01CH/EU government under broad attack this week — Latvia forestry ransomware, Swiss cantonal mailbox compromise, e-gov watering-hole, Ghostwriter phishing. The constituency's core sector was hit from several directions in 2026-W28: a ransomware crew breached Latvia's state forestry operator LVM via a two-year-unpatched service (CERT.LV, an EU/NATO-shared-threat framing); Psychiatrische Dienste Aargau (a Swiss cantonal health authority) had email accounts phished and abused as a spam relay; espionage actors weaponised a citizen-facing e-government complaint portal as a watering hole; Armored Likho hit government and electric-power targets with an AI-generated loader; and UNC1151/Ghostwriter ran real-time 2FA-relay Gmail phishing against officials (CERT Polska). The common thread is not one actor but the breadth of pressure on public-sector identity, exposed services and citizen-facing web. →
02M365 identity attacks converged this week — device-code, AiTM PhaaS, ROPC spray and vishing all bypass MFA/Conditional Access by sidestepping it. Four independent 2026-W28 disclosures describe the same M365 account-takeover pattern from different angles: Huntress' root-cause comparison of the Railway (device-code) and LSHIY (ROPC spray) campaigns, where 55 of 78 LSHIY-compromised accounts had CA policies requiring MFA that failed on scoping gaps; the Forg365 AiTM phishing-as-a-service kit; and the Helix data-extortion cluster pairing manager-impersonation vishing with device-code phishing. None defeats MFA cryptographically — each exploits an auth flow (device-code, ROPC/legacy, token replay) that a typical Conditional Access policy does not gate. Every M365 tenant should block device-code and ROPC where unused and confirm CA covers all cloud apps and client-app types. →
03Exposed enterprise software under active attack this week — ColdFusion (KEV), CitrixBleed 2 → DragonForce, Gitea escalated to actively-exploited. Three separate internet-facing enterprise products crossed into confirmed exploitation in 2026-W28: Adobe ColdFusion CVE-2026-48282 (one of the 1 July CVSS 10.0 RCEs) was exploited within two hours of public detail and added to CISA KEV; Citrix NetScaler's CitrixBleed 2 (CVE-2025-5777) was reconstructed by Huntress into a repeatable initial-access-broker kill chain ending in DragonForce ransomware, where stolen session tokens survive patching; and NCSC-CH escalated the Gitea Docker reverse-proxy auth bypass (CVE-2026-20896) to actively exploited. The operational reality: any exposed unpatched instance of these should be treated as compromised, not merely vulnerable — and for CitrixBleed 2, patching alone is insufficient. →
04Joomla third-party-extension file-upload RCE wave — four unauthenticated flaws this week, several exploited as zero-days, KEV within days. A sustained mySites.guru disclosure wave hit four Joomla third-party extensions across 2026-W28 — SP Page Builder (CVE-2026-48908) and a second page-builder (CVE-2026-56290), Balbooa Forms (CVE-2026-56291), iCagenda (CVE-2026-48939) and RSFiles!/Phoca Download (CVE-2026-57827/57828) — every one an arbitrary-file-upload-to-RCE (CWE-434). Several were exploited in the wild as zero-days before a fix existed and reached CISA KEV within days, with the observed payload planting a hidden Super Administrator account. Any Swiss or European municipal / public-sector Joomla site running these extensions should treat an unpatched instance as a compromise event, not merely a risk, and hunt for web shells and rogue admin accounts. →
01Highest-impact events · what's on fire if no one acted2 items
If you did nothing this week: three classes of internet-facing enterprise software you likely have somewhere in the estate moved from theoretical risk to confirmed exploitation. An unpatched, exposed ColdFusion, Citrix NetScaler Gateway or Gitea instance should be handled as an incident, not a maintenance ticket — and for NetScaler, applying the patch does not evict an attacker who already has your session tokens.
