credential was the same contributor account compromised in the May 19, 2026 PyPI attack (TeamPCP infrastructure overlap); full credential revocation was not confirmed. Azure Durable Task CI/CD pipelines that reference azure-functions-action were globally disrupted.

At week close, the Cargo (Rust) registry remained un-hit (the W22 looking-ahead prediction it was the next target was not confirmed in this window). The AI-coding-agent config injection vector is a structural expansion of the attack surface: any CI/CD environment where CLAUDE.md, .cursor/rules, or .gemini/ files are treated as executable code rather than data is now an active target class.

Gamaredon: GammaPhish → GammaWorm (NTFS ADS + USB) → GammaSteel (S3 exfil) — the week's most complete intrusion kill-chain disclosure [SINGLE-SOURCE Sekoia TDR]

Monday 2 June brought Sekoia's part-one Gamaredon series (Sekoia TDR, 2026-06-01), consolidating three capability clusters under unified naming: GammaPhish (the spearphishing-through-GammaLoad funnel), GammaWorm (the USB-and-network-propagation layer), and GammaSteel (the S3-exfiltration stealer confirmed in the same campaign arc via Sekoia TDR follow-up, daily 2026-06-03).

Initial access (GammaPhish): weaponised xHTML files exploiting CVE-2025-8088 (the WinRAR path-traversal flaw, patched but widely unpatched) drop HTA payloads into Windows Startup directories via mshta.exe. Propagation (GammaWorm): a 20,000+-line obfuscated VBScript worm persists via scheduled tasks and Run/RunOnce registry keys, hides components in NTFS Alternate Data Streams, and spreads across USB drives and mapped network shares using Ukrainian-language lures (T1025, T1091). C2 resolves through dead-drop pages on Telegram, Telegra.ph, Teletype.in, Supabase and Cloudflare Workers — all platforms with high allow-list rates at enterprise egress proxies. Exfiltration (GammaSteel): the S3-exfiltration stealer stages and uploads collected data directly to attacker-controlled AWS S3 buckets.

The detection pattern across all three stages is highly transferable to non-Ukraine targets. Hunt for: mshta.exe spawning wscript.exe; large obfuscated VBScripts executing from %APPDATA%; scheduled tasks with randomised GUID names pointing into user-profile paths; NTFS ADS on %TEMP%/%APPDATA% files (dir /r or Sysmon EID 11 for streams); outbound HTTPS to Telegra.ph / Supabase / Workers from non-developer hosts; and anomalous S3-API calls from user endpoints.

CVE-2026-49975 — HTTP/2 Bomb: HPACK amplification + Slowloris chains to single-connection RAM exhaustion, patch status split by server

Disclosed 3 June via oss-security by researcher Calif, who discovered the bug using OpenAI's Codex (Calif/oss-security; deep-dived 2026-06-04 daily; NCSC-CH advisory 12610). The attack combines two HTTP/2 protocol weaknesses: seeding the server's HPACK dynamic header-compression table with a large entry then sending thousands of single-byte back-references forces massive decoded-size reconstruction, while Slowloris-style connection holding prevents memory from being freed. Measured amplification ratios at 32 GB RAM: Envoy ~5,700:1 (exhausted in ~10 s), Apache httpd ~4,000:1, nginx ~70:1. PoC public. Patch status as of 7 June: nginx — fixed in 1.29.8 (http2_max_field_size directive); Apache mod_http2 — fixed in standalone v2.0.41 but not yet bundled into an httpd 2.4.x release, requiring manual installation; Microsoft IIS, Envoy, Cloudflare Pingora — no patch. Researchers estimate over 880,000 public-facing servers exposed. No confirmed in-the-wild exploitation. For defenders: upgrade nginx ≥1.29.8; install standalone mod_http2 v2.0.41 on Apache until bundled; consider HTTP/2 disablement or WAF header-count limits for IIS and Envoy until patches ship.

