0. Week at a glance
- ENISA NIS360 2026 — public administration, health and water sit in the NIS2 "risk zone". Strategic horizon — ENISA's NIS360 puts public administration, health and water in the NIS2 "risk zone". The sectors a Swiss/EU public-sector SOC most often serves are the ones ENISA flags as under-mature relative to their criticality — a signal of where NIS2 supervisory pressure concentrates next. (ENISA) →
- EU 20th-package managed-security-services ban in force from 25 May — Switzerland adopted listings only; MSS prohibition deferred. Policy — Germany cabinet-approves active-cyber-defence powers while the EU MSS ban goes live and Switzerland defers. The German hackback bill awaits Bundestag passage; the EU's managed-security-services prohibition is in force from 25 May, but Switzerland adopted listings only — a temporary CH/EU compliance asymmetry. (daily, Bundesregierung) →
- The Gentlemen / Storm-2697 — internal "Rocket" backend leaked by a rival; KELA and Check Point dissect the operator inner circle. Most active RaaS exposed — The Gentlemen's internal database leaked. A rival dumped the operation's "Rocket" backend; KELA and Check Point analysis exposes the operator inner circle and an initial-access playbook (Fortinet/Cisco edges, NTLM relay, GPO deployment) that maps straight to hunts. (daily, Check Point) →
- Mini Shai-Hulud / TrapDoor — the supply-chain worm goes cross-ecosystem, open-source and destructive. Supply-chain worm widens — Mini Shai-Hulud goes cross-ecosystem, open-source and destructive. TrapDoor spans npm/PyPI/crates, the framework was open-sourced with a wiper stage, and Maven Central poisoning via mvnpm is now confirmed — one of last week's two un-hit registries. (daily, Wiz) →
- CVE-2026-4408 / CVE-2026-4480 — Samba dual unauthenticated RCE (CVSS 10.0), patch window closed mid-week. On fire — Samba dual unauthenticated RCE (CVSS 10.0), patch window closed mid-week. No ITW confirmation yet, but two pre-auth 10.0 paths in ubiquitous file-sharing software make this the week's highest-severity race between patching and weaponisation. (daily, Samba) →
- CVE-2026-35616 — Fortinet FortiClient EMS pre-auth bypass, exploited to push EKZ Infostealer down the management channel. On fire — FortiClient EMS bypass weaponises the management channel. CVE-2026-35616 is being exploited to push the EKZ Infostealer to managed endpoints disguised as a Fortinet patch — malware over the channel endpoints are built to trust. (daily, Arctic Wolf) →
- CVE-2026-0257 — Palo Alto PAN-OS GlobalProtect pre-auth authentication bypass, exploited in two waves by the same actor. On fire — PAN-OS GlobalProtect pre-auth bypass exploited in two waves. Palo Alto confirms in-the-wild exploitation of CVE-2026-0257 and Rapid7 ties a second 21 May wave to the same actor; unpatched edge VPNs are an active initial-access vector now. (daily, PAN PSIRT) →
1. Highest-impact events — what's on fire if no one acted
CVE-2026-4408 / CVE-2026-4480 — Samba dual unauthenticated RCE (CVSS 10.0), patch window closed mid-week
If you did nothing this week: unpatched Samba servers expose two unauthenticated remote-code-execution paths rated CVSS 10.0. There is no public confirmation of in-the-wild exploitation yet — but the disclosure-to-exploit interval on a pre-auth 10.0 in software this ubiquitous is the gap a SOC manager should assume is closing, not open.
The Samba project disclosed (2026-05-27, covered 2026-05-29) that a client-controlled username is passed to the "check password script" without escaping shell metacharacters (CVE-2026-4408) — this path is reachable only where a check password script (%u) is configured and samba-dcerpcd runs as a service, i.e. a non-default but common enterprise configuration — alongside a separate unauthenticated RCE in the printing subsystem (CVE-2026-4480), which is reachable where %J is used in the print command (CUPS/IPP backends are unaffected). Both 10.0 paths therefore depend on specific — non-default but common in enterprise estates — print and authentication configurations rather than affecting every install. CERT-FR issued CERTFR-2026-AVI-0651. Samba underpins a large share of public-sector, education and healthcare file-sharing and, in some estates, the AD domain controller. Patch to the fixed builds; where patching lags, disable the printing path, audit for the check password script setting, and restrict SMB reachability — this is the week's highest-severity item where the gap between exposure and compromise is whether the patch landed before someone weaponises a 10.0.
CVE-2026-35616 — Fortinet FortiClient EMS pre-auth bypass, exploited to push EKZ Infostealer down the management channel
If you did nothing this week: an attacker with a working pre-auth bypass against your FortiClient EMS management API can — and per Arctic Wolf, is — modifying Remote Access Profile configurations and injecting malicious PowerShell into every managed endpoint, with the payload disguised as a legitimate Fortinet patch.