The week's exploitation signal converged on the perimeter. Adobe ColdFusion CVE-2026-48282 — one of the six unauthenticated CVSS 10.0 RCEs Adobe patched on 1 July, and exactly the item last week's outlook flagged as awaiting weaponisation — was confirmed exploited in the wild and added to CISA KEV on 7 July; KEVIntel reported catching exploitation "within under two hours of CVE-2026-48282 public details being released" against its honeypots (BleepingComputer, 2026-07-08). Citrix NetScaler saw the most operationally consequential development: Huntress reconstructed a mechanically identical intrusion chain across at least six unrelated organisations, run by an initial-access broker (Sophos: STAC3725) that steals pre-auth session tokens via CitrixBleed 2 (CVE-2025-5777) — "sift[ing] through the heap fragments for valid session tokens of someone who is currently logged in" (Huntress, 2026-07-10) — then escalating via a registry-symlink privilege-escalation tool to SYSTEM, persisting with ScreenConnect/Zoho Assist, and in the most progressed case deploying DragonForce ransomware. Because the stolen tokens survive patching, remediation requires terminating live sessions as well. Finally, NCSC-CH escalated the Gitea Docker reverse-proxy authentication bypass (CVE-2026-20896) — full unauthenticated admin control "via a single custom HTTP header" — to "Actively Exploited, Proof of Concept Available" (NCSC-CH Cyber Security Hub, 2026-07-10). A fourth strand — Langflow's cross-tenant IDOR (CVE-2026-55255) chained with pre-auth RCE, first exploited 25 June and now KEV-listed (Sysdig, 2026-07-08) — reinforces the same lesson: exploitation, not CVSS, is what set this week's priorities.
Within under two hours of CVE-2026-48282 public details being released, KEVIntel captured in-the-wild exploitation within our global honeypot network.
KEVIntel, via BleepingComputer
By spraying enough of those requests, an adversary can then sift through the heap fragments for valid session tokens of someone who is currently logged in.
If you did nothing this week: any internet-facing Joomla site your constituency runs with SP Page Builder, Balbooa Forms, iCagenda, RSFiles! or Phoca Download installed should now be treated as potentially compromised — several of these flaws were exploited in the wild before a patch shipped, and the observed payload gives the attacker a hidden Joomla super-admin.
Across 2026-W28 the specialist Joomla-security researcher mySites.guru disclosed the same bug class — CWE-434 arbitrary file upload leading to remote code execution — in four separate third-party extensions in quick succession, and CISA moved several onto the Known Exploited Vulnerabilities catalog within days. The mechanism is consistent: an upload handler that fails to enforce a server-side extension allow-list, does not block .php, and does not verify the declared content type, letting an attacker write an executable script into a web-reachable directory. In SP Page Builder the exploited path was index.php?option=com_sppagebuilder&task=asset.uploadCustomIcon, driven by an HTTP POST (The Hacker News, 2026-07-08); the researcher observed that "the payload plants a hidden Super Administrator account, usually with an @secure.local email" (mySites.guru, 2026-07-08). Balbooa Forms (CVE-2026-56291) was likewise found under live exploitation before any fix existed — "it was already being exploited in the wild when we found it, before any patch existed" (mySites.guru, 2026-07-09) — and iCagenda (CVE-2026-48939) reached KEV as an unauthenticated file-upload-to-RCE (mySites.guru, 2026-07-10). The week closed with two more from the same wave: RSFiles! (CVE-2026-57827, unauthenticated, CVSS 4.0 10.0, fixed 1.17.12) and Phoca Download (CVE-2026-57828, member-authenticated allow-list bypass, fixed 6.1.3), with no confirmed exploitation of that pair yet (mySites.guru, 2026-07-11).
Why this is the week's operational reality for the constituency: Joomla is disproportionately common on cantonal, communal and small-agency public-sector sites across Switzerland and the EU, and the ecosystem's risk lives in its third-party extensions, not the core. A wave of unauthenticated, pre-auth-exploited RCEs against exactly that surface, several with a public exploitation record and a self-installing super-admin payload, is a patch-and-hunt priority the normal monthly cadence does not cover.
CVE-2026-48908, on the other hand, is said to have been exploited as a zero-day to upload a PHP file by means of an HTTP POST request to the 'index.php?option=com_sppagebuilder&task=asset.uploadCustomIcon' endpoint.
Already exploited in the wild. The payload plants a hidden Super Administrator account, usually with an @secure.local email.
This was a zero-day: it was already being exploited in the wild when we found it, before any patch existed, and those attacks are still going on now against sites that have not updated.
