ctipilot.ch

2026-05-10-001

One pipeline fire, in full · intel run of 2026-05-10 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-10/2026-05-10-001.md.

Run telemetry

2026-05-10-001 intel prompt v2.43
48m 19s duration 13 published 3 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
S1 Claude Sonnet 4.5 (claude-sonnet-4-6)
Items returned
4
Duration
12m 00s
Tool calls
22 WebFetch14 WebSearch3 bridge
Cited sources
8 of 15 in slice
S2 Claude Sonnet 4.5 (claude-sonnet-4-6)
Items returned
7
Duration
11m 00s
Tool calls
22 WebFetch7 WebSearch4 bridge
Cited sources
12 of 15 in slice
S3 Claude Sonnet 4.5 (claude-sonnet-4-6)
Items returned
8
Duration
12m 00s
Tool calls
30 WebFetch9 WebSearch2 bridge
Cited sources
9 of 20 in slice
S4 Claude Sonnet 4.5 (claude-sonnet-4-6)
Items returned
4
Duration
7m 00s
Tool calls
17 WebFetch9 WebSearch5 bridge
Cited sources
10 of 11 in slice

Verification

#1 NEEDS_FIXES · Claude Sonnet 4.5 · t=6 e=4 a=5 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=4 e=3 a=3

Deep dive

2026-05-10/microsoft-semantic-kernel-cve-2026-26030-cve-2026-25592-prom

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
cisa-kev
legacy shape · needs detail
403 legacy-shape
handled via bridge fetch_source.py; no new KEV entries 2026-05-09/10
none
ncsc-ch-security-hub
legacy shape · needs detail
403 legacy-shape
handled via bridge fetch_source.py ncsc-csh; most recent post 12551 (SEPPmail, 2026-05-08), no new posts 2026-05-09/10
none
enisa-euvd
legacy shape · needs detail
200 legacy-shape
SPA — content empty to WebFetch, persistent gap across runs
none
wid.cert-bund.de
legacy shape · needs detail
200 legacy-shape
individual advisory portal returns empty content; RSS works for enumeration only
none
advisories.ncsc.nl
legacy shape · needs detail
200 legacy-shape
CSAF SPA — listing returns no advisory data
none
databreaches-net
legacy shape · needs detail
403 legacy-shape
persistent 403 across direct and bridge UAs
none
ico-uk
legacy shape · needs detail
200 legacy-shape
JS-rendered listing
none

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #2 cap-breach

Cap-breach iteration recorded no per-finding detail. The dashboard cannot show WHAT the verifier flagged. See .claude/agents/cti-verification.md § Findings summary for the contract.

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-10-001 · Claude Opus 4.7 · window 36 h · 13 entries published