Keycloak 26.6.3 — 16 CVEs in the EU public sector's reference IAM, led by token-exchange privilege escalation and SSRF [SINGLE-SOURCE vendor advisory]

Released 2026-06-04 (Keycloak; deep-dived 2026-06-07 daily). CVE-2026-9704 is a privilege escalation in OAuth 2.0 token exchange: a low-privilege client omits the subject_token parameter and Keycloak issues a token under the requesting client's identity rather than rejecting the malformed request, enabling lateral movement between service identities (T1550.001). CVE-2026-4874 turns the OIDC token endpoint into an SSRF primitive, giving an attacker who can reach the endpoint a pivot into internal services Keycloak is permitted to contact. Additional CVEs of note: CVE-2026-8830 (missing server-side WebAuthn attestation validation — undermines phishing-resistant MFA enrolment assurance); CVE-2026-9802 (restart resets startupTime, allowing replay of rotated refresh tokens). No in-the-wild exploitation reported; patch-priority for any internet-reachable Keycloak underpinning e-government SSO or SAML federation. Detection: alert on token_exchange events in the Keycloak event log where subject_token is absent but a token is issued; watch for outbound connections from the Keycloak service host to non-allow-listed internal addresses correlated with token-endpoint requests.

CVE-2026-10868 — MISP: mass-assignment account-takeover (CVSS 9.0) in the EU threat-sharing platform

Patched 2026-06-04 (deep-dived 2026-06-06 daily). Insufficient field filtering in UsersController::edit() lets an authenticated user edit another account's record, enabling account-takeover and privilege manipulation in multi-organisation sharing hubs — the account-takeover combined with a companion cross-org event-template overwrite bug enables manipulation of the shared indicator pool itself (GHSA-h7wj-m45x-884x; BSI WID-SEC-2026-1800). MISP underpins CERT-EU, GovCERT.ch, CIRCL.lu and most EU national-CERT and ISAC sharing infrastructure — highest-priority patch for any multi-org sharing instance. Post-patch, audit user-account attribute changes in MISP's own event log for the pre-patch exposure window.

Public sector — most-targeted sector this week by volume and by operational severity

The public sector carried the highest concentration of critical items this week. CVE-2026-41089 (Netlogon SYSTEM RCE) and CVE-2026-20245 (Cisco SD-WAN no-patch zero-day) both have active exploitation with direct public-sector estate exposure. NCSC-CH's G7 Évian advisory is a direct Swiss federal / cantonal SOC priority for the coming week (see §9). VerdantBamboo's intrusion entered through an MSP's pfSense — the precise threat model for any federation of public-sector organisations sharing managed-service relationships (§7). MISP CVE-2026-10868 patches EU CERT tooling directly used by the operators of this newsletter's primary audience. OP-512's China-linked IIS/.NET 4.0 cluster (daily 2026-06-06) targets the legacy web-server estate still common in cantonal and municipal government, with per-deployment cryptographic keying defeating signature-based detection entirely. ENISA NIS360 confirms public administration is the most consistently targeted EU sector by hacktivist activity, receiving nearly 63% of all EU hacktivist attacks, yet about a third of entities lack structured cybersecurity expertise at management level.

Healthcare — HIPAA breach + healthcare supply-chain exposure

ShinyHunters published the DentaQuest dataset this week: 234 GB, 2.6 million records in HIPAA-format ASC X12 claims interchange, including Medicaid IDs (BleepingComputer, 2026-06-04). The DentaQuest extortion arc is the week's clearest demonstration that the ShinyHunters operation monetises pure data theft — no encryption, no backup-based leverage — placing the detection priority at bulk-export monitoring in claims and SaaS systems rather than backup integrity. Additionally, CVE-2026-42251 in KAMSOFT KS-SOMED (hardcoded FTP update-server credentials, allowing trojanised updates to any downstream Polish NHS deployment) underlines the supply-chain-through-update-mechanism risk in healthcare software.