Four separate 2026-W28 disclosures describe one problem: Microsoft 365 account takeover is increasingly achieved not by defeating multi-factor authentication but by choosing an authentication path that Conditional Access commonly fails to gate. Huntress' comparative root-cause analysis of two campaigns made the mechanism explicit — "device code phishing is effective because it doesn't try to beat MFA. It sidesteps it," and in the ROPC-based LSHIY campaign "of the 78 compromised accounts, 55 had active Conditional Access policies requiring MFA" that still failed, because legacy/ROPC authentication through the /token endpoint never reaches the authorization endpoint where CA is enforced (Huntress, 2026-07-10). The same week, ZeroBEC documented Forg365, a Telegram-distributed adversary-in-the-middle phishing-as-a-service kit purpose-built to relay M365 auth and steal session cookies (ZeroBEC, 2026-07-10), and ReliaQuest profiled the Helix data-extortion cluster pairing manager-impersonation vishing with device-code phishing before SharePoint exfiltration (ReliaQuest, 2026-07-10). Read together with the week's ShinyHunters/Odido vishing attribution, the through-line is a maturing, commoditised identity-attack economy targeting the same tenant surface.
Why this is a cross-day pattern, not four items: device-code phishing, AiTM cookie theft, ROPC spraying and impersonation vishing are distinct techniques, but they exploit the same structural gap — a Conditional Access posture that assumes MFA coverage it does not actually enforce across every flow, client-app type and cloud app. A tenant that hardened against one of these this week is not hardened against the others.
Device code phishing is effective because it doesn't try to beat MFA. It sidesteps it.
Of the 78 compromised accounts, 55 had active Conditional Access policies requiring MFA.
This roll-up consolidates the 2026-W28 vulnerabilities that cross the out-of-band-action bar — actively exploited, at imminent mass exploitation, or otherwise demanding a response the routine monthly cycle does not give. Per-CVE facts, CVSS, and affected/fixed versions live in the linked operational entries; this entry is the status trajectory a reader uses to sequence the week's patching.
Confirmed exploited / on CISA KEV this week.Adobe ColdFusion CVE-2026-48282 (one of the 1 July CVSS 10.0 unauthenticated RCEs) — exploited within two hours of public detail, KEV-listed 7 July (BleepingComputer, 2026-07-08). Citrix NetScaler CitrixBleed 2 CVE-2025-5777 — weaponised into a repeatable initial-access-broker kill chain ending in DragonForce ransomware; patch plus session termination required. Gitea CVE-2026-20896 — NCSC-CH escalated to "Actively Exploited, Proof of Concept Available" (NCSC-CH, 2026-07-10). Langflow CVE-2026-55255 — cross-tenant IDOR chained with pre-auth RCE, first exploited 25 June, now KEV. Joomla extension file-upload wave — CVE-2026-48908 / 56290 / 56291 / 48939 exploited as zero-days (see the dedicated top-story), CVE-2026-57827/57828 patched without confirmed exploitation yet.
Urgency raised by public exploit or full mechanics, no confirmed ITW use.GhostLock CVE-2026-43499 — Linux kernel rtmutex use-after-free with a public ~97%-reliable local-privilege-escalation exploit. Windows HTTP.sys CVE-2026-47291 (pre-auth RCE, CVSS 9.8) — ZDI published full exploitation mechanics for the June Patch Tuesday flaw, collapsing the reverse-engineering barrier. Linux KVM/x86 'Januscape' CVE-2026-53359 — shadow-MMU use-after-free enabling guest-to-host VM escape, relevant to multi-tenant virtualisation. BeyondTrust Remote Support / Privileged Remote Access — the CVE-2026-40138 pre-auth bypass cluster on a remote-access product class that is itself a high-value target.
OT / critical-infrastructure note.Siemens SICAM 8 grid RTUs (A8000/EGS/S8000) — a firmware-signature-validation bypass (CVE-2026-54798-801) on devices deployed in European energy grids; slow patch cycles make network isolation and OT-segment monitoring the near-term control. Progress MOVEit Transfer — pre-auth SFTP DoS (CVE-2026-10699) plus admin scope-bypass fixes, notable given MOVEit's history as a mass-exfiltration target.
Government and public administration — the profiled constituency's core — absorbed an unusually broad spread of activity in 2026-W28, notable less for any single incident than for how many different attack classes landed on the sector in one week.
On the ransomware front, CERT.LV disclosed that a crew breached Latvijas Valsts Meži (LVM), Latvia's state forestry operator, through a service left unpatched for roughly two years, and framed it explicitly as an EU/NATO-shared-threat matter for a state-owned critical operator (CERT.LV, 2026-06). In Switzerland, Psychiatrische Dienste Aargau (PDAG), a cantonal health authority, had staff email accounts compromised via phishing and abused to relay spam — a low-sophistication but high-frequency pattern against public-sector mailboxes (SwissCybersecurity.net, 2026-07-09). On the espionage axis, SentinelLabs documented converging China- and India-nexus operations weaponising a citizen-facing e-government complaint portal as a watering hole with a CMS implant (SentinelLabs, 2026-07-10); Kaspersky profiled Armored Likho hitting government and electric-power targets with an AI-generated loader and the BusySnake stealer (Kaspersky Securelist, 2026-07-11); and CERT Polska tracked UNC1151/Ghostwriter moving to Gmail with real-time 2FA-relay phishing against officials (CERT Polska, 2026-06).