Items dropped or held back

  • Cisco Unity Connection CVE-2026-20034 (CVSS 8.8 authenticated RCE) and CVE-2026-20035 (CVSS 7.2 unauthenticated SSRF in default-enabled Web Inbox) — patched by Cisco 2026-05-06 (Cisco PSIRT advisory, 2026-05-06). Did not clear § 2 inclusion gates: not on KEV, not ENISA EUVD critical (CVSS < 9.0), no in-the-wild exploitation reported, the only unauthenticated bug is SSRF (not RCE) and Unity Connection is rarely internet-exposed. NATO NCSC finder credit (Jahmel Harris) is a credibility marker but not a gate-clearing fact. Logged here so § 2 stays operationally selective; defenders running Unity Connection 12.5–15.0 should still patch on next change window.
  • TCLBANKER (Brazilian banking trojan with WhatsApp / Outlook worm modules, Elastic Security Labs, 2026-05-07) — substantive technical research but the targeting list is 59 Brazilian financial / fintech / crypto domains; CH/EU relevance limited to the worm-spread vector via Outlook COM and WhatsApp Web sessions. Dropped under PD-11 (less is more); operators of Outlook + WhatsApp Web in standard configurations have no Swiss/EU-public-sector defender takeaway materially different from generic "audit COM-driven Outlook automation".
  • CallPhantom Android subscription-fraud cluster — 28 apps, 7.3 M downloads (WeLiveSecurity (ESET), 2026-05-07) — dropped under PD-11 as off-audience (consumer-mobile fraud rather than enterprise / public-sector defender content). Single-source ESET disclosure; if a CH/EU regulator opens an enforcement action against the 28-app cluster the next run will pick that delta up.
  • Laclinic-Montreux / Qilin dark-web listing — surfaced by S4 via aggregator DeXpose.io, 2026-05-07. No victim public statement, no independent corroboration, only a single dark-web-aggregator source. Held back under PD-6 (fake-news guard / leak-site claims require victim disclosure or HIGH-reliability journalism); will surface only if Laclinic-Montreux issues a public statement or a HIGH-reliability outlet corroborates.
  • PAN-OS CVE-2026-0300 Unit 42 EarthWorm / ReverseSocks5 post-exploitation detail — Unit 42 update 2026-05-08 added EarthWorm / ReverseSocks5 tooling specificity to the existing CL-STA-1132 cluster framing covered in 2026-05-09 § 4. Marginal delta over yesterday's CL-STA-1132 + Python-tunnelling-implant treatment; not re-surfaced today. Patch ETA remains 2026-05-13 / 2026-05-28.

Single-source / reduced-confidence items

  • JDownloader supply-chain compromise — primary developer-confirmed disclosure via PiunikaWeb, 2026-05-08 corroborated by CyberKendra, 2026-05-07. Both are mid-tier publishers; BleepingComputer's article was visible in its listing but article-page WebFetch returns 403 (transport block, not editorial — see Coverage gaps below). Included with reduced confidence on the capability description of the Python payload (specific descriptions like "modular bot/RAT framework executing server-delivered code on demand" originate from the blocked BleepingComputer article and have not been corroborated by a named research lab in this run); the supply-chain compromise itself, the broken time window, and the forged-publisher signatures are developer- and multi-source-confirmed.
  • Groupe 3R Akira attribution — victim statement and Swiss-press reporting confirm the incident and 2026-04-30 attack date; the Akira-as-actor attribution comes from ransomware.live (aggregator), not from the victim or an independent primary. Logged with confidence HIGH on incident, MEDIUM on actor. The operator's prior April 2025 incident is acknowledged in its own statement as involving different attackers and methodology; no further qualification is asserted here.
  • Microsoft Semantic Kernel SessionsPythonPlugin exploitation surface — Microsoft's research post is the only primary; GitHub Security Advisories corroborate the patches but not the exploitation walk-through. No independent third-party PoC for CVE-2026-25592 located in this run. PoC for CVE-2026-26030 is public (Microsoft references amiteliahu/AIAgentCTF).
  • Canvas/Instructure 275 M records / "thousands of institutions" framing — surfaced by ShinyHunters and reported by Techzine EU and DutchNews.nl; specific institution count headlined as ~8 800 in some prior reporting was not present in fetched primaries this run, so the brief carries the "thousands" qualifier rather than a specific count.

Contradictions / ambiguities

  • Ivanti EPMM exposure count. S1's research surfaced "850+ globally / 508 in Europe" via Shadowserver per BleepingComputer; the 2026-05-09 brief reported "508 EU on-premises instances" via NCSC-NL scanning. The two numbers are not contradictory (508 EU is consistent across sources); the global "850+" figure is new context this run. Brief reports both per-source.
  • Microsoft Semantic Kernel CVE-2026-25592 patched Python version. GitHub advisory GHSA-2ww3-72rp-wpp4 (CVE-2026-25592) records 1.39.3 as the patched Python version; Microsoft's research post and GHSA-xjw9-4gw8-4rqx (CVE-2026-26030) record 1.39.4. The brief reports both per-source and recommends 1.39.4 as the single safe target since it supersedes 1.39.3 and closes both CVEs.
  • Sub-agent self-identification drift. All four sub-agents wrote **Model:** Claude Sonnet 4.5 (claude-sonnet-4-6) — the friendly name "4.5" disagrees with the model id claude-sonnet-4-6. Per prompt PD-3, the AI-content-notice records the friendly name verbatim from the sub-agent return; the discrepancy is a sub-agent self-identification error, not a fabrication, and is preserved verbatim so the Ops dashboard surfaces the drift.