Arctic Wolf observed active exploitation of CVE-2026-35616 (CVSS 9.1, first covered 2026-05-29, Fortinet PSIRT FG-IR-26-099, now CISA KEV-listed) in which the EKZ Infostealer was distributed through the trusted endpoint-management plane. This is the operationally important framing for this audience: the malware arrives over the channel the endpoint is built to trust, so signature-trust and "it came from EMS" heuristics fail open. Any public-sector, finance, energy or telco estate running FortiClient EMS should patch, then hunt for unexpected Remote Access Profile changes and PowerShell pushed from the EMS server in the exposure window.
“If you did nothing this week: an attacker with a working pre-auth bypass against your FortiClient EMS management API can — and per Arctic Wolf, is — modifying Remote Access Profile configurations and injecting malicious PowerShell into every managed endpoint, with the payload disguised as a …” — ctipilot v2 brief (migrated)
CVE-2026-26980 — Ghost CMS unauthenticated blind SQL injection, mass-exploited into a ClickFix infostealer chain
If you did nothing this week: self-hosted Ghost CMS instances are being mass-compromised through an unauthenticated blind SQL injection in the Content API slug filter, then weaponised as ClickFix social-engineering pages that serve infostealers to their own visitors.
XLab (Qianxin) and BleepingComputer document a large-scale campaign exploiting CVE-2026-26980 (CVSS 9.4, first covered 2026-05-25, GitHub advisory GHSA-w52v-v783-gw97). The dual-use is what makes this a §1 item rather than a routine SQLi: the same flaw both compromises the publishing platform and turns it into a watering hole. Public-sector, education and media organisations running self-hosted Ghost should patch to the fixed release and check for ClickFix-style injected content and unexpected database reads against the Content API.
“If you did nothing this week: self-hosted Ghost CMS instances are being mass-compromised through an unauthenticated blind SQL injection in the Content API slug filter, then weaponised as ClickFix social-engineering pages that serve infostealers to their own visitors.” — ctipilot v2 brief (migrated)
CVE-2026-0257 — Palo Alto PAN-OS GlobalProtect pre-auth authentication bypass, exploited in two waves by the same actor
If you did nothing this week: internet-exposed PAN-OS GlobalProtect portals without the patch or mitigations applied are being authentication-bypassed now. Palo Alto's PSIRT confirms "limited exploit attempts on unpatched PAN-OS devices," and Rapid7 MDR observed a second exploitation wave on 21 May that — on a consistent MAC address across both waves — it assesses to be the same threat actor.
The flaw is a pre-auth bypass via certificate reuse in the GlobalProtect authentication path (CVSS 7.8, first covered 2026-05-30). It is now on the CISA KEV catalogue. The CVSS understates the operational severity: a working pre-auth bypass on an edge VPN that fronts the whole estate is an initial-access primitive, and a second wave indicates the actor is iterating rather than spraying once. This item also closes the loop on last week's PAN-OS watch arc — W21 flagged the wave-2 PAN-OS patch builds as something to watch into this window. Patch immediately, and audit for attacker-created rogue administrator accounts before patching — the patch can wipe implant artefacts that would otherwise evidence a prior compromise.
“If you did nothing this week: internet-exposed PAN-OS GlobalProtect portals without the patch or mitigations applied are being authentication-bypassed now.” — ctipilot v2 brief (migrated)
2. Multi-day campaigns and chains
Mini Shai-Hulud / TrapDoor — the supply-chain worm goes cross-ecosystem, open-source and destructive
The npm-born self-propagating supply-chain worm widened on two axes this week. TrapDoor — a cross-ecosystem (npm / PyPI / crates) stealer campaign — was documented validating stolen tokens before exfiltration and poisoning AI-assistant configuration files to persist across developer sessions (2026-05-26). In parallel, the Mini Shai-Hulud / TeamPCP framework was open-sourced, a trojanised Microsoft PyPI SDK was shipped with a wiper stage, and the operators forged Sigstore provenance badges to launder trust (2026-05-26 update).
Read across the days, the trajectory is the story: the propagation primitive (OIDC-token reuse) is now commoditised, the blast radius spans three major registries, and the payload added a destructive option on top of credential theft. This connects directly to the W21 watch item flagging Cargo and Maven as the un-hit wave-6 candidate registries, and to the npm staged-publishing GA (§ 8) that is the first registry-level structural answer. Pre-stage Sigstore / provenance-anomaly hunts in Rust and Java dependency pipelines and gate internal publishing behind interactive promotion.
AI tooling as lure, attack surface and force-multiplier — the cross-day pattern no single daily framed whole
Five separate daily items this week, each minor on its own, line up into the most important emerging pattern of the window: AI products are now simultaneously a lure brand, an attack surface, and an offensive force-multiplier. As a lure: ACR Stealer was distributed through counterfeit Claude AI download pages promoted by malicious search ads (2026-05-26), and a cryptojacking campaign used AI-chatbot search-result poisoning to steer victims to GPU-utility lookalikes that dropped ScreenConnect and process-hollowed miners under a signed Microsoft binary (2026-05-28). As an attack surface: LLMShare malvertising hid fake outage pages inside ChatGPT share links to serve infostealers (2026-05-30); ChatGPhish abused the ChatGPT Markdown renderer's trust of third-party image URLs and links for IP exfiltration and phishing from legitimate chatgpt.com (2026-05-30); and Red Canary detailed Entra Agent ID privilege escalation, injecting credentials into agent blueprints for tenant-wide lateral movement (2026-05-30). As a force-multiplier: Sysdig TRT documented the first observed LLM-agent-driven post-exploitation, moving from a Marimo-notebook RCE (CVE-2026-39987) to internal-database exfiltration in four pivots in under an hour (2026-05-30).