Why this is a sector pattern for the constituency: two of the five strands carry a direct home-region or EU-critical-operator nexus (a Swiss cantonal authority and a Latvian state operator); the e-government watering-hole targeted a Pakistani law-enforcement programme (EU-funded but with no direct European victim nexus) and is carried for its transferable technique, while the remaining two are actors whose targeting profile — government and energy — matches the constituency. The exposed surfaces recur: unpatched internet-facing services, public-sector email identity, and citizen-facing web applications.
Healthcare surfaced three ways this week, and the value of reading them together is that they cover the sector's external, identity and internal threat surfaces in a single window.
Externally, Groupe 3R — the Réseau Radiologique Romand, a Western-Swiss radiology network — confirmed in its own forensic report that the Akira ransomware operation was responsible for the intrusion that had twice disrupted it, and that stolen data had been published on Akira's darknet leak site (SwissCybersecurity.net, 2026-05-07). On the identity surface, Psychiatrische Dienste Aargau (PDAG), a cantonal psychiatric authority, had email accounts phished and abused as a spam relay (SwissCybersecurity.net, 2026-07-09). Internally, NHS England issued new controls after staff were found inappropriately accessing high-profile patients' records, tying repeat "snooping" to dismissal and potential prosecution (NHS England, 2026-07-11).
Why this belongs to the constituency's healthcare lens: two of the three are Swiss (a Romand radiology provider and an Aargau cantonal authority), and the third is a transferable governance lesson for any large healthcare data controller. Healthcare's threat model is not just ransomware on clinical systems — it is equally the mailbox identity that attackers abuse and the legitimate-but-excessive internal access that no perimeter control addresses.
Read as a set, the week's confirmed incidents point away from the classic perimeter-RCE story and toward exposure that lives in someone else's account, platform or supply chain.
The third-party / vendor strand: Accenture confirmed a data-theft incident after the handle "888" advertised roughly 35 GB of internal source code (BleepingComputer, 2026-07-08); Deutsche Bank disclosed a third-party-vendor incident after the "Unsafe" ransomware group posted claims (Computing, 2026-07-09); and KDDI named a zero-day in third-party email-platform software as the root cause of a breach affecting about 12 million people (BleepingComputer, 2026-07-09). The cloud-account strand: Nayax, a Bank-of-Lithuania-licensed EEA payment institution, disclosed a cloud-account incident (claimed by "The Syndicate") in its own SEC Form 6-K (Nayax, 2026-07-09); ShinyHunters' Odido (Netherlands telecom) breach drew a Dutch-national-involvement assessment from police voice analysis (Politie, 2026-07-08); and Nextcloud GmbH's own hosting infrastructure exposed roughly 367,000 internal records through a misconfigured public Elasticsearch (Cybernews, 2026-07-10).
Why the pattern matters for the constituency: several victims are directly relevant classes — an EEA-licensed payment institution, an EU telecom, a European cloud vendor — and the shared root cause is exactly the exposure a Swiss/EU public-sector or CI organisation inherits through its suppliers and cloud tenancy. The transferable lesson is that a mature internal patch posture does not cover a vendor's zero-day, a supplier's compromised account, or a misconfigured datastore in your own cloud footprint.
The week's actor reporting split between a model-changing reframing of a well-known financially-motivated collective and a set of state-nexus tradecraft advances.
Scattered Spider — a model change, not an incident. Group-IB argues the actor "cannot be considered or analyzed as a single organized 'group' with its own hierarchy or organigram [but is] more accurately described as a decentralised cybercrime collective" of independent subclusters, typically 3-5 people, unified by shared tradecraft and community learning rather than command structure, and states "we can consider 0ktapus as a subcluster of Scattered Spider" — explicitly mapping Microsoft's Octo Tempest, Mandiant's UNC3944 and Palo Alto's Muddled Libra as overlapping labels for subclusters of the same movement (Group-IB, 2026-07-07). The documented playbook is squarely relevant to the constituency's help desks: vishing/smishing with Okta/Microsoft/Citrix/Google SSO-lookalike pages staged minutes before a call, SIM-swaps via coercion or carrier-staff social engineering, and help-desk impersonation using OSINT from already-compromised systems, monetised through BlackCat/ALPHV and DragonForce ransomware. The practical consequence Group-IB draws: because resilience comes from decentralisation, individual arrests do not blunt the collective, so defenders should treat each attributed intrusion as one small ad-hoc crew rather than evidence of a persistent central adversary.