Finance / payments — Stripe-abusing Magecart and OFAC Iran sanctions

A Magecart variant delivering its skimmer through Stripe customer metadata and exfiltrating stolen card data back through api.stripe.com as fake customer records was documented by Sansec this week (Sansec, 2026-06-04; daily 2026-06-07). Because both payload delivery and exfiltration transit a universally allow-listed domain, CSP connect-src controls and WAF egress rules built around blocking unknown domains are blind to this variant. Detection must move server-side: audit GTM container IDs, monitor Stripe customer-creation events for non-order-matched calls, and inspect customer-metadata fields for encoded JavaScript. Separately, OFAC designated Nobitex and three Iranian exchanges for IRGC-affiliated ransomware proceeds — confirmed wallet clusters now carry an OFAC sanctions-nexus consideration for any EU institution with US correspondent relationships.

Technology / software supply chain — four concurrent worm/supply-chain threats in one week

Simultaneously active this week: Miasma npm credential collectors, IronWorm eBPF rootkit worm, two concurrent npm dependency confusion campaigns (Microsoft 45 packages + Sonatype 176 packages, daily 2026-06-01), the claude-code-action GitHub Actions flaw (arbitrary code execution from a single malicious issue, fixed in v1.0.94; daily 2026-06-05), and Polyfill.io domain reactivation surfacing native browser credential prompts on sites still loading the legacy CDN reference (daily 2026-06-07). The combined picture is a meaningful escalation of the npm/GitHub Actions attack surface: credential theft, kernel-rootkit persistence, and CI/CD pipeline compromise are now simultaneous, not sequential, threats in the software supply chain.

Luna Moth / UNC3753: vishing-to-physical-USB data-theft extortion reaches ~$20 M suppression payment and DNS fast-flux C2

Mandiant's comprehensive primary forensic analysis published 5 June (Mandiant; deep-dived daily 2026-06-06) documents a January–May 2026 data-theft extortion campaign against US legal and professional-services organisations by UNC3753 (Luna Moth / Silent Ransom Group). The intrusion chain is entirely social-engineered: invoice/subscription pretext → vishing callback impersonating internal IT support → victim installs AnyDesk / Bomgar / Zoho Assist → actor enumerates file shares and document-management systems and exfiltrates in under an hour in several cases using portable WinSCP/Rclone. No ransomware, no encryption — leverage is the stolen data alone. Weil, Gotshal & Manges reportedly paid an estimated ~$20 M suppression payment (Legal Cheek, 2026-06-03). Two new in-window developments: (1) the FBI's 2026-05-26 Cyber FLASH and Mandiant both confirm operatives entering corporate offices to insert USB exfiltration devices when remote social engineering failed (T1052.001), bypassing every network-side control; (2) a 2026-06-05 report documents SRG migrating its C2 to DNS fast-flux infrastructure, hardening against takedown and static indicator blocking (Security Affairs, 2026-06-05). For Swiss and European legal and professional-services firms: the IT-helpdesk-impersonation vector is identical to social-engineering pressure documented across European corporate intrusions; the physical-USB escalation raises duty-of-care questions that require physical-security response, not just SOC playbooks.

ShinyHunters — DentaQuest: 234 GB HIPAA claims data published after ransom refusal, 2.6 M Medicaid and dental-benefit records

DentaQuest (Sun Life subsidiary, administering dental/vision benefits for ~35 M US Medicaid and Medicare members) confirmed on 1 June that ShinyHunters published 234 GB of stolen data after ransom negotiations broke down (BleepingComputer, 2026-06-04; BankInfoSecurity; daily 2026-06-05). The dataset — published by late May per BankInfoSecurity — is in HIPAA-format ASC X12 claims interchange; names, postal and email addresses, dates of birth, phone numbers, health-insurance details and Medicaid IDs across 2.6 million unique email addresses. DentaQuest has not confirmed the specific attack vector; the extortion pattern (no encryption, hard deadline, publish-on-refusal) is consistent with the broader ShinyHunters vishing-driven SaaS-access campaign that earlier claimed Charter, Carnival, 7-Eleven, Instructure and Wynn Resorts. The operational reminder: this actor has no backup-based leverage — detection must land at the bulk-export stage (anomalous off-hours claims-system bulk downloads; SaaS API token generation; volume spikes on outbound archive transfers).

