ctipilot.ch
Sat · 04 Jul 2026
All daily briefs ↗
Daily brief · UTC day

Saturday, 4 July 2026

4 verified findings from 4 runs · the settled record for this UTC day, in the classic brief order.

Criticality
Kind
Topic
Region
TL;DR · the day in one read
  1. 01PamStealer** impersonates the Maccy clipboard app and confirms a stolen macOS password through pam_authenticate before sending it. Jamf Threat Labs detailed PamStealer, a two-stage macOS infostealer distributed from a typosquatted site impersonating the Maccy clipboard manager. A JXA AppleScript downloader stages an arm64 Rust Mach-O that masquerades as Finder, validates the victim's typed login password through the macOS PAM API (pam_start/pam_authenticate/pam_end) before harvesting it, and steals Keychain, browser and clipboard data. macOS-managing teams should tighten Gatekeeper, Full Disk Access grants and PAM-abuse detection.
  2. 02Avalon** framework chains a signed-binary MSBuild loader, ETW/AMSI patching and the CrownX ransomware payload in one implant. Blackpoint Cyber's Adversary Pursuit Group detailed Avalon, a previously undocumented Windows malware framework delivered by a legal-themed phishing lure and an ISO-mounted LNK that proxy-executes inline C# through MSBuild.exe, patches ETW/AMSI, and consolidates browser/wallet/credential-manager theft, admin-share lateral movement and the embedded CrownX ransomware component in a single payload. Detection engineers on Windows fleets — including public-sector endpoints — should tighten controls on trusted-developer-utility execution.
  3. 03Google/FBI-led action degrades NetNut (Popa) — ~2 million Badbox 2.0-infected TVs and streaming boxes cut off. Google's Threat Intelligence Group, with the FBI, Lumen and The Shadowserver Foundation, disrupted NetNut (also tracked as Popa), a residential-proxy botnet GTIG estimates spans at least 2 million Android-based smart TVs and streaming boxes infected via Badbox 2.0-carrying trojanized apps. The FBI seized netnut.com; Google disabled C2 accounts and Play-Protect-blocked the apps. This is the law-enforcement/industry disruption of the same botnet Krebs/Qurium tied to Alarum/NetNut in June 2026.
01Active threats, incidents & disclosures1 item
NOTABLECVE-2025-3248exploited

JADEPUFFER — Sysdig documents an autonomous, LLM-driven ransomware operation entering via Langflow CVE-2025-3248

Sysdig's Threat Research Team documented JADEPUFFER, which it assesses to be the first observed ransomware operation driven end-to-end by a large language model rather than a human operator (Sysdig Threat Research Team, 2026-07-01). Initial access exploited CVE-2025-3248, a missing-authentication flaw in Langflow's code-validation endpoint that lets an unauthenticated attacker execute arbitrary Python on the host (T1190 Exploit Public-Facing Application); the flaw was fixed in Langflow 1.3.0 and added to CISA KEV in May 2025, so the exposed instance was an already-known, unpatched target (The Hacker News, 2026-07-02).

Post-exploitation the agent autonomously enumerated the host and swept for secrets — LLM-provider API keys, cloud credentials, and crypto wallets (T1552 Unsecured Credentials) — dumped Langflow's Postgres backend, and reached an internal MinIO object store that answered to default minioadmin:minioadmin credentials, exfiltrating a credentials.json from an internal bucket (Sysdig, 2026-07-01). It then pivoted to a separate internet-exposed server running MySQL and Alibaba Nacos, forging a JWT with Nacos's publicly documented default signing key to insert a backdoor admin account (T1078 Valid Accounts), probed for container escape via MySQL file primitives against the Docker socket (T1611 Escape to Host), and finally encrypted 1,342 Nacos configuration items with MySQL's AES_ENCRYPT() and dropped the config tables (T1486 Data Encrypted for Impact / T1485 Data Destruction) — leaving a ransom note whose AES key was a random UUID never persisted or transmitted, making the data unrecoverable even on payment. Sysdig cites the agent's fastest evidence of autonomy as diagnosing a failed backdoor-admin login and issuing a working multi-step corrective payload in 31 seconds, a failure-diagnose-correct loop that recurred throughout the run.