State-nexus edge and C2 tradecraft. Talos detailed China-nexus UAT-7810 expanding its operational relay-box (ORB) network with the LONGLEASH/DOGLEASH/JARLEASH suite (Cisco Talos, 2026-07-08); Proofpoint's UNK_MassTraction, a suspected China-aligned actor, exploited Roundcube webmail as an edge device (Proofpoint, 2026-07-09); and Check Point exposed Iran MOIS-linked Cavern Manticore's modular .NET command-and-control framework with layered anti-analysis (Check Point Research, 2026-07-09).
Why grouped here: these are actor-model and capability developments — the lens the weekly owns — rather than new operational incidents. Scattered Spider's decentralisation and the state actors' edge/ORB focus both change how a SOC should scope attribution and where to look (help-desk identity workflows; internet-facing webmail and edge appliances as relay infrastructure).
Scattered Spider cannot be considered or analyzed as a single organized 'group' with its own hierarchy or organigram. Instead, it can be more accurately described as a decentralised cybercrime collective.
we can consider 0ktapus as a subcluster of Scattered Spider
Two of the week's research findings share an underappreciated theme: they forge a trust primitive that downstream systems and humans treat as authoritative, rather than exploiting a memory-corruption bug.
The heavier of the two, for the constituency, is Mandiant/GTIG's ADFS token-signing-key recovery. ADFS stores its certificate private keys under Machine DPAPI, so any SYSTEM-level process on the ADFS host can recover them independently of the live service or LSASS; when AutoCertificateRollover is disabled and an admin rotates a signing certificate manually without a matching WID update, the database retains a "ghost" record while the real signing key stays live in the machine key store. With that key, an attacker forges arbitrary SAML assertions to impersonate any federated user — Global Administrators included — against every SAML-federated app including Microsoft 365 and Entra ID, "bypassing multifactor authentication (MFA), conditional access, and all identity-based controls," and deliberately avoids the LSASS/live-ADFS surfaces defenders usually watch (Mandiant, 2026-07-09). The detectable side-effect is Event ID 385 (certificate-rollover mismatch), and Mandiant's guidance is to treat ADFS as Tier-0, move to HSM-backed keys, validate rotations with Set-AdfsCertificate, and SACL-audit the MachineKeys directory (Event ID 4663). The second finding, Git commit-signature malleability, lets an attacker produce a second commit with a different hash that still renders GitHub's "Verified" badge — collapsing the assumption that a verified-signed commit uniquely identifies its content (The Hacker News, 2026-07-09).
Why this belongs in the week's research lens: both extend a running arc — after last week's Keycloak JWT-forgery and OAuth-abuse research, this week's items give the on-premises-AD equivalent (ADFS) and a code-supply-chain equivalent (signed commits), each with a concrete detection surface the earlier work lacked.
Last week's weekly framed AI as having "crossed from attack target to attack operator." This week's research does not repeat that thesis — it fills it in with concrete, independent data points that sharpen what defenders should change.
The clearest is operational tempo. Sygnia's incident responders documented a single actor going from an internet-facing-app foothold to broad compromise of AWS, CI/CD and source control in roughly 72 hours using no novel malware and no zero-day — every technique long-tracked, but chained and parallelised at a speed Sygnia attributes to AI/agentic assistance (four distinct IAM access keys used from one source in a single observed second) (Sygnia, 2026-07-08). The second is AI as attack surface turned back on defenders: the "Friendly Fire" brief showed prompt injection hijacking defensive AI code-review agents into remote code execution (AI Now Institute, 2026-07-11), and PraisonAI's agentic framework carried unsandboxed-LLM-code-execution and tool-call-RCE CVEs (PraisonAI GHSA, 2026-07-11). The third is AI in tooling and evasion: Kaspersky's Armored Likho APT shipped an AI-generated loader with the BusySnake stealer (Kaspersky Securelist, 2026-07-11), and SANS documented "comment stuffing" — padding HTML phishing attachments to dilute or exhaust AI/NLP email scanners (SANS ISC, 2026-07-10). This week's ESET Threat Report H1 2026, covered separately, independently records the first Android malware using generative AI at runtime.