Booking.com WhatsApp phishing + upstream hotel SaaS breach: real reservation data weaponised, 100+ properties affected, Dutch DPA opens investigation

NCSC-CH's Week 22 report (4 June; daily 2026-06-04) documents two phishing variants exploiting real booking data leaked in the April 2026 Booking.com compromise: Variant 1 — fake WhatsApp refund lure → TWINT/Swiss-bank-portal credential harvest; Variant 2 — attackers using compromised hotel booking-system credentials to message guests through the legitimate booking channel, demanding urgent card re-verification. Variant 2 breaks user-awareness controls because the message originates from a trusted platform (NCSC-CH). In the same window, a separate upstream booking/channel-management SaaS layer breach exposed guest reservation records (names, contacts, arrival/departure dates) for guests at more than 100 Dutch, Belgian and Irish hotels; criminals are already sending contextually accurate "confirm your reservation" phishing referencing real upcoming stays (DutchNews.nl). The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has opened a GDPR investigation; Art. 33/34 notification clocks are running for each hotel as an independent controller.

Five Eyes "Safeguarding Our Secrets" — Chinese military intelligence systematically recruiting via LinkedIn and job platforms

On 2026-06-03 the five Five Eyes domestic intelligence agencies (ASIO, CSIS, FBI, MI5, NZSIS) released a joint bulletin warning that China's military-intelligence apparatus is systematically using professional-networking and freelance-work platforms — LinkedIn, Indeed, Upwork — to identify and cultivate cleared personnel, academics, researchers and defence/policy staff (MI5; The Record, 2026-06-03; daily 2026-06-06). The tradecraft: operatives pose as recruiters or think-tank staff for fabricated cover companies outside China, open with benign foreign-policy research commissions paying hundreds to a few thousand dollars per deliverable, then escalate toward sensitive material and migrate the relationship to encrypted messaging to reduce platform visibility. Switzerland — outside Five Eyes but a hub for international organisations, financial regulation, and dual-use research — is squarely in the target set. The defensible surface is personnel-security, not EDR: brief cleared and research staff on the innocuous-task-to-sensitive-request progression and give them a low-friction route to report unsolicited foreign-recruitment contact.

ENISA NIS360 2026 (3rd edition) — seven sectors in the persistent risk zone where criticality outpaces maturity

Published 28 May 2026 (ENISA; follow-up coverage 2 June in Security Affairs). The headline finding is structural: a persistent "risk zone" where criticality exceeds maturity comprising public administration, health, railway, maritime, ICT service management, space, and drinking/waste water. Public administration receives nearly 63% of all EU hacktivist attacks and is the most consistently targeted sector, yet roughly one-third of entities lack structured cybersecurity expertise at management level and about half provide no cybersecurity training to management. Water sector: one in three entities has never conducted a risk assessment. The high-maturity sectors — banking, electricity, telecoms, trust services, aviation, financial market infrastructures — share a common driver: regulatory pressure backed by supervisory capacity with real enforcement. Only 16% of NIS2-affected entities consider themselves fully compliant; 41% face uncertainty about national obligations. For NIS2 national authorities: sectors without comparable oversight structures (ICT service management, space) lag structurally. For public-sector SOC managers specifically: the elevated hacktivist pressure confirmed by ENISA should cross-reference directly against current threat-model assumptions and DDoS mitigation capacity, particularly in the June 15–17 G7 Évian window.

Sophos 2026 Active Adversary Report — identity the dominant intrusion root cause; Impacket and AnyDesk most-observed post-exploitation [SINGLE-SOURCE]

Published 2 June (Sophos X-Ops; drawing on 661 IR/MDR cases; daily 2026-06-03). The findings that directly shift defender priorities: identity-based compromise — stolen/valid credentials, brute force, phishing — is the leading intrusion root cause, with missing or misconfigured MFA present in a majority of incidents. Time from initial access to Active Directory compromise has compressed materially. Impacket is among the most frequently observed post-exploitation toolkits; AnyDesk is the most-abused legitimate remote-access tool, consistent with this week's Luna Moth tradecraft. The recurring telemetry blind spots are the load-bearing findings: firewall logs were missing in roughly half of ransomware cases, and a meaningful share of compromised Windows Servers were running end-of-life builds. Practical hunt targets: alert on Impacket artefacts (impacket-named tool processes, secretsdump-style NTDS access, SMBExec/WMIExec parent processes); instrument the initial-access-to-DC-compromise window; inventory EOL Windows Servers; verify firewall log retention is complete before an incident, not during one. This is a single-vendor IR report; treat findings as directionally correct rather than statistically definitive without independent corroboration. [SINGLE-SOURCE]

