Region: switzerland
All items tagged switzerland.
- Elastic shows how the newly-GA Azure AD Graph Activity Logs close a long-standing Entra enumeration blind spot `[SINGLE-SOURCE]`
- Swiss Federal Audit Office: federal cyber-governance split leaves strategic oversight without a complete incident picture
- CVE-2026-12569 — PTC Windchill / FlexPLM pre-auth deserialization RCE, exploited, BSI calling admins at 02:30
- CVE-2026-20181 / CVE-2026-20190 — Cisco Identity Services Engine: unauthenticated credential read chaining to root command execution
- Check Point State of Ransomware Q1 2026 — ecosystem consolidation, with Switzerland and Germany named
- G7 Évian cybersecurity declaration calls PQC an "urgent priority" — and the expected hacktivist DDoS materialised on day one
- NCSC-CH — fake Swiss Post "Avis de passage" QR-code phishing in French-speaking Switzerland
- CVE-2026-40624 — AVer PTC-series conference cameras: unauthenticated RCE via the management web interface
- CVE-2026-20181 / CVE-2026-20190 — Cisco Identity Services Engine: unauthenticated credential read chaining to authenticated root command execution
- Public administration — the week's centre of gravity
- Cyber Europe 2026 tests the revised EU Cyber Blueprint and triggers the first live activation of the EU Cybersecurity Reserve
- UPDATE: Ivanti Sentry CVE-2026-10520 — exploitation confirmed in the wild, gateways backdoored
- UPDATE: Oracle PeopleSoft CVE-2026-35273 attributed to ShinyHunters; confirmed zero-day, 100+ victims, education sector hit hardest
- AudiA6 ransomware crypto-laundering service dismantled — two charged, Switzerland among the participating countries
- "Ghost-Sender": Exchange Online accepts spoofed inbound mail bypassing SPF/DKIM/DMARC when a third-party MX fronts the tenant — no vendor patch
- NCSC-CH Week 23: coordinated surge in job-seeker targeting — fake interviews, reshipping identity theft, and LinkedIn-to-GitHub infostealer delivery
- CVE-2026-10520 / CVE-2026-10523 — Ivanti Sentry: pre-auth OS command injection to root (CVSS 10.0), public PoC published today
- CVE-2026-44748 — SAP June Patch Day: SAML XML Signature Wrapping in NetWeaver AS ABAP (CVSS 9.9) plus an unauth RFC kernel memory-corruption (CVSS 9.8)
- CVE-2026-47895 — strongSwan: pre-auth double-free in libstrongswan identity cloning, unauthenticated RCE over EAP (patched 6.0.7)
- CVE-2026-50751 — Check Point Security Gateway: IKEv1 VPN authentication bypass, actively exploited by a Qilin affiliate
- Public sector — most-targeted sector this week by volume and by operational severity
- Booking.com WhatsApp phishing + upstream hotel SaaS breach: real reservation data weaponised, 100+ properties affected, Dutch DPA opens investigation
- NCSC Switzerland: Booking.com breach feeds two-pronged WhatsApp hotel-booking phishing against Swiss travellers
- CVE-2026-20230 — Cisco Unified Communications Manager: unauthenticated SSRF to OS-root file write
- CVE-2026-10611 — MISP: OTP bypass when LDAP mixed-auth and OTP enforcement are both enabled
- NCSC Switzerland warns of cyber operations around the G7 Évian summit (15–17 June)
- UPDATE: Ivanti Secure Access Client — NCSC.ch adds CVE-2026-8992 (local privilege escalation, CVSS 7.8) to May advisory
- Apereo CAS version 7.3.7.1 patches an OIDC-provider flaw reported by Coop Switzerland; CERT-FR issues advisory CERTFR-2026-AVI-0654
- FortiClient EMS CVE-2026-35616 actively exploited to push EKZ Infostealer through trusted endpoint-management channel
- Rapid7 publishes unpatched Gogs argument-injection RCE with a Metasploit module; maintainer non-responsive
- TechCrunch finds 100 K passport scans and selfies on a public-read S3 bucket behind a UK Visa Portal lookalike
- CVE-2026-4408 & CVE-2026-4480 — Samba: unauthenticated RCE in SAMR RPC and print-command subsystems (CVSS 10.0)
- CVE-2026-44939 (+ CVE-2026-41052, CVE-2026-41053) — SUSE Rancher: command injection on cluster import, PSA label privilege-escalation, GitHub-App over-inclusive team membership
- CVE-2026-9170 — IBM HTTP Server / WebSphere Application Server: pre-auth RCE via improper input validation (CVSS 9.8)
- CVE-2026-4868 (+ five further CVEs) — GitLab 19.0.1 / 18.11.4 / 18.10.7 patch release: Duo AI identity impersonation, unauthenticated project enumeration
- Wiz CIRT names JINX-0164 — LinkedIn-recruiter lures, AUDIOFIX macOS infostealer, MINIRAT npm pivot into CI/CD
- UPDATE: The Gentlemen ransomware — Microsoft publishes full technical dissection of the Storm-2697 Go-encryptor
- ILIAS LMS — nine fixes shipped 2026-05-27, two critical access-control gaps (CVSS 9.8 + 9.3), NCSC.ch flags SOAP interface as primary unauthenticated attack surface
- CVE-2026-35616 — Fortinet FortiClient EMS pre-auth bypass, exploited to push EKZ Infostealer down the management channel
- CVE-2026-4408 / CVE-2026-4480 — Samba dual unauthenticated RCE (CVSS 10.0), patch window closed mid-week