Why this is a strategic-shift item, not a re-list: each finding is a distinct new-this-week research publication, and together they change a defender obligation rather than restate awareness — when access-to-impact compresses to hours and defensive AI itself becomes an exploitation target, detection can no longer wait for full visibility.
UPDATE · originally covered The Gentlemen(2026-06-29)
Palo Alto Unit 42 published the first full technical profile of The Gentlemen (Microsoft: Storm-2697; also Phantom Mantis), consolidating and extending the picture this pipeline built from ESET's GentleKiller research and the FortiBleed nexus. The delta worth carrying: Unit 42 counts 580 claimed victims across 77 countries through 3 July 2026 (103 in manufacturing) and a "slightly more than 6x" victim increase from H2 2025 to H1 2026, and assesses the ~20 operators "likely morphed from a private entity into a RaaS model on or about September 2025," previously operating as "ArmCorp," an affiliate of Qilin, now offering an "unprecedented 90% payout" versus the typical 70-80% (Unit 42, 2026-07-10). Two operationally relevant additions: the initial-access set now explicitly names Erlang/OTP SSH-server and Windows SMB-client flaws alongside the already-tracked FortiOS/FortiProxy edge path, and Unit 42 cites Expel describing a suspected zero-day the group uses specifically to disable target EDR agents — distinct from the BYOVD-based GentleKiller framework and not previously in this pipeline's coverage. The Go/C dual-language encryptor and Curve25519/XChaCha20 per-file key scheme are unchanged.
The operators (roughly 20 of them) likely morphed from a private entity into a RaaS model on or about September 2025. While traditional RaaS models typically offer affiliates a 70% to 80% cut of paid ransoms, The Gentlemen offer an unprecedented 90% payout.
When comparing the last six months of 2025 to the first six months of 2026, the number of victims claimed by The Gentlemen increased by slightly more than 6x.
The software-supply-chain pressure on the npm ecosystem that this pipeline has tracked as a sustained wave continued this week, with a fresh compromise that sharpens the evasion trend rather than repeating it.
On 2026-07-11 the jscrambler npm package — a code-protection/obfuscation build tool — was compromised via what Socket assesses as a stolen publishing credential or compromised build pipeline: a malicious v8.14.0 pushed directly to npm, bypassing the project's normal release flow, adding an undocumented preinstall hook that unpacks and detached-spawns a platform-specific Rust infostealer on npm install alone. The stealer targets cloud metadata-endpoint credentials, Kubernetes configs, browser secrets, crypto-wallet seeds, AI coding-tool configs and messaging tokens. The notable evolution: over roughly three hours the actor pushed four more malicious releases and, "starting with 8.18.0 the install hook is gone entirely—the identical dropper is instead injected as a self-executing function at the top of dist/index.js" — moving execution out of the very hook that install-script scanners watch (Socket, 2026-07-11). Socket "detected the compromised package 6 minutes after publication"; v8.22.0 is confirmed clean (The Hacker News, 2026-07-11). This is the same install-hook-evasion arc as this week's injectivelabs SDK compromise, though — unlike the Shai-Hulud worm strain — jscrambler has not been shown to self-propagate to other maintainers.
Starting with 8.18.0 the install hook is gone entirely—the identical dropper is instead injected as a self-executing function at the top of dist/index.js.
Socket detected the compromised package 6 minutes after publication.
FINMA published Aufsichtsmitteilung (supervisory communication) 05/2026 on 9 July 2026, presenting the results of a November 2025–January 2026 survey of 60 Swiss financial institutions on cryptographically-relevant quantum computing (CRQC) risk. Its core finding: institutions are aware of the threat but "meist fehlt aber eine klare Roadmap und eine ausreichend vorausschauende Planung für die Migration zu quantensicherer Verschlüsselung" — most lack a clear roadmap and sufficiently forward-looking planning for the migration to quantum-safe encryption (FINMA, 2026-07-09). FINMA explicitly names "harvest now, decrypt later" — capture-and-store-for-future-decryption of today's encrypted traffic and data — as the operative near-term threat model, and sets, under existing operational-risk-and-resilience supervisory expectations rather than a new binding circular, that institutions should produce a PQC migration strategy and roadmap, run an institution-specific risk analysis, "die Erstellung eines kryptographischen Inventars" (build a cryptographic inventory), adopt crypto-agility, and extend the planning to outsourced service providers. No mandatory deadline accompanies the communication (swissinfo.ch, 2026-07-10).