Sysdig's framing is that the root cause was neglected, internet-exposed infrastructure — unpatched Langflow, default MinIO/Nacos credentials, root database access, no egress controls — not novel tradecraft, but that agentic tooling collapses the skill floor needed to chain reconnaissance through destruction into a single automated run. Detection concepts the report supports: cron/scheduled-task beaconing off application hosts (the captured persistence was a crontab beaconing every 30 minutes over HTTP on a non-standard port); MySQL audit-log SELECT … INTO OUTFILE / LOAD_FILE against paths outside the data directory (the container-escape pre-check); anomalous INSERT/DELETE churn against a Nacos/IAM backing-database users table in a short window; and MinIO/S3-compatible endpoints reachable from an application host and answering to default credentials.

The Sysdig Threat Research Team (TRT) has captured what we assess to be the first documented case of agentic ransomware: a complete extortion operation driven end-to-end by a large language model (LLM).

CVE-2025-3248 is a missing-authentication flaw in its code validation endpoint that allows an unauthenticated attacker to execute arbitrary Python on the host.

Sysdig Threat Research Team 2026-07-01

The flaw was fixed in Langflow 1.3.0 and added to CISA's Known Exploited Vulnerabilities list in May 2025, but plenty of servers were never updated.

The Hacker News 2026-07-02
threat04 Jul 00:26Zmulti-sourceOpen finding ↗
02Research & investigative reporting2 items
NOTABLE

Blackpoint Cyber documents "Avalon": a modular framework bundling credential theft, lateral movement and CrownX ransomware behind an MSBuild loader

Blackpoint Cyber's Adversary Pursuit Group published an analysis of Avalon, a modular Windows malware framework recovered from an endpoint and not previously documented (Blackpoint Cyber, 2026-07-02). Delivery starts with a spoofed legal-document phishing email pointing to a password-protected archive; the mounted image contains a weaponised LNK that presents a document-themed filename behind a Microsoft Edge icon so the victim believes they are opening a secure PDF rather than launching commands (Blackpoint Cyber, 2026-07-02). The shortcut runs cmd.exe, which invokes MSBuild.exe against a malicious project file carrying inline C# — a trusted-developer-utility proxy-execution chain (T1127.001) — and the managed downloader then patches ETW and AMSI functions with return stubs (T1562.001) before pulling an encrypted PE payload over HTTPS with certificate-validation bypass.

The recovered payload is notable for consolidating capability that would previously have been spread across several discrete families: browser, cryptocurrency-wallet, Discord/Teams, RDP-session, SSH-key and Windows Credential Manager theft (T1555, T1552.001), lateral movement over admin shares and scheduled tasks (T1021.002, T1053.005), and the embedded CrownX ransomware component that AES-GCM-encrypts a targeted extension set and disables Volume Shadow Copies, WinRE and System Restore to inhibit recovery (T1490, T1486) (Blackpoint Cyber, 2026-07-02). Secondary reporting describes the framework as bringing these diverse functions under one umbrella (The Hacker News, 2026-07-03). Defence evasion includes syscall-obfuscation techniques (HalosGate/TartarusGate) and named checks against a broad list of EDR products. Blackpoint assesses that the framework "bears the hallmarks of AI assisted development, assembled rapidly from functional components with little regard for tradecraft refinement or operational security" (Blackpoint Cyber, 2026-07-02) — a signal that a single operator can now assemble multi-stage capability quickly, even if the tradecraft is sloppy.

Avalon is operationally significant because it consolidates credential theft, persistence, and ransom functionality under one recovered payload rather than distributing them across discrete malware families.

The framework bears the hallmarks of AI assisted development, assembled rapidly from functional components with little regard for tradecraft refinement or operational security

Blackpoint Cyber
research04 Jul 06:24Zsingle-sourceOpen finding ↗
NOTABLE

Jamf Threat Labs documents "PamStealer": a macOS infostealer that validates the victim's password via the PAM API before exfiltrating it

Jamf Threat Labs published an analysis of PamStealer, a two-stage macOS infostealer served from a typosquatted domain impersonating the legitimate Maccy clipboard-manager app (Jamf Threat Labs, 2026-07-02). The first stage is a compiled AppleScript delivered on a disk image that, rather than shelling out to curl/zsh, runs a self-contained JavaScript for Automation (JXA) downloader against native NSURLSession APIs (T1059.007) and fingerprints the host — CPU architecture, locale, keyboard layout, timezone — excluding Russian/Belarusian/Kazakh locales before proceeding (T1497.001) (Jamf Threat Labs, 2026-07-02). The second stage is an arm64 Rust Mach-O masquerading as Finder (T1036.005).