The synthesis for a public-sector SOC: treat AI-brand download and search results as a live malvertising vector (block lookalike domains, prefer vendor-canonical download paths); scope DLP and egress controls to LLM rendering and share endpoints; and govern non-human agent identities (Entra Agent IDs, service-principal-equivalent AI agents) with the same conditional-access and credential-hygiene controls applied to service principals.
3. Vulnerability roll-up
CVE-2026-48842 — Roundcube Webmail pre-authentication SQL injection
Roundcube 1.6.16 / 1.7.1 fixed a pre-authentication SQL injection in the virtuser_query plugin path (CVE-2026-48842, CVSS 8.1, first covered 2026-05-28, with three further fixed CVEs in the same release); NCSC.ch carried it as Security Hub post 12596. Roundcube is the default webmail front-end for a large number of European public-sector, education and hosting deployments, and the pre-auth profile means an attacker needs no mailbox to reach the injection. Patch to the fixed branches and review web logs for anomalous query strings against the login and virtual-user endpoints.
CVE-2026-9170 — IBM HTTP Server / WebSphere Application Server: pre-auth RCE (CVSS 9.8)
IBM patched an improper-input-validation flaw in IBM HTTP Server / WebSphere Application Server that allows unauthenticated remote code execution and denial of service (CVSS 9.8, first covered 2026-05-29); NCSC.ch carried it as Security Hub post 12601. WebSphere fronts a large share of public-sector and financial back-office estates, where it is often internet-reachable through reverse proxies — the pre-auth, zero-interaction profile makes this a patch-now item for any CH/EU SOC with WebSphere in the asset inventory. Confirm fix-pack levels against IBM's bulletin and prioritise externally-reachable instances.
CVE-2026-48710 "BadHost" — Starlette pre-auth host-header auth bypass across the Python AI/ASGI stack
X41 D-Sec disclosed (via OSTIF) a pre-authentication authentication bypass in Starlette triggered by a malformed Host header (CVE-2026-48710, CVSS 6.5, first covered 2026-05-30; NCSC-NL NCSC-2026-0171). The reason it earns an H3 despite the medium CVSS is the dependency blast radius: Starlette is the ASGI core under FastAPI, vLLM, LiteLLM and the MCP Python SDK, so a single transitive dependency carries the flaw into a large slice of the Python AI-serving and agent tooling that public-sector teams are standing up this year. PoC is public. Pin Starlette to the fixed release across the dependency tree and front affected services with a proxy that normalises or rejects malformed Host headers.
CVE-2026-5426 — Digital Knowledge KnowledgeDeliver LMS: ViewState deserialization RCE exploited as a zero-day
Google's Threat Intelligence Group documented active zero-day exploitation of a pre-shared ASP.NET machineKey in the KnowledgeDeliver LMS that enables ViewState deserialization to unauthenticated RCE (first covered 2026-05-26; Mandiant disclosure MNDT-2026-0009). The vulnerable-component lesson generalises well beyond this APAC-deployed product: any .NET web application shipping or reusing a static machineKey across deployments inherits the same ViewState-forgery-to-RCE path. Hunt for unexpected __VIEWSTATE POST bodies that fail MAC validation and for w3wp.exe spawning command interpreters; rotate machineKey values that were ever shared or committed to source.
“Google's Threat Intelligence Group documented active zero-day exploitation of a pre-shared ASP.NET machineKey in the KnowledgeDeliver LMS that enables ViewState deserialization to unauthenticated RCE (first covered 2026-05-26; Mandiant disclosure MNDT-2026-0009).” — ctipilot v2 brief (migrated)
4. Sector & victim patterns
Finance — Iberian retail-banking pressure from Grandoreiro plus a parallel Android MaaS
WatchGuard documented a Grandoreiro campaign abusing Delphi DLL side-loading across four different software packages, with WebSocket/STUN C2, against banks in Portugal and Spain; ESET mapped a parallel BTMOB Android RAT delivered as malware-as-a-service against the same Iberian banking customers via HTML injection and Accessibility Service abuse (2026-05-29). The pattern for EU financial-sector defenders is the desktop-plus-mobile pincer from LATAM-origin operators sustaining European targeting: DLL-side-loading detection on the endpoint and Accessibility-Service-abuse heuristics on managed mobile fleets address the two halves.