Why this belongs in the strategic view: it is the home financial-sector regulator setting a direction of travel that a Swiss/EU public-sector or CI reader will encounter next as a compliance expectation, and it reframes post-quantum readiness as a near-term data-protection issue, not a distant cryptographic curiosity — because the "harvest now, decrypt later" risk accrues from today's captured traffic regardless of when a CRQC actually arrives.
Die Institute sind sich der Cyberrisiken von kryptografisch relevanten Quantum Computern bewusst. Meist fehlt aber eine klare Roadmap und eine ausreichend vorausschauende Planung für die Migration zu quantensicherer Verschlüsselung.
Dazu gehört eine klare Strategie und Roadmap für die Migration zu quantensicheren Verschlüsselungen, eine institutsspezifische Risikoanalyse, die Erstellung eines kryptographischen Inventars, der Schutz kritischer Daten vor 'harvest now, decrypt later' Angriffen.
the Dutch NIS2 transposition status this pipeline tracked as "slipped past its 1 July target, Senate vote set for 7 July" has resolved. On 7 July 2026 the Eerste Kamer (First Chamber) passed both the Cyberbeveiligingswet (Cbw, the NIS2 transposition) and the companion Wet weerbaarheid kritieke entiteiten (Wwke, the CER-directive transposition) — the Tweede Kamer had passed them on 15 April — and "de wetten treden op 15 augustus 2026 in werking" ("the laws enter into force on 15 August 2026") (Rijksoverheid.nl, 2026-07-07). The parliamentary vote record confirms broad cross-party support (Eerste Kamer, 2026-07-07). The Cbw covers roughly 8,000 organisations across 18 designated essential/important sectors and imposes a cybersecurity duty of care (including supply-chain risk management), mandatory registration in the NCSC entity register, significant-incident reporting to the relevant CSIRT, and board-level accountability with director training (NCSC-NL).
Why this matters to the constituency: beyond direct applicability to any covered Dutch entity, this is a concrete datapoint for the deployment's standing EU NIS2-transposition watch — a member state moving from indefinite slip to a fixed enforcement date. For Swiss-domiciled organisations with Dutch subsidiaries, NL-incorporated critical suppliers, or cross-border NIS2-equivalent reporting relationships, 15 August 2026 is the operative clock, five weeks out from this brief. The next checkpoint is confirmation the NCSC-NL entity register is live and accepting registrations ahead of the date.
Items already in motion for the coming weeks — each with a dated source or an in-week entry, none a prediction:
EU regulatory clocks. The Dutch NIS2 Cyberbeveiligingswet enters into force 15 August 2026 — now a fixed date after the 7 July Senate passage (Rijksoverheid.nl, 2026-07-07). The EU Cyber Resilience Act vulnerability/incident-reporting obligation lands 11 September 2026, roughly 60 days out and previously covered in this store — the reporting-platform readiness is the item to watch next.
FINMA post-quantum guidance may harden. FINMA's Aufsichtsmitteilung 05/2026 is supervisory expectation-setting, not yet a binding circular; the open question is whether it converts into a Rundschreiben revision (FINMA, 2026-07-09).
Joomla file-upload wave — the newest members await exploitation. RSFiles! and Phoca Download are patched but not yet exploited, whereas earlier members of the same CWE-434 wave reached CISA KEV within days (mySites.guru, 2026-07-11) — treat these as likely-imminent-KEV, not resolved.
The Gentlemen EDR-disable zero-day. Unit 42 references an Expel analysis of a suspected zero-day the group uses to disable EDR, distinct from the GentleKiller BYOVD framework; that write-up had not published at the time of Unit 42's report (Unit 42, 2026-07-10).
CitrixBleed 2 broker activity continues. Huntress' STAC3725 reconstruction shows an initial-access broker actively weaponising CVE-2025-5777; organisations that patched but did not terminate live sessions remain exposed to token replay and downstream DragonForce deployment (Huntress, 2026-07-10).
2026-07-12T2309Z-weekly· Claude Opus 4.8 · 15 entries published
Weekly strategic run — 2026-W28 (2026-07-06 – 2026-07-12)
ATT&CK pin freshness
tools/attack_data.py --check: up to date — local v19.1 == upstream latest v19.1. No update required this run. Two operational-entry technique ids composed this week were mapped to their v19 survivors after the pin check (T1562.001 → T1685 "Disable or Modify Tools"; T1656 → T1684.001 "Impersonation").