The behaviour that names the family is its credential handling: PamStealer validates the victim's typed login password through the macOS Pluggable Authentication Modules API — pam_start, pam_authenticate, pam_end — and re-prompts if validation fails, so only a confirmed-correct password is ever exfiltrated. Jamf notes the operational payoff: "the result is a quieter routine that keeps only a verified password, and one fewer process chain for defenders to detect on" (Jamf Threat Labs, 2026-07-02). It runtime-loads Security.framework to pull browser-stored credentials and Keychain data (T1555.001, T1555.003), reads the clipboard via pbpaste (T1115), and persists through both the modern ServiceManagement API and legacy shared-file-list APIs (T1547); exfiltration uses an encrypted HTTPS channel and the user is social-engineered into granting Full Disk Access (Jamf Threat Labs, 2026-07-02), a chain corroborated in secondary reporting (The Hacker News, 2026-07-03).

Rather than relying on shell commands such as curl or zsh, the AppleScript executes a self-contained JavaScript for Automation (JXA) downloader that retrieves and stages the payload using native Objective-C APIs.

The result is a quieter routine that keeps only a verified password, and one fewer process chain for defenders to detect on.

Jamf Threat Labs 2026-07-02
research04 Jul 06:24Zsingle-sourceOpen finding ↗
03Updates to prior coverage1 item
NOTABLEupdate

Google, FBI, Lumen and Shadowserver disrupt the NetNut (Popa) residential-proxy botnet

UPDATE · originally covered Krebs and Qurium tie the "Popa" Android-TV residential-proxy botnet to a NASDAQ-listed proxy vendor (2026-06-21)

Google's Threat Intelligence Group, coordinating with the FBI, Lumen Technologies and The Shadowserver Foundation, has disrupted the residential-proxy botnet previously tracked here as Popa — Google refers to it as NetNut — which GTIG estimates controls at least 2 million infected devices worldwide, predominantly Android-based smart TVs and streaming/set-top boxes compromised via trojanized apps carrying the Badbox 2.0 malware family (Google Threat Intelligence Group, 2026-07-02). Google disabled the Google accounts and infrastructure used for NetNut command-and-control, shared technical intelligence with ecosystem partners, and used Google Play Protect to block apps bundling NetNut SDKs, while the FBI separately seized the netnut.com domain (BleepingComputer, 2026-07-03).

The delta since June is the scale of shared abuse the disruption exposes: GTIG reports that in a single week in June 2026 it observed 316 distinct threat clusters — spanning both cybercriminal and espionage actors — routing traffic through suspected NetNut exit nodes to hide malicious activity behind residential IP space (T1090.003 Multi-hop Proxy), confirming this proxy layer as shared criminal/state infrastructure rather than a single-group tool. Google cautions that the action reduced the operator's available device pool "by millions" but that individual proxy operators can appear resilient and rival operators may absorb displaced capacity.

Google Threat Intelligence Group (GTIG) estimates the size of the NetNut network to be at least 2 million devices, distributed across the world.

In a single week during June 2026, GTIG observed 316 distinct threat clusters using suspected NetNut exit nodes, including cybercriminal and espionage groups.

Google Threat Intelligence Group 2026-07-02
incident04 Jul 00:26Zmulti-sourceOpen finding ↗
04Action items12 items
Verification & coverage notes4 runs

2026-07-04T1809Z-intel · Anthropic Claude (specific model not determined) · window 8 h · 0 entries published