Healthcare — administrative and imaging intermediaries remain the soft surface
Healthcare's exposure this week sat almost entirely in the administrative and imaging layers rather than clinical systems — the same structural lesson W21 drew from the Unimed billing-processor breach. Cisco Talos published a technical tour of the DICOM-format attack surface against Orthanc PACS, showing how network-ingested medical images become a heap out-of-bounds-write primitive precisely because PACS systems automatically ingest files received over the network (2026-05-31). France's CNIL fined IQVIA Operations France €5M for health-data-warehouse security failures — no MFA, no log monitoring, no network segmentation (2026-05-30) — a concrete regulatory marker of what "inadequate" looks like for a health-data processor. And California's AG sued the former 23andMe over the 2023 genetic-data breach (bulk-enumeration coding error plus absent credential-stuffing defences) affecting ~6.9M customers (2026-05-31). For CH/EU healthcare SOCs: treat auto-ingesting imaging pipelines as an untrusted-input attack surface, and read the IQVIA fine as a checklist of the baseline controls a regulator now expects on a health-data store.
Public administration & identity (CH / DACH lead) — the LMS, SSO and e-government estate under multi-product pressure
The week put the public-sector identity and web estate under pressure from several directions at once, with a direct Swiss nexus. ILIAS LMS — the open-source learning platform deployed across German and Swiss public-sector and university estates — shipped nine fixes on 2026-05-27 including two critical access-control gaps (CVSS 9.8 and 9.3), with NCSC.ch flagging the SOAP interface as the primary unauthenticated attack surface (2026-05-28). In parallel, Apereo CAS patched an OIDC-provider flaw that was reported by Coop Switzerland, with CERT-FR issuing CERTFR-2026-AVI-0654 (2026-05-29) — relevant to any CH/EU entity running CAS as an OpenID Connect IdP. Further afield in the same estate class, Lithuania's Centre of Registers lost ~600,000 state-register records to abused institutional credentials with a foreign state suspected (2026-05-27), and Poland's Szafir SDK signature-verification bypass (CVE-2026-9058) struck e-government signing (2026-05-26). The cross-cutting takeaway: the contested surface for public administration this week was the identity and document/learning-platform middleware (SOAP endpoints, OIDC providers, signature SDKs), not the citizen-facing front ends.
Transport — Iran-MOIS destructive breach against LACMTA with deliberate backup and VM destruction
The window's standout transport-sector event was destructive, not extortive. Gambit Security attributed the LACMTA (Los Angeles Metro) breach to Iran's MOIS operating behind the "Ababil of Minab" hacktivist front, with ~700 GB exfiltrated and backups and virtual machines deliberately destroyed (2026-05-28). The relevance for European public-transit and public-sector defenders is the recovery-planning implication: where the adversary's objective is destruction rather than ransom, restoration assumes offline / immutable backups and rebuild-from-known-good capacity — controls that an extortion-only threat model under-provisions. The "hacktivist front for state destruction" pattern also complicates attribution and the public-comms response.
5. Incidents & disclosures recap
Asocks residential-proxy botnet — Dutch Police + NCSC dismantle ~17M-device infrastructure hosted in the Netherlands
The Cybercrime Team of the Police Unit The Hague, with the Dutch NCSC, dismantled a large residential-proxy botnet — at least 17 million compromised consumer devices worldwide, run through ~200 servers all physically hosted in the Netherlands (2026-05-29); NL Times and other reporting identify the service as Asocks (the politie.nl primary states the scale and the NL-hosted infrastructure but does not name it). The operationally relevant point is what was hit: residential-proxy services are the anonymisation plumbing that launders credential-stuffing, scraping and fraud traffic to look like ordinary consumer ISP connections, defeating IP-reputation controls. The takedown degrades that capability industry-wide for a period, but — consistent with the W21 takedown pattern — expect infrastructure churn rather than a durable drop; the demand for residential-proxy egress is undiminished.
UK Visa Portal — ~100,000 passport scans and selfies on a public-read S3 bucket behind a government-lookalike site
TechCrunch found ~100,000 passport scans and applicant selfies exposed on a public-read Amazon S3 bucket used by "UK Visa Portal," a site not affiliated with the UK government that some applicants mistook for the official GOV.UK service; the leak was unfixed at time of reporting (2026-05-29). The defender double-lesson: the technical failure is the oldest cloud-storage misconfiguration in the book (object-level public read on a sensitive bucket), and the social failure is the government-service-lookalike that harvested real identity documents from people who believed they were on an official portal — a brand-protection and citizen-awareness problem for the genuine public-sector body whose service is being impersonated. CH/EU public bodies should monitor for lookalike service domains and re-confirm that no applicant-document storage is world-readable.
AFC Ajax — 300,000+ fan accounts exposed via misconfigured API access control; Dutch suspect arrested
The Dutch National Police arrested a 35-year-old over the breach of AFC Ajax's fan app, in which misconfigured API access control and shared keys exposed 300,000+ accounts and 42,000 season-ticket records (2026-05-28). Two things make this instructive for this audience: the root cause is a textbook broken-object-level-authorization / over-shared-credential failure in a mobile-app back end — the class of defect that automated DAST and an API-inventory review catch cheaply — and the rapid arrest is a reminder that these cases do sometimes attribute to an individual rather than an organised crew. Re-audit API authorization on customer/citizen-facing apps for object-level checks, and retire shared API keys in favour of per-client credentials.