Phase 4.5 verification iteration log

  • Iteration 1 (cti-verification, Claude Sonnet 4.5, claude-sonnet-4-6): NEEDS_FIXES (truth=6, editorial=4, advisory=5). Remediations applied before iteration 2: dropped the wrong Elastic Security Labs URL ("Phantom in the Vault" / PhantomPulse RAT — different campaign) from the § 3 ClickFix item; dropped the CIS advisory 2026-042 URL from the cPanel UPDATE (covers the prior CVE-2026-41940, not the current 29201/29202/29203 cluster); dropped the CISA news-events/alerts/... URL from the LiteLLM § 6 Action Item (matches the tools/check_brief.py blocked-pattern allowlist) and replaced with Bishop Fox + LiteLLM vendor-blog primaries; replaced the cert-error cPanel support.cpanel.net URL with The Hacker News + Panelica + NCSC-CH; dropped the cert-error SecurityAffairs URL from the Braintrust footer; clarified the CVE-2026-25592 Python patch version (1.39.3 per GHSA, 1.39.4 supersedes); softened the "blast-radius" Braintrust vendor list to "adjacent SaaS providers" framing; removed the unsourced "highest geographic concentration of any KEV-tracked enterprise MDM platform this month" claim from the § 0 TL;DR Ivanti bullet; added "post-auth admin RCE" qualifier to the same TL;DR bullet; added Fribourg + Berne to the Groupe 3R cantons list and removed the "confirmed patient data theft" qualifier on the prior April 2025 incident; softened the JDownloader Python-payload capability description; replaced the unsourced "8 809 educational institutions" Canvas figure with the sourced "thousands" framing; added explicit per-publisher attribution for the PCPJack TTP-overlap inference. The Iteration-1 advisory item flagging Vector: zero-click on the cPanel post-auth footer was reviewed against prior briefs (LiteLLM 2026-05-09, Ivanti 2026-05-08, Spring Cloud Config 2026-05-09 all use Vector: zero-click for post-auth API exploits where no victim user-interaction is required); kept consistent with established convention and the taxonomy.
  • Iteration 2 (cti-verification, Claude Sonnet 4.6, claude-sonnet-4-6): NEEDS_FIXES (truth=4, editorial=3, advisory=3). Remediations applied: removed the residual "highest geographic concentration of any KEV-tracked enterprise MDM platform this month" claim from the § 4 Ivanti UPDATE body (it had been removed from § 0 TL;DR in iteration 1 but the same claim remained in the UPDATE body — partial iteration-1 fix completed here); added the previously-omitted CVE-2026-5787 (originally covered 2026-05-08) and CVE-2026-7821 to the Ivanti UPDATE companion-CVE list with explicit BleepingComputer/SecurityWeek attribution; replaced Status: exploited (CVE-2026-6973) with the taxonomy-valid Status: exploited, cisa-kev, patch-available; added "patched versions" context word in the § 6 cPanel Action Item to suppress the IOC-scan false-positive on the 11.136.0.9 / 11.134.0.25 / 11.132.0.31 cPanel build numbers. Iteration-2 advisories (cert errors on Bishop Fox / Blick.ch / Sophos / Malwarebytes / Ivanti / Cyberkendra / Le Monde / The Guardian / Meduza / Techzine / DutchNews / ICTjournal / NCSC-CH and 503 on Sophos) are environmental (transient SSL CA-bundle / clock issues plus anti-bot 403s for hosts the sub-agents successfully fetched at research time) — they appear as source-urls WARNs in tools/check_brief.py but do not block publication. The Iteration-2 advisory flagging the NCSC-CH Security Hub api/posts/.../details URL form was reviewed against the 2026-05-09 brief precedent and kept (the SPA hash-fragment URL form #/posts/... is a known checker false-positive; the API endpoint URL form is the convention used since 2026-05-09 specifically to stay out of the checker's blocked-pattern allowlist).
  • Iteration 3 not run. Iteration 2's truth findings were either substantive editorial fixes applied to the brief (companion CVEs, residual superlative, status-field taxonomy, IOC-context word) or content-stable issues already documented in § 7 (NCSC-CH URL form, transport-level URL liveness WARNs). Phase 5.5 tools/check_brief.py returns exit 0 against the iteration-2-fixed brief. verification_iterations = 2 / verification_residual_count = 0.