Verification & coverage notes

Quiet 6-hour intraday window (gap from the 2026-07-04T1209Z-intel run). Four research sub-agents (S1–S4, all Sonnet 5) plus one scoped Phase-2 follow-up ran; zero entries published — expected and healthy for an intraday window (PD-7 Intraday class: 0–4 entries, zero is healthy). S2/S3/S4 returned no in-window candidates: every essential home-region / research / incident source was fetched fresh, but the newest content on each predated the 8 h window (typically 2026-07-01…03), and every surfaced lead traced to ground already covered by earlier runs (JadePuffer/Langflow, NetNut PoPa botnet, Avalon/CrownX, PamStealer, Medtronic/ShinyHunters, AdaptHealth, Navient, MedusaLocker/Canton Zürich, SharePoint CVE-2026-45659) or failed PD-6 fake-news scrutiny (unconfirmed leak-site claims against Deutsche Bank / Ferrum AG — no victim confirmation or HIGH-reliability journalism).

  • borderline-drop: "Bad Epoll" (CVE-2026-46242, Linux kernel eventpoll use-after-free LPE, CWE-416, CVSS 7.8) — S1's only candidate. Dropped. Fails the vulnerability inclusion gate: local LPE (not pre-auth RCE), no in-the-wild exploitation, not on CISA KEV (confirmed via fetch_source.py cisa-kev), CVSS 7.8 (<9.0), and the upstream fix (commit a6dc643c6931) landed in mainline 2026-04-24 — ~10 weeks out of window. The only in-window event is researcher Jaeyoung Chung's public root-cause write-up + working kernelCTF PoC (~2026-07-01…03), amplified by tech press (The Hacker News, PBX Science, Latest Hacking News); the write-up itself is a GitHub PoC repo, not directly citable as analysis. Org-relevance for a Swiss federal SOC in the next 1–7 days is low — the patch has been available since April, so the action reduces to "confirm the April/May kernel updates are applied," and no public detection signature exists. Newsworthy but below the org-actionability bar (PD-11: relevance over newsworthiness). A scoped follow-up sub-agent recovered proper distro-tracker primaries (Ubuntu/Debian security trackers name the CVE) had inclusion been warranted.
  • Infra finding: git.kernel.org commit pages now sit behind an Anubis anti-bot proof-of-work challenge that neither WebFetch nor tools/fetch_source.py url can solve — logged as a fetch_failure and recorded in .claude/memory/source-fetch-blocks.md. Substitute primary for kernel CVEs going forward: distro security trackers (ubuntu.com/security/CVE-…, security-tracker.debian.org), which are citable role: primary and not blocked-URL patterns.
  • Candidate source considered, not added: pbxscience.com (produced the only dated timeline separating the April patch from the July PoC release). Declined — general tech blog, moderate reliability, no track record; kept out to preserve source-list quality. Noted for future consideration.
  • Coverage gaps: cisa-advisories (403 on bridge — persistent, known); cisa-directives (403 on bridge — persistent, known); cisa-news (403 on bridge); industrialcyber-co (403 direct — recipe may need a bridge fallback); tenable-research (guessed rss path 404 — record lacks a specific rss_url); mozilla-mfsa, projectzero (quiet, no in-window content); sans-newsbites, prodaft (JS-rendered SPA, no server content — recipe gaps); ncsc-ch aktuelle-vorfaelle + OFAC recent-actions (JS-rendered — recipe gaps).
  • Essential-coverage: missed=cisa-advisories (403 transport, content covered_anyway via WebSearch fallback — nothing new in-window), cisa-directives (403 transport, covered_anyway via WebSearch fallback). Both are ongoing transport 403s already logged in sources/sources.json; a 403 does not demote.
  • Source-health probe (tools/source_health.py, 153 sources): 96 ok, 52 bridge-ok, 2 client-error, 3 bridge-fail. UNSOLVED flags — cisa-advisories/directives/news needs-demote: declined, these are HIGH-value essentials returning 403 (transport block, not death) and the hard rule forbids demoting on a 403. github-advisory needs-bridge (browser UA 403): deferred — a dedicated bridge recipe needs authoring + testing, out of scope for this quiet maintenance run; logged here for a follow-up. state/source_health.json updated; sources/sources.json unchanged (no safe autonomous action this run).
  • Wall-clock note: the session was suspended between Phase 2 and Phase 5, so duration_seconds (≈17.8 h) reflects the suspend gap, not compute. Active processing was ≈15 min — all research sub-agents ran 2026-07-04T18:11…18:22Z; the run's window, dedup, and content are correctly anchored to the 2026-07-04T18:09Z fire.