- CVE-2026-9170 — IBM HTTP Server / WebSphere Application Server: pre-auth RCE (CVSS 9.8)
- Public administration & identity (CH / DACH lead) — the LMS, SSO and e-government estate under multi-product pressure
- UK Visa Portal — ~100,000 passport scans and selfies on a public-read S3 bucket behind a government-lookalike site
- The Gentlemen / Storm-2697 — internal "Rocket" backend leaked by a rival; KELA and Check Point dissect the operator inner circle
- EU 20th-package managed-security-services ban in force from 25 May — Switzerland adopted listings only; MSS prohibition deferred
- Netherlands FIOD arrests two over EU sanctions evasion for Stark Industries front; 800 servers seized; NoName057(16) DDoS plumbing dismantled
- ANSSI / CERT-FR publishes CERTFR-2026-AVI-0635 on SPIP < 4.4.15 — security-policy bypass in the dominant French public-administration CMS
- UPDATE: Drupal CVE-2026-9082 — CISA KEV addition + active exploitation confirmed; NCSC.ch flips post 12584 to "Actively exploited"
- Operation Saffron dismantles First VPN — 33+ servers seized, user database captured, Switzerland named JIT participant; Phobos RaaS infrastructure link confirmed
- UPDATE: Drupal SA-CORE-2026-004 / CVE-2026-9082 ships — "highly critical" pre-auth SQL injection in core database API, PostgreSQL-only
- Drupal core "highly critical" pre-patch warning — unauthenticated, zero-complexity, patch window today 17:00–21:00 UTC
- Sparx Enterprise Architect / Pro Cloud Server — five-CVE chain (pre-auth SQL injection + WebEA race-condition RCE), public PoC, no vendor patch
- UPDATE: SEPPmail Secure E-Mail Gateway — InfoGuard Labs full technical write-up; new CVE-2026-2743 (CVSS 10.0 pre-auth path traversal in LFT)
- UPDATE: TheGentlemen RaaS lists Czech university and Swiss engineering firm on leak site
- BigBlueButton bbb-web < 3.0.21 / < 3.0.23 — three flaws in EU education and government virtual-classroom platform: weak session-token randomness, API checksum bypass, SSRF
- THORChain GG20 Threshold Signature Scheme vault drain — ~$11M across nine chains; Switzerland-based protocol
- CVE-2026-42096 … -42100 — Sparx Enterprise Architect / Pro Cloud Server: five-CVE pre-auth chain, public PoC, no patch
- Public administration — web-CMS and identity estate under multi-vector pressure
- Education — virtual-classroom platforms and EdTech SaaS exposure
- THORChain — ~$11M cross-chain vault drain on a Switzerland-based protocol
- The Gentlemen RaaS — Czech university and Swiss engineering firm listed; comms overhaul continues [SINGLE-SOURCE]
- EU 20th Russia sanctions package — managed-security-services prohibition effective 25 May; Switzerland adopted most measures 22 May
- Law-enforcement infrastructure takedowns — Operation Saffron (Switzerland JIT), FIOD/Stark Industries, Kimwolf, INTERPOL Ramz
- Public administration and government
- Sophos 2026 State of Identity Security — 71% of orgs breached via identity, 41% root-caused to non-human-identity mismanagement, Switzerland records highest incidence
- SEPPmail CVE-2026-44128 — CIRCL advisory confirms CVSS 9.3 unauthenticated Perl-eval RCE; no third-party PoC in window
- UPDATE: Exchange CVE-2026-42897 — Pwn2Own DEVCORE three-bug SYSTEM RCE chain emerges alongside active OWA-XSS exploitation
- Sophos 2026 State of Identity Security: Switzerland records highest identity-breach incidence globally; energy and federal government hardest-hit sectors [SINGLE-SOURCE]
- CVE-2026-44128 et al. — SEPPmail Secure Email Gateway: six-CVE cluster on the Swiss public sector's dominant email-encryption appliance
- Akira ransomware on Groupe 3R — 20 Swiss medical-imaging centres across seven cantons; second cyberattack on the same operator within twelve months
- Healthcare (CH, NL)
- Public-sector administration and digital identity (FR, EU, FI, CH)
- Akira ransomware — Swiss healthcare case confirmed; broader European playbook unchanged
- Akira playbook quarterly context — Q1 2026 healthcare concentration; Qilin remains the dominant operator on German healthcare victims
- NCSC Switzerland — formal BACS assessment on AI in vulnerability management; defenders warned against over-reliance on AI detection
- [SINGLE-SOURCE-OTHER] SMS-blaster smishing establishing itself in Switzerland — portable IMSI-catchers force 2G downgrade, bypass operator SMS filtering
- UPDATE: Dirty Frag — Microsoft confirms limited in-the-wild exploitation; Red Hat, NCSC.ch, CCB Belgium publish coordinated advisories
- Brief mobile-device-policy owners on SMS-blaster smishing in CH
- Groupe 3R (Réseau Radiologique Romand) — Akira ransomware claims 48 GB; 20 imaging centres across seven Swiss cantons, second attack in twelve months
- Validate Akira-targeted edge-device CVE patch state in CH/EU healthcare
- CVE-2026-44128 et al. — SEPPmail Secure Email Gateway: CVSS 9.3 unauthenticated RCE and five additional CVEs [SINGLE-SOURCE-NATIONAL-CERT carve-out + vendor]
- Swiss and DACH Deployment Context