ctipilot.ch

Home · Live brief · Weekly 2026-W23

Public sector — most-targeted sector this week by volume and by operational severity

high synthesis discovered 2026-06-01 05:00 UTC

Entities: NCSC-CH OP-512

Part of run 2026-W23-9118e7bd (weekly · Claude Sonnet 4.6)

The public sector carried the highest concentration of critical items this week. CVE-2026-41089 (Netlogon SYSTEM RCE) and CVE-2026-20245 (Cisco SD-WAN no-patch zero-day) both have active exploitation with direct public-sector estate exposure. NCSC-CH's G7 Évian advisory is a direct Swiss federal / cantonal SOC priority for the coming week (. VerdantBamboo's intrusion entered through an MSP's pfSense — the precise threat model for any federation of public-sector organisations sharing managed-service relationships (§7). MISP CVE-2026-10868 patches EU CERT tooling directly used by the operators of this newsletter's primary audience. OP-512's China-linked IIS/.NET 4.0 cluster (daily 2026-06-06) targets the legacy web-server estate still common in cantonal and municipal government, with per-deployment cryptographic keying defeating signature-based detection entirely. ENISA NIS360 confirms public administration is the most consistently targeted EU sector by hacktivist activity, receiving nearly 63% of all EU hacktivist attacks, yet about a third of entities lack structured cybersecurity expertise at management level.

nation-state hacktivism vulnerabilities actively-exploited europe switzerland