2026-07-04T1209Z-intel · Anthropic Claude (specific model not determined) · window 8 h · 0 entries published

Verification & coverage notes

Zero-entry intel run. This was a genuinely quiet 8-hour intraday window (gap 6 h since the 2026-07-04T06:09Z fire, which caught the morning's signal; the run date is the US Independence Day holiday, when advisory / breach / research publishing is materially slower). All four research sub-agents (S1–S4) swept their full essential + rotation source slices and returned 0 in-window items; nothing cleared the recency gate (window_hours=8, opening ~2026-07-04T04:00Z). Zero entries is a healthy intraday outcome (PD-7: ≤12 h windows expect 0–4 entries, most quiet), not a coverage failure — the mandatory run record is this fire's artifact.

  • No candidates to triage, dedup, or compose; no deep-dive candidate cleared the bar (Phase 3 skipped — no candidates and window24h.deep_dives_today=0 regardless).
  • Assessed-and-already-covered (no fresh delta): Argo CD repo-server unauthenticated RCE (S1 + S2 both checked for a fresh delta — Synacktiv's withheld "argo-cdown" exploit tool not yet released, no delta); SharePoint CVE-2026-45659 (prior_coverage 2026-05-27→07-02); SimpleHelp CVE-2026-48558; PTC Windchill CVE-2026-12569; Cisco Unified CM CVE-2026-20230; Kemp LoadMaster CVE-2026-8037; Citrix NetScaler CVE-2026-8451 (CTX696604). All in prior_coverage.json, none re-surfaced.
  • out-of-window leads chased and dropped: German hospital billing breach via Unimed (May 2026); EU Commission ShinyHunters/AWS breach (March 2026); Kubota North America breach (out-of-window, US-only); BeepRAT/Rubrik, Mistic/KongTuke, Millennium RAT/Group-IB, Sysdig LLMjacking-evolved, Unit42 SE-Asia espionage clusters, Talos ARToken/"Catan-and-Mouse" — all verified to publish dates 2026-06-17 → 2026-07-02, outside the 8 h gate; several already stale relative to today's 06:09Z S3 coverage.
  • Coverage gaps: cisa-advisories, cisa-directives, cisa-news (403 on the listing-page bridge recipe — KEV API endpoint succeeded and substituted for exploitation ground-truth; recipe for the HTML listing pages may need a new sub-path — see fetch_failures); safeonweb-be (403, no bridge recipe); industrialcyber-co (403, no recipe); inside-it-ch (feed 403); ncsc-uk (JS-hydrated shell, no server-rendered dated content, no structured endpoint); cert-fr actualité feed (mis-ordered/stale, returned Oct–Dec 2025 as "most recent" — avis-recent on the same host was correct); govcert-at (gcb-feed.xml empty); trendmicro-research + mozilla-mfsa (no usable feed URL recorded — recipe needs a real feed endpoint); prodaft + sans-newsbites (client-rendered SPAs, no server-rendered listing).
  • Watchlist: not reported — the org profile (config/org-profile.yaml) configures no product or supplier watchlists; S1/S4 sweep duties were no-ops.
  • Essential-coverage: cisa-advisories, cisa-directives missed (403 transport-block; KEV API substituted for exploitation signal). All other essential sources (advisories-ncsc-nl, anssi-fr, bsi-de, cert-at, cert-eu, cert-pl, cisa-kev, enisa, ncsc-ch-focus, ncsc-ch-incidents, ncsc-ch-security-hub, ncsc-uk) were attempted and resolved (ncsc-uk resolved but is a JS shell with no dated body).

2026-07-04T0609Z-intel · Anthropic Claude (specific model not determined) · window 8 h · 2 entries published

Verification & coverage notes

Intraday fire, gap 6 h from the previous run (2026-07-04T0009Z-intel), strict recency window 8 h (developing-story window 72 h). Three of four research sub-agents (S1 active-threats/vulns, S2 home-region/sector, S4 incidents/disclosures) returned zero in-window items — a genuinely quiet intraday window, which is the expected shape for a ≤12 h gap. Every essential home-region/EU/vuln source was attempted; near every source's freshest item predated the 8 h window (mostly by 1–3 days) or duplicated stories already in the last-7-days prior coverage.

