ctipilot.ch
← Back to Weekly 2026-W28
NOTABLENATOB2outlook

Looking ahead — 2026-W28

discovered 2026-07-12 23:56 UTCrun 2026-07-12T2309Z-weekly5 sourcesmulti-source

Items already in motion for the coming weeks — each with a dated source or an in-week entry, none a prediction:

  • EU regulatory clocks. The Dutch NIS2 Cyberbeveiligingswet enters into force 15 August 2026 — now a fixed date after the 7 July Senate passage (Rijksoverheid.nl, 2026-07-07). The EU Cyber Resilience Act vulnerability/incident-reporting obligation lands 11 September 2026, roughly 60 days out and previously covered in this store — the reporting-platform readiness is the item to watch next.
  • FINMA post-quantum guidance may harden. FINMA's Aufsichtsmitteilung 05/2026 is supervisory expectation-setting, not yet a binding circular; the open question is whether it converts into a Rundschreiben revision (FINMA, 2026-07-09).
  • Joomla file-upload wave — the newest members await exploitation. RSFiles! and Phoca Download are patched but not yet exploited, whereas earlier members of the same CWE-434 wave reached CISA KEV within days (mySites.guru, 2026-07-11) — treat these as likely-imminent-KEV, not resolved.
  • The Gentlemen EDR-disable zero-day. Unit 42 references an Expel analysis of a suspected zero-day the group uses to disable EDR, distinct from the GentleKiller BYOVD framework; that write-up had not published at the time of Unit 42's report (Unit 42, 2026-07-10).
  • CitrixBleed 2 broker activity continues. Huntress' STAC3725 reconstruction shows an initial-access broker actively weaponising CVE-2025-5777; organisations that patched but did not terminate live sessions remain exposed to token replay and downstream DragonForce deployment (Huntress, 2026-07-10).
PROVENANCE

AI-generated · no human review · this permalink is the shareable record for the finding · verify operationally critical claims against the linked primary source.