6. Research & threat-actor developments
No qualifying items in window — this section is intentionally left empty.
7. Annual / periodic threat reports
Check Point Q1 2026 State of Ransomware — ecosystem reconsolidates; LockBit returns with a deliberate Europe pivot
Horizon research surfaced a quarterly report the dailies did not cover: Check Point's Q1 2026 State of Ransomware (published 2026-05-11). The synthesis that matters for a CH/EU public-sector SOC is structural, not the leaderboard: after two years of fragmentation driven by law-enforcement pressure on LockBit, ALPHV/BlackCat and others, the ecosystem is reconsolidating — the top ten leak-site operations now account for roughly 71% of listed victims, with Qilin holding the top spot for a third straight quarter and The Gentlemen (§ 7) entering the top three. The single most defender-relevant finding is LockBit's comeback paired with a deliberate geographic shift toward European and Latin American targets — which moves the rebuilt operation directly into this audience's threat model rather than leaving it a US-centric concern. Read alongside the Gentlemen internal-leak intelligence in § 7, the picture is a smaller number of higher-capability operations with European intent; prioritise the edge-appliance and identity hardening those operators are documented to rely on.
ESET APT Activity Report Q4 2025–Q1 2026 — three state programmes converging on EU energy, defence and edge appliances
ESET's APT Activity Report covering Q4 2025–Q1 2026 landed mid-window (first covered 2026-05-30). The daily recapped the headline findings — a rare out-of-Ukraine Sandworm destructive incident (a medium-confidence December 2025 attack on a single Polish energy company), Lazarus targeting the EU drone/defence sector, and UNC5221 pivoting to the Ivanti SPAWN toolset. The synthesis a daily reader could not see from those three bullets is that they are the same story told by three different state programmes: Russia-, North-Korea- and China-nexus operators are independently converging on (a) European energy and defence-industrial-base supply chains as the target set — Sandworm's move against a Polish energy target being notable precisely because the operator rarely acts destructively outside Ukraine — and (b) internet-facing edge appliances (Ivanti) as the entry vector. For a Swiss / European public-sector SOC the implication is a prioritisation argument rather than a new IOC list: edge-appliance patch SLAs and defence-supplier third-party-risk review are where all three programmes are applying pressure simultaneously, so they should outrank generic campaign awareness in the next planning cycle. The report reinforces, with cross-actor telemetry, the structural shift the W21 Verizon DBIR and Rapid7 reports flagged — exploitation of exposed software as the dominant access vector.
8. Long-running campaigns — status update
The Gentlemen / Storm-2697 — internal "Rocket" backend leaked by a rival; KELA and Check Point dissect the operator inner circle
The most consequential campaign development of the window is one no daily captured: on 2026-05-04 a rival actor leaked The Gentlemen's internal Rocket database backend on underground forums, and KELA (2026-05-20) and Check Point ("Thus Spoke The Gentlemen", 2026-05-13) published deep analyses of the resulting six-month (Nov 2025 – Apr 2026) chat archive (key: item:the-gentlemen-raas-czech-university-and-swiss-engineering-fi). The leak exposes the inner circle (admin/infrastructure alias zeta88, also operating as hastalamuerte, alongside Wick, mAst3r, Kunder and others) and — far more useful to defenders — the operation's initial-access playbook: Fortinet and Cisco edge appliances, NTLM relay, harvested OWA / M365 credential logs, and GPO-based deployment of the encryptor. A linked affiliate runs a SystemBC SOCKS5 botnet of 1,570+ victims. This is an intelligence gift: every named access path maps to an existing hunt — prioritise edge-appliance patch state, NTLM-relay hardening (SMB/LDAP signing, channel binding) and anomalous-GPO-creation monitoring. Per Check Point's Q1 data the group sits at #3 globally (§ 6) — though its victims concentrate in Thailand, Brazil and India (US ~13%), so the European and Swiss listings carried over from W21 run against its centre of gravity, which is precisely what makes a CH/EU hit worth surfacing rather than treating as background.
GREYVIBE — independent corroboration; OPSEC slips enabled attribution; charity-front sub-campaign
The Russia-nexus GREYVIBE cluster (2026-05-30 daily) gained independent in-window corroboration from SecurityWeek and Security Affairs of the original WithSecure Labs disclosure. The added detail: despite heavy AI integration in lure generation, the operators left Russian-language code comments and Moscow-timezone activity patterns that enabled attribution, and the PrincessClub sub-campaign masqueraded as Ukrainian-Armed-Forces charitable foundations (FPV-drone / UAV support) to harvest credentials. No expansion beyond Ukrainian targets was found. For CH/EU bodies with Ukraine-linked engagements, the relevant control is spear-phishing scrutiny on charity/fundraising lures referencing military support.