  • Borderline include (recency): both published entries. S3 surfaced two previously-uncovered research pieces whose primary sources are dated 2026-07-02 and corroborating The Hacker News write-ups 2026-07-03 — outside the strict 8 h window but inside the 72 h developing-story allowance, and verified net-new against the last-7-days prior-coverage index (no match). They fill a genuine S3 coverage gap left by successive tight intraday windows rather than re-surfacing stale beaten news. Both cited primaries were main-agent spot-checked this run (Blackpoint Cyber and Jamf Threat Labs, HTTP 200) and every evidence quote confirmed verbatim. event_date: 2026-07-02 records the true disclosure date so the reader is not misled about freshness. Priority notable for both — solid detection-relevant research, not TL;DR-worthy, not immediate-action.
  • Single-source: 2026-07-04/avalon-framework-msbuild-etw-loader-crownx-ransomware — verification single-source. Sole first-hand observer is Blackpoint Cyber (Adversary Pursuit Group); the paired The Hacker News piece (2026-07-03) is a rewrite of that primary (outbound-links to and names Blackpoint's researchers) and adds no independent observation. Blackpoint is not on the national-CERT carve-out list, so plain single-source with a sourcing_note. (Verifier F12, iteration 1 — remediated.)
  • Single-source: 2026-07-04/pamstealer-macos-infostealer-pam-api-password-validation — verification single-source. Sole first-hand observer is Jamf Threat Labs; the paired The Hacker News piece (2026-07-03) is a rewrite of that primary. single-source with a sourcing_note. (Verifier F12, iteration 1 — remediated.)
  • Verifier F3 (iteration 1, remediated): the Avalon entry's detailed capability sentence (AES-GCM, credential-manager/SSH/RDP theft, admin-share lateral movement, scheduled tasks, WinRE/System Restore) was originally cited to The Hacker News, which does not state those specifics; re-attributed to the Blackpoint Cyber primary (confirmed against the main-agent spot-fetch of the Blackpoint post this run), with the secondary-reporting framing kept on the THN citation.
  • Verifier F4 (iteration 2, Sonnet rotation, remediated): the Avalon evidence[0] quote was not a verbatim substring of the Blackpoint primary (missing leading clause + tense shift); iteration 1 (Opus) had reported it verbatim, so the Sonnet rotation caught what the Opus pass missed — the model-rotation design working as intended. Fixed by re-fetching the primary and restoring the exact sentence; a fabricated trailing period on evidence[1] was also trimmed.
  • borderline-drop: Ferrum AG (Switzerland) Anubis ransomware leak-site claim — single-source leak-site claim only (ransomware.live / aggregator mirrors), no victim statement or HIGH-reliability journalism on cross-check; fails PD-6 fake-news guard AND primary source ~29 h outside the window. Left as a watch item for a future run if the victim confirms or the press corroborates.
  • Coverage gaps: cisa-advisories, cisa-directives, cisa-news (bridge HTTP 403, 3rd consecutive run — KEV API used as exploitation-signal fallback); cert-eu (advisories RSS lags ~3–4 weeks — recipe re-audit recommended); anssi-fr (actu/alerte bridge feed stale through 2025-11-24 — recipe re-audit recommended); ncsc-uk (reports-advisories JS-rendered; bridge returns nav chrome only, HTML fallback newest item 2026-04-07 — stale); prodaft (bridge returns Next.js SPA shell only); sans-newsbites (JS-driven archive returned no issue links); claroty-team82 (listing carries no per-post dates via bridge or WebFetch).
  • Watchlist: none configured — sweep is a no-op (S1 products checked=0/hits=0; S4 suppliers checked=0/hits=0).
  • Essential-coverage: cisa-advisories, cisa-directives, cisa-news not fetched (HTTP 403 bridge, transport-blocked; KEV covered the exploitation-confirmation function).
  • Source-health probe (tools/source_health.py, 96 ok / 52 bridge-ok / 2 client-error / 3 bridge-fail): CISA advisories/directives/news flagged needs-demote by the probe, but NOT demoted — HTTP 403 is transport blocking, which the source-lifecycle rules explicitly exclude from content-axis demotion (only consecutive_fetch_failures bumped). github-advisory flagged needs-bridge (browser UA HTTP 403) — deferred: no verified bridge recipe was constructible this run without over-fetching; logged for a future run's recipe work rather than committing an unverified recipe.

