ctipilot.ch

2026-05-13-c148b9a5

One pipeline fire, in full · intel run of 2026-05-13 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-13/2026-05-13-c148b9a5.md.

Run telemetry

2026-05-13-c148b9a5 intel prompt v2.50
32m 09s duration 15 published 3 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
5
Duration
7m 02s
Tool calls
16 WebFetch5 WebSearch6 bridge
Cited sources
7 of 17 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
8
Duration
5m 24s
Tool calls
9 WebFetch8 WebSearch5 bridge
Cited sources
4 of 20 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
7
Duration
9m 03s
Tool calls
18 WebFetch18 WebSearch2 bridge
Cited sources
8 of 19 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
8m 59s
Tool calls
17 WebFetch21 WebSearch4 bridge
Cited sources
2 of 16 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.7 · t=8 e=0 a=2 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=3 a=1 #3 NEEDS_FIXES · Claude Opus 4.7 · t=1 e=1 a=2

1 entry dropped by verification this run (recorded in the verification & coverage notes).

Deep dive

2026-05-13/mini-shai-hulud-s-github-actions-pwn-request-oidc-token-thef

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
bleepingcomputer
covered via alternate · should NOT be in this list
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2026-patch-tuesdaywebfetchwebsearch403 transport-403
HTTP 403 Forbidden on default UA
WebSearch fallback + Tenable/ZDI/Rapid7 pivot for Patch Tuesday coverage
anssi-fr
covered via alternate · should NOT be in this list
https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-021/bridge:url200 spa-empty-body
HTML shell — bridge returned page structure only
CERