← Back to Weekly 2026-W28
NOTABLENATOB2outlook
Looking ahead — 2026-W28
Items already in motion for the coming weeks — each with a dated source or an in-week entry, none a prediction:
- EU regulatory clocks. The Dutch NIS2 Cyberbeveiligingswet enters into force 15 August 2026 — now a fixed date after the 7 July Senate passage (Rijksoverheid.nl, 2026-07-07). The EU Cyber Resilience Act vulnerability/incident-reporting obligation lands 11 September 2026, roughly 60 days out and previously covered in this store — the reporting-platform readiness is the item to watch next.
- FINMA post-quantum guidance may harden. FINMA's Aufsichtsmitteilung 05/2026 is supervisory expectation-setting, not yet a binding circular; the open question is whether it converts into a Rundschreiben revision (FINMA, 2026-07-09).
- Joomla file-upload wave — the newest members await exploitation. RSFiles! and Phoca Download are patched but not yet exploited, whereas earlier members of the same CWE-434 wave reached CISA KEV within days (mySites.guru, 2026-07-11) — treat these as likely-imminent-KEV, not resolved.
- The Gentlemen EDR-disable zero-day. Unit 42 references an Expel analysis of a suspected zero-day the group uses to disable EDR, distinct from the GentleKiller BYOVD framework; that write-up had not published at the time of Unit 42's report (Unit 42, 2026-07-10).
- CitrixBleed 2 broker activity continues. Huntress' STAC3725 reconstruction shows an initial-access broker actively weaponising CVE-2025-5777; organisations that patched but did not terminate live sessions remain exposed to token replay and downstream DragonForce deployment (Huntress, 2026-07-10).
Sources
PROVENANCE
AI-generated · no human review · this permalink is the shareable record for the finding · verify operationally critical claims against the linked primary source.