UNC6671 / BlackFile — GTIG publishes the full profile; group announced shutdown "under this name", rebrand probable
Resolving a W21 carry-forward watch item: GTIG published a definitive UNC6671 / BlackFile profile in mid-May 2026, characterising the operation as an adversary-in-the-middle vishing specialist targeting Microsoft 365 and Okta SSO environments in retail and hospitality (vishing impersonating IT support → MFA-bypass / credential grant → AiTM session-token harvest → exfiltration → extortion over the Session messenger). The leak-site went offline in late April, briefly resumed on 2026-05-11 to announce "BlackFile is shutting down… under this name," and went dark again — GTIG's phrasing and the qualifier point to a probable rebrand rather than a genuine exit. Defenders should keep the AiTM-vishing → rogue-MFA → SSO-token-theft TTP set on watch under any new brand; the tradecraft, not the name, is the durable indicator.
ShinyHunters Salesforce campaign — 40+ listed victims; Canada Life and Pitney Bowes confirm; the BreachForums extortion channel was previously seized
Complementing the § 2 victim arc, horizon research confirms the campaign now lists 40+ confirmed or claimed victims (key: item:shinyhunters-salesforce-campaign-charter-and-7-eleven-both-c), with Canada Life (insurance carrier, UK/Ireland) and Pitney Bowes confirming breaches in the window, and Canvas/Instructure reported to have paid ransom on 2026-05-12. The relevant law-enforcement context: the FBI and France's BL2C previously seized the ShinyHunters-operated BreachForums portal that served as the campaign's extortion channel (2025-10-10), which briefly interrupted operations before the group rebuilt — a reminder that channel seizures slow but do not stop a credential-extortion operation with this many active victims. No leadership arrests. The unchanged defender action is connected-app OAuth-scope and refresh-token review.
Mini Shai-Hulud / TeamPCP — @antv npm wave and confirmed Maven Central poisoning; Cargo still un-hit
Beyond the in-window TrapDoor and framework-open-sourcing covered in § 2, horizon research surfaced a development the dailies missed. Wiz documented a fresh wave (2026-05-19) in which TeamPCP hijacked a legitimate maintainer account to poison the @antv data-visualisation ecosystem on npm (@antv/g2, g6, x6, l7 and others, collectively millions of weekly downloads), running the standard Mini Shai-Hulud credential-harvest against GitHub/npm tokens and cloud keys across 80+ file paths. OX Security and Security Affairs documented copycat clones spreading after the source-code leak. On the W21 watch list of un-hit registries: npm remains the only ecosystem with a primary-confirmed poisoning this wave — horizon research flagged unverified secondary reporting of Maven Central exposure via the mvnpm npm-to-Maven bridge, but this run could not corroborate it against a primary source, so it is not asserted here, and Cargo / crates.io status is likewise unverified. No GovCERT.ch / NCSC.ch developer advisory was found. Keep the provenance-anomaly hunt centred on npm and treat the mvnpm bridge as a plausible next vector to watch.
Chaotic Eclipse / Nightmare Eclipse — MiniPlasma confirmed SYSTEM on a fully-patched Windows 11; sixth zero-day in six weeks
The Windows zero-day cluster carried a material technical update beyond the 2026-05-30 daily. MiniPlasma — the sixth zero-day the "Chaotic Eclipse" researcher has dropped in six weeks — is a local privilege escalation in the Windows Cloud Filter driver (cldflt.sys) that reuses CVE-2020-17103, the researcher claiming the 2020 patch was incomplete or partially reverted. ThreatLocker independently confirmed MiniPlasma achieves SYSTEM on a fully-patched Windows 11 running the May 2026 cumulative update — i.e. there is no configuration that closes it today. Three earlier drops in the series (BlueHammer, RedSun, UnDefend) have been observed in real attacks. Microsoft's DCU has called the uncoordinated releases "never justifiable" but has shipped no out-of-band fix; June 10 Patch Tuesday is the first fix opportunity (. Until then, treat any cldflt.sys-adjacent LPE as live.
9. Policy & regulatory horizon
ENISA NIS360 2026 — public administration, health and water sit in the NIS2 "risk zone"
ENISA published its third annual NIS360 sectoral-maturity assessment on 2026-05-28, scoring all 18 NIS2 Annex I high-criticality sectors on legislation effectiveness, organisational preparedness, authority capacity and ecosystem maturity. The risk-zone sectors — criticality exceeding maturity — are health, railway (newly entered), maritime, ICT management services, space, public administrations, drinking water (newly entered) and wastewater (newly entered); gas exited after targeted investment. Trust services, aviation and financial-market infrastructures sit in the higher-maturity band, while banking, electricity and telecom are scored among the most critical sectors. The defender-relevant read for this audience: the sectors a Swiss/EU public-sector SOC most often is or serves — public administration, health, water — are precisely the ones ENISA flags as under-resourced relative to their societal importance, which signals where NIS2 supervisory and investment pressure will concentrate next. Use the report as leverage for sector-specific funding and as a benchmark for the maturity axes your own programme is weakest on.