VerdantBamboo / UNC5221 / WARP PANDA — 18-month undetected China-nexus intrusion through MSP pfSense [SINGLE-SOURCE]

First disclosed this week by Volexity's incident-response case (Volexity, 2026-06-04; daily 2026-06-05). VerdantBamboo — assessed with high confidence as UNC5221 (WARP PANDA) — entered a European organisation through its MSP's pfSense firewall with a BSD build of the BRICKSTORM Golang backdoor, then persisted across three appliances (pfSense, Synology NAS, Egnyte Storage Sync VM) that cannot run EDR by design. The M365 Conditional Access bypass — routing authentication through the Egnyte appliance's trusted egress IP — is the novel operational technique. Two previously undocumented implants: AGENTPSD (PyInstaller Python HTTPS reverse shell) and PLENET/GRIMBOLT (.NET Native AOT on Linux NAS). Outstanding question: Volexity found access dating at least 18 months back, raising the question of what else the actor collected during that window and whether the MSP has other affected European clients. The disclosure is Volexity primary IR only — no second corroborating source is available. [SINGLE-SOURCE]

TA4922 — China-nexus cybercrime cluster expands from Japan into Germany, UK and Italy with native-language lures and Atlas RAT

Proofpoint reported this week that TA4922, a Chinese-speaking financially-motivated cluster running the highest campaign tempo of any cybercrime actor Proofpoint tracks, pivoted in March–April 2026 to localised campaigns against German, UK, Italian and South African organisations (The Hacker News, 2026-06-04; BleepingComputer, 2026-06-04; daily 2026-06-05). Native-language tax-authority, HR/payroll and invoice lures now pair the known ValleyRAT (Winos 4.0) with newly observed Atlas RAT (C-based), RomulusLoader, and SilentRunLoader (Python infostealer targeting Chrome credentials). A notable TTP shift: conversations are moved to LINE, WhatsApp and Microsoft Teams before payload delivery, pulling targets off enterprise email controls. DACH public-sector and finance staff are in direct scope. Hunt for DLL side-loading chains where AnyDesk/SyncFuture load from unexpected user-profile paths, for Python processes reaching Chrome DPAPI, and for unsolicited inbound contact on Teams/WhatsApp that pivots to a "document."

Gamaredon — GammaPhish / GammaWorm / GammaSteel: Russian FSB campaign with USB worm and S3 exfiltration (Sekoia TDR part one) [SINGLE-SOURCE Sekoia TDR]

Sekoia's first part of the Gamaredon series disclosed a January 2026 campaign arc (Sekoia TDR, 2026-06-01; daily 2026-06-02; update daily 2026-06-03). Initial access via CVE-2025-8088 (WinRAR path-traversal, widely unpatched) drops HTA payloads from xHTML attachments. GammaWorm's NTFS-ADS concealment and USB-propagation pattern is the signature detection challenge: filesystem timestamps are useless (ADS hides the worm content), and the worm spreads to any mounted drive and mapped share, meaning air-gap-adjacent workstations remain in scope. GammaSteel exfiltrates collected data directly to S3. Part two of the Sekoia series is outstanding and expected to detail further tooling. Open question: has the campaign reached any EU public-sector estate beyond its primary Ukrainian targets? The USB-propagation vector is exactly the mechanism Luna Moth used this week for physical office intrusion — conceptually distinct actors, coincidentally parallel technique.