2026-07-04T0009Z-intel · Claude Opus 4.8 (1M context) · window 8 h · 2 entries published

Verification & coverage notes

Quiet overnight/weekend window (gap 6 h from previous run 2026-07-03T1809Z-intel; window_hours=8, developing_window_hours=72). S1 and S2 returned zero in-window items — every candidate across the national-CERT, vendor-PSIRT, KEV, EUVD and regional-press surface was either already in prior_coverage.json or stale relative to the window cutoff (≈2026-07-03T16:09Z). Two entries published (1 new threat, 1 update).

  • Published: JADEPUFFER (new threat, notable) — Sysdig's autonomous LLM-driven ransomware operation via Langflow CVE-2025-3248. Primary (Sysdig 2026-07-01) and Hacker News corroboration (2026-07-02) predate the strict 8 h window; included because the freshest available source — the DataBreaches.net/Independent syndication (2026-07-03, spot-fetched in-window) — keeps the story live, and the technical substance (full agentic kill chain, CISA-KEV-listed initial-access CVE, AI-abuse relevance) is high, non-recycled, and not previously covered. event_date: 2026-07-01 records the underlying research date so freshness is not misrepresented.
  • Published: NetNut (Popa) takedown (incident, notable, update_of: 2026-06-21/krebs-and-qurium-tie-the-popa-android-tv-residential-proxy-b) — Google/FBI/Lumen/Shadowserver disruption of the campaign tracked as campaign:popa-vo1d-residential-proxy-botnet. Material new development (confirmed law-enforcement/industry action, netnut.com domain seizure) with an in-window delta (BleepingComputer 2026-07-03 ≈17:50 UTC, spot-verified). Delta-only per PD-8; original entry unedited.
  • borderline-drop: Cisco Talos ARToken/EvilTokens PhaaS panel — duplicate of 2026-07-02/cisco-talos-artoken-exposes-a-full-bec-as-a-service-toolkit (entity tool:talos-artoken-eviltokens-bec-panel); also primary 2026-07-01 out of window. S3's proposed tool:artoken-phishing-panel / tool:eviltokens-phaas entities not registered — the story is already tracked under the existing key.
  • out-of-window: Kaspersky "Armored Likho" APT + BusySnake Stealer — primary 2026-07-03T10:00Z precedes the window open; weak org nexus (Russia/Brazil/Kazakhstan government/power sector). Dropped; not a Switzerland/Europe or primary-sector item.
  • borderline-drop (by S4, pre-triage): Anubis ransomware leak-site claim against Swiss manufacturer Ferrum AG — PD-6: no victim disclosure or HIGH-reliability journalism, only leak-site-aggregator relay. Excluded.
  • Single-source: none — both published entries are multi-source.
  • Contradiction: none.
  • Coverage gaps: cisa-advisories, cisa-directives, cisa-news (403 via bridge — transport blocking, KEV exploitation ground-truth still covered via the cisa-kev API subcommand); trendmicro-research (feed 404); morphisec (RSS XML parse error); prodaft (bridge returns HTTP 200 but a client-rendered Next.js shell — no extractable dates/slugs; recipe gap, not a transport failure). Remaining rotational sources returned content but nothing in-window.
  • Essential-coverage: all 14 active essential sources attempted; cisa-advisories (essential) 403'd via bridge but CISA exploitation ground-truth was covered via the separate cisa-kev API path (no KEV additions since 2026-07-01) — no essential exploitation signal missed.
  • Volume: rolling 24 h now ≈9 operational entries (7 prior + 2 this run), within the soft ceiling of 14; 0 critical, 0 deep dives today. No deep-dive candidate cleared the bar for this quiet window.
  • Recipe follow-up (noted, not all applied this run): trendmicro-research and morphisec RSS recipes need review; cisa page bridge subcommand now 403s on advisories/directives/news; prodaft needs a non-SPA fetch path. ransomware-live recentvictims discovery endpoint already documented in its notes.