Sub-agent telemetry / coverage gaps

  • S1 (active threats / vulns) — returned: Claude Sonnet 4.5 (claude-sonnet-4-6), webfetch=22, websearch=14, bridge=3. No new KEV entries 2026-05-09 / 2026-05-10 (CISA-KEV bridge confirms catalog version 2026.05.08 unchanged). No new NCSC-CSH posts since 12551 (SEPPmail, 2026-05-08).
  • S2 (CH / EU / public sector) — returned: Claude Sonnet 4.5 (claude-sonnet-4-6), webfetch=22, websearch=7, bridge=4.
  • S3 (research / investigative) — returned: Claude Sonnet 4.5 (claude-sonnet-4-6), webfetch=30, websearch=9, bridge=2.
  • S4 (incidents / disclosures) — returned: Claude Sonnet 4.5 (claude-sonnet-4-6), webfetch=17, websearch=9, bridge=5. SEC EDGAR Item-1.05 8-K filings: 0 in window (2026-05-08 → 2026-05-10) — expected weekend filing gap, not a coverage failure.
  • Coverage gaps: cisa-kev (no new entries this run, transport 403 mitigated via bridge as required); ncsc-ch-security-hub (most recent post 12551, 2026-05-08, no weekend new posts); enisa-euvd (SPA, content empty to WebFetch — persistent gap across runs); wid.cert-bund.de (individual advisory portal returns empty content; RSS works for enumeration only); advisories.ncsc.nl (CSAF SPA — listing returns no advisory data); cisco-psirt-publication-listing (Angular SPA returns no populated advisory data; Cisco PSIRT individual advisory URLs work directly); cert.ssi.gouv.fr (RSS works; individual advisory pages need bridge); databreaches.net (403 on direct WebFetch and bridge UA — persistent across runs); ico-uk (JS-rendered listing); cnil-fr / edpb (fetched, no breach-related items in window — quiet weekend pattern); BleepingComputer article-page (403 on direct WebFetch — discovery via listing OK); rts.ch / 20min.ch (paywall / 403); nltimes.nl (not in bridge allow-list).

Coverage gaps: cisa-kev (no new entries 2026-05-09/10); ncsc-ch-security-hub (no new posts past 12551); enisa-euvd (SPA — persistent); wid.cert-bund.de (advisory portal SPA, RSS only); advisories.ncsc.nl (CSAF SPA — listing); cisco-psirt-publication-listing (Angular SPA); cert.ssi.gouv.fr (advisory detail pages need bridge); databreaches.net (403 across UAs); ico-uk (JS SPA); cnil-fr, edpb (no breach items in window); bleepingcomputer (article 403 — discovery via listing); rts.ch, 20min.ch (paywall/403); nltimes.nl (not in bridge allow-list); sec-edgar (no Item 1.05 filings in window — weekend gap, expected).

Migrated from briefs/2026-05-10.md (v2).

← Operations dashboard · day page 2026-05-10 · run-record contract: docs/pipeline.md