EU 20th-package managed-security-services ban in force from 25 May — Switzerland adopted listings only; MSS prohibition deferred
Resolving the open W21 compliance question. The EU's 20th Russia sanctions package introduced — effective 25 May 2026 — a prohibition on providing managed security services (cybersecurity risk management, incident handling, penetration testing, security audits and related consulting) to the Russian government and Russian-established entities, extending to Russian subsidiaries of EU-incorporated companies absent a national-competent-authority licence. No European Commission interpretive guidance on the MSS scope had been published by end-May, so a conservative reading still applies. The Swiss answer is now confirmed: Switzerland's 22 May adoption covered the listings only — the substantive measures, including the MSS prohibition, were deferred (reporting points to a summer timeline). The practical consequence is a temporary CH/EU asymmetry: an EU-incorporated MSSP is already barred from servicing a Russian-established client, while the equivalent Swiss obligation is not yet in domestic force. Cross-border CH firms with EU entities should govern to the stricter EU line now rather than the Swiss timeline, and re-confirm no EDR/SIEM/connector service is operated under contract with a Russian-established entity.
Data-protection enforcement converges on a health-data controls floor — CNIL fines IQVIA €5M; California AG sues over 23andMe
Two enforcement actions in the window set the same baseline expectation for sensitive-data controllers. CNIL issued Délibération SAN-2026-008 (26 May), fining IQVIA Operations France €5M for security failures across its two authorised health-data warehouses — no MFA on privileged access to the EMR warehouse, and no log monitoring to detect abnormal activity in either warehouse, both cited explicitly as GDPR Art. 32 failures — with a six-month injunction under a €10,000/day coercive penalty. In parallel, the California AG sued the former 23andMe (28 May) over the 2023 genetic-data breach affecting ~6.9M people, alleging a bulk-enumeration coding error plus absent credential-stuffing defences and absent MFA. The convergence is the message: regulators on both sides of the Atlantic are now treating MFA on privileged access and active log monitoring as a non-negotiable floor for health and genomic data, and pricing their absence directly. CH/EU health-data controllers should read both as a concrete control checklist, not distant precedent.
EU Cyber Resilience Act — 11 June notifying-authority deadline, then September reporting obligations
The Cyber Resilience Act reaches its first hard operational milestones. By 11 June 2026 (Chapter IV entry into application) member states must designate the national notifying authorities that assess and register conformity-assessment bodies for products with digital elements in the "important" and "critical" classes; until enough CABs are notified into NANDO (expected through December 2026), third-party conformity assessment cannot proceed at scale. From 11 September 2026 the Article 14 reporting obligations begin — manufacturers must report actively-exploited vulnerabilities and severe incidents via the ENISA Single Reporting Platform. For public-sector procurement teams this is a near-term planning input: factor CRA conformity status into product-selection criteria now, because the certification pipeline it depends on is only just being stood up.
Germany's Cybersicherheitsstärkungsgesetz — federal cabinet approves active-cyber-defence powers; Bundestag passage still ahead
The German federal cabinet approved the Cybersicherheitsstärkungsgesetz (Cyber Security Strengthening Act) on 2026-05-27 — the daily caught the Heise news hit; the primary government sources confirm the substance and, importantly, that it is a draft bill still requiring Bundestag passage and is not yet in force. Per the government's framing, it shifts the state from purely defending the target to acting directly against the attacker — "their servers, their software and their strategy" — with the BSI, BKA and Bundespolizei among the bodies gaining expanded authority to detect and counter large-scale, high-damage attacks (the announcement does not break the new powers down per agency in technical detail). For CH/EU defenders the watch item is the cross-border incident-response implication: once in force, German-authority active operations against infrastructure that may be hosted in or transit other jurisdictions raise coordination and deconfliction questions for any SOC running IR across the DACH region. Track the Bundestag passage; nothing changes operationally until it lands.
10. Looking ahead — what to watch next week
Looking ahead — 2026-W22
Items already in motion at the close of 2026-W22. Not predictions — each links to the in-motion reporting underneath.
