Public sector — most-targeted sector this week by volume and by operational severity

The public sector carried the highest concentration of critical items this week. CVE-2026-41089 (Netlogon SYSTEM RCE) and CVE-2026-20245 (Cisco SD-WAN no-patch zero-day) both have active exploitation with direct public-sector estate exposure. NCSC-CH's G7 Évian advisory is a direct Swiss federal / cantonal SOC priority for the coming week (see §9). VerdantBamboo's intrusion entered through an MSP's pfSense — the precise threat model for any federation of public-sector organisations sharing managed-service relationships (§7). MISP CVE-2026-10868 patches EU CERT tooling directly used by the operators of this newsletter's primary audience. OP-512's China-linked IIS/.NET 4.0 cluster (daily 2026-06-06) targets the legacy web-server estate still common in cantonal and municipal government, with per-deployment cryptographic keying defeating signature-based detection entirely. ENISA NIS360 confirms public administration is the most consistently targeted EU sector by hacktivist activity, receiving nearly 63% of all EU hacktivist attacks, yet about a third of entities lack structured cybersecurity expertise at management level.