Week in review (Phase 1)
57 operational entries across the ISO week (07-08: 11, 07-09: 21, 07-10: 16, 07-11: 9; 07-06/07-07/07-12 quiet), 13 high-priority, no critical. Working lists persisted to work/<run-id>/week-review.json. Duplicate-week guard: prior -weekly record (2026-07-05) covered W27; W28 not previously covered — cleared.
vuln-rollup (1): W28 CVE status trajectory (exploited/KEV set + public-exploit set + OT note); cves: [] by design — every CVE fully sourced in its referenced operational entry, so the roll-up avoids the cross-run CVE-dedup FAIL.
sector-patterns (2): government & public administration (CH/EU) targeting cluster (high); healthcare (CH nexus).
long-running (2): The Gentlemen (Storm-2697) status update (update_of W26); npm supply-chain wave status (jscrambler + injectivelabs).
policy (2): Netherlands NIS2 Senate passage → 15 Aug 2026 in force (update_of W27 slip story); FINMA post-quantum crypto guidance AM 05/2026.
looking-ahead (1): 2026-W28 outlook — items already in motion.
Priority calibration: high reserved for the four genuinely week-defining items (Joomla wave, exploited edge/enterprise, M365 identity convergence, CH/EU government targeting); no critical — no single stop-and-act weekly item this week, bar unchanged.
Verification & coverage notes
Weekly dedup (replaces PD-8). Dedup ran against W27 (2026-07-05) and W26 (2026-06-29) strategic entries. Items already consolidated returned only as fresh deltas: Netherlands NIS2 as update_of the W27 slip entry (Senate now passed, hard date fixed); The Gentlemen as update_of the W26 long-running entry (Unit 42 full profile). The AI-as-operator arc (W27 multi-day) returns only as new-this-week specific research (Sygnia, Friendly Fire, Armored Likho, PraisonAI, comment-stuffing), not a re-list. W1 found no qualifying new movement on ShinyHunters/UNC6240, FortiBleed, DragonForce/CitrixBleed (beyond dailies) or Operation Endgame — checked, not padded.
Already-operational, referenced not re-summarised. W1 surfaced the Mandiant ADFS and Sygnia AWS items as fresh, but both were already published operationally on 07-09; they are synthesised into the research entries by reference (with new lens), never re-summarised. The ESET Threat Report H1 2026 (07-09 annual-report) is referenced once, not re-summarised.
Single-source items. The Scattered Spider reclustering rests on a single primary (Group-IB) with no independent second source yet — carried as single-source, attributed to Group-IB as an analytical model, not settled fact. The Gentlemen status delta is single-source (Unit 42); the cited Expel EDR-disable zero-day is a third-party claim relayed by Unit 42, not independently confirmed (flagged in the entry and the outlook).
Coverage gaps.jina universal-reader (tools/fetch_source.py jina) returned HTTP 402 "JINA_API_KEY balance exhausted" on every call across BOTH sub-agents this run — a system-wide outage, not a per-source failure. Every source whose recipe leans on the jina fallback rung (e.g. coe.int, cisa-directives direct-403 hosts) was degraded to direct-fetch/WebSearch only. W2 covered the affected policy questions via WebSearch with no material item lost; Council of Europe Second Additional Protocol status unchanged (2 of 5 ratifications). W1 listed recordedfuture-insikt (JS-shell landing page, needs a bridge/RSS recipe) and sekoia (301 → sekoia.com/blog, url needs updating) as reachable-but-degraded — deferred to a daily run rather than edited this run to avoid sources.json churn during the jina outage. Operator action: the jina API key needs a top-up or rotation (https://jina.ai/api-dashboard/) — until then, every jina-fallback source is degraded across all routines.
Source health.tools/source_health.py probed 157/157 sources (95 ok, 56 bridge-ok, 3 bridge-blocked). Three UNSOLVED needs-demote flags — ccn-cert-es, reliaquest, mysites-guru — are all attributable to the same jina-402 outage above, not to dead recipes: mysites.guru and reliaquest both fetched successfully as primary sources in this week's daily entries (the Joomla wave and Helix entries cite them), so their content is demonstrably reachable and the failure is the jina fallback rung being balance-exhausted this run. Demoting healthy sources on a transient key-balance outage would violate the standing "a transport/anti-bot block never demotes" rule, so no demotion was applied; the operator-side jina key top-up clears all three. sources_changed: [].
check_run.py--pre-verify and the Phase 5.7 verifier loop results are recorded in the verification block above once run.