- Windows "Chaotic Eclipse" zero-day cluster — June 2026 Patch Tuesday (~2026-06-10) is the expected first fix, with a researcher drop announced for July 14. Microsoft's Digital Crimes Unit has threatened criminal action over the serial zero-day releases, but the cluster's escalation paths remain unpatched with public PoCs — YellowKey (CVE-2026-45585), GreenPlasma, and MiniPlasma (CVE-2020-17103, the
cldflt.sysCloud Filter driver, whose 2020 patch the researcher claims is incomplete) — and the researcher has announced more for July 14. Until a fix ships, BitLocker PIN / Network-Unlock GPOs andctfmon.exe-injection WDAC rules are the available controls. (The Record; Daily 2026-05-30) - Gogs argument-injection RCE remains unpatched with a public Metasploit module and a non-responsive maintainer. Rapid7 published the unfixed authenticated-RCE-via-argument-injection with exploit code; with no vendor fix in sight, the only mitigation is keeping Gogs off the public internet behind authenticated access and watching for the maintainer's response. (Rapid7; Daily 2026-05-29)
- FIFA World Cup phishing ramps toward the June 11 kickoff — "Ghost Stadium" PhaaS. 300+ FIFA domain clones with multi-language fake SSO are already harvesting UK / Germany / Portugal / Spain fan credentials; the FBI IC3 PSA flags continued growth as the tournament approaches. Expect a volume spike in the next fortnight; brief staff and monitor for lookalike-domain credential-harvest landing pages. (FBI IC3 PSA260527; Daily 2026-05-30)
- Delta Electronics DIAView SCADA CVE-2026-9642 has no patch — incomplete fix for prior unauthenticated remote database access. Tenable's disclosure shows the earlier CVE-2025-62582 fix was incomplete; watch for a complete vendor patch and keep DIAView off internet-reachable networks in the interim. (Tenable TRA-2026-44; Daily 2026-05-27)
- Shai-Hulud wave-6 candidate registries — Cargo (Rust) and Maven (Java) remain the un-hit major ecosystems. With the worm framework now open-sourced and a wiper stage added (§ 2), the registry-agnostic OIDC-token-reuse primitive makes Cargo and Maven the next logical targets; pre-stage Sigstore / provenance-anomaly hunts in Rust and Java pipelines. (SANS ISC diary 33016; Daily 2026-05-26)
11. Verification & coverage notes
2026-W22-da77963d — Claude Opus 4.8 · 32 entries published
[SINGLE-SOURCE]items carried into this summary: the Cisco Talos DICOM/Orthanc heap analysis (§ 4, single research-lab source — a technical study, not an incident claim); the Red Canary Entra Agent ID privilege-escalation detection (§ 2, single-vendor); Delta DIAView CVE-2026-9642 (§ 3 table / § 9, Tenable-only, no vendor patch). Each is attributed to its single source in place.- Reduced confidence / single-primary: the EU CRA milestone item (§ 8) rests on the European Commission implementation factpage as a single primary — the dates are authoritative but uncorroborated by a second source this run. The Check Point Q1 2026 ransomware figures (§ 6) are single-vendor leak-site telemetry; group-share and victim-count numbers are treated as directional landscape signal, not precise measurement, and no vanity metrics were carried into the prose.
- Items dropped from this week's roll-up (cleared the daily bar, not the weekly W-PD-1 bar): the Underminr CDN domain-fronting research, Atos BYOVD-driver study, Google Cloud API-key deletion-latency, Tycoon 2FA AiTM detection-engineering, Lazarus RemotePE memory-only RAT, Wiz JINX-0164 crypto-targeting, and the SANS ISC Akira-from-syslog reconstruction were folded by reference or dropped — interesting in isolation but not inaction-=-incident / cross-day-pattern / strategic-horizon. The GitHub Enterprise SSRF (CVE-2026-9312) and the Rancher / Portainer / Veeam / GitLab patch clusters appear in the § 3 table without H3s (patched, no in-window exploitation). They may resurface if exploited.
- Carry-forwards resolved this week: the W21 watch on the UNC6671/BlackFile rebrand (GTIG profile + "shutting down under this name", § 7), on Shai-Hulud wave-6 registries (npm @antv ecosystem confirmed hit; Maven Central exposure via
mvnpmreported in secondary sourcing but not confirmed against a primary this run; Cargo status unverified, § 7), and on the SECO/MSS sanctions question (Switzerland deferred the MSS ban, § 8) are all closed. The GitHub internal-repo post-incident report remains outstanding and carries forward to W23. - Contradictions / open items: none unresolved this run. No European Commission interpretive guidance on the EU MSS-prohibition scope has been published, so a conservative reading stands (§ 8).
- Sub-agents: both horizon sub-agents (W1 long-horizon, W2 policy) ran on Claude Sonnet 4.6 and returned within budget (W1 311s, W2 387s). Both were cut off at the very end of their runs before emitting their closing Markdown return; their findings were recovered intact from the committed
work/2026-W22-da77963d/findings.W1.yaml/findings.W2.yaml, the agents' completion summaries, and theurl-liveness.tsvledger (every cited primary verified 200 OK). No candidate sources surfaced this run. - Verification iterations: 3 — iter-1 (Opus) NEEDS_FIXES (truth=3, editorial=1, advisory=1); iter-2 (Sonnet) NEEDS_FIXES (truth=4, editorial=1, advisory=1); iter-3 (Opus) CLEAN. Model rotation applied across iterations. Residuals: 0. Remediated across the loop: an unverified Maven/Cargo "confirmed" claim (downgraded to unconfirmed), an ENISA maturity-band miscategorisation, the Asocks name-attribution, the Samba config-dependence of both 10.0 paths, a CVE mislabel (CVE-2026-45585 is YellowKey, not MiniPlasma; MiniPlasma is CVE-2020-17103), the German-hackback per-agency overstatement, and an ESET "Sandworm vs NATO energy" overstatement (one rare Polish-energy incident).
- Coverage gaps: databreaches-net (403 — transport, bridge-routed); sophos-xops (503); inside-it-ch (Cloudflare 403); cert-fr-actu (feed stalled); ec-presscorner (SPA, no static content); bmi-bund-de (bridge returned empty); enisa-nis360-pdf (full PDF not fetched — analysis page used instead); GovCERT.ch (no Shai-Hulud developer advisory exists — confirmed absent, not a fetch failure).
Migrated from briefs/weekly/2026-W22.md (v2).