Germany's Gesetzentwurf zur Stärkung der Cybersicherheit: cabinet-approved active-cyberdefence powers for BKA, Bundespolizei and BSI

On 27 May 2026 the German Federal Cabinet adopted the Gesetzentwurf zur Stärkung der Cybersicherheit, now proceeding to Bundestag (German Federal Government, 2026-05-27; Digital Watch Observatory, 2026-05-31). The law grants: the BKA and Bundespolizei authority to shut down or disrupt attacker-controlled infrastructure including servers located outside Germany, reroute data traffic, and collect/modify/delete data on foreign systems; the BSI expanded authority to collect threat-preparation data and require telecoms and major platforms to relay BSI threat warnings to end users. Interior Minister Dobrindt: "In future, we will target the attacker, their servers, their software and their strategy." Personnel implications: BKA +264, Bundespolizei +90, BSI +21 positions by 2030. Civil-society analysis flags constitutional concerns (Basic Law, cross-border state action, jurisdictional conflict with Länder). For DACH/EU defenders: (a) once enacted, telecoms/platform operators gain a new duty-to-relay obligation for BSI warnings; (b) the law sets a precedent for EU active-cyberdefence norms that Swiss forthcoming cyber-resilience legislation (draft expected autumn 2026) will need to address.

CRA June 11 notifying-authority deadline — first hard CRA milestone with ENISA SRP manual and Secure Update Mechanisms advisory published

11 June is the Cyber Resilience Act's first mandatory milestone: EU member states must designate the national authority responsible for assessing and notifying conformity assessment bodies (CABs) for Important and Critical product classes (OpenSSF policy blog, 2026-06-03; ENISA SRP page). Without designated notifying authorities, manufacturers of products such as operating systems, firewalls, smart cards, HSMs and smart meter gateways cannot obtain the third-party certificates needed by the December 2027 full-application date. In the same window ENISA published: (1) the access and registration manual for the CRA Single Reporting Platform (SRP) — the platform manufacturers must use from 11 September 2026 to report actively exploited vulnerabilities within 24 h (early warning) and 72 h (full notification); (2) a draft Technical Advisory on Secure Update Mechanisms for SME manufacturers (public consultation to 10 July). The 90-day window to SRP operational date is shorter than it appears: software vendors deploying into EU environments should validate their vulnerability-disclosure pipeline now, not in September.

EU 20th Russia sanctions package: managed security services prohibition in force since 25 May; Commission interpretive guidance outstanding

Since 25 May 2026, EU operators are prohibited from providing managed security services — incident response, penetration testing, security audits, consulting — to the Russian government and to entities established in Russia, under Council Regulation (EU) 2026/506 (20th sanctions package) (Squire Patton Boggs analysis; Greenberg Traurig analysis). Wind-down transactions must be completed before 24 October 2026. As of publication, interpretive guidance from the European Commission on the exact prohibition scope has not been issued. Swiss MSSPs are not directly subject to EU sanctions law but should note that EU-headquartered affiliates and any SWIFT/correspondent-banking touch points in EU create indirect exposure. For SOC procurement teams: this prohibition is now live compliance context when reviewing vendor contracts involving any Russian-entity counterparty.

EU Council TTE June 9: CSA2 (high-risk supplier framework) + NIS2 simplification progress reports tabled; trilogue targeted early 2027 [SINGLE-SOURCE]

The EU Transport, Telecommunications and Energy Council met on 9 June with the Presidency presenting progress reports on the Cybersecurity Act 2 (CSA2) and a targeted NIS2 simplification directive, both proposed by the Commission on 20 January 2026 (Industrial Cyber, 2026-06-05). CSA2 introduces a "high-risk supplier" designation mechanism targeting ICT vendors whose legal or geopolitical context creates cybersecurity risk to critical sectors, with consequences including exclusion from EU public procurement and penalties up to 7% of worldwide turnover. NIS2 simplification amendments clarify jurisdictional rules, add EU Digital Identity Wallet providers and submarine data-transmission infrastructure operators as new essential-entity categories, and streamline ransomware-attack data collection. Both proceed to trilogue; political agreement is targeted for early 2027. For Swiss ICT vendors and public-sector procurement teams: the CSA2 high-risk-supplier framework, once enacted, will reshape EU critical-sector supply-chain decisions and is expected to influence Swiss procurement policy given bilateral-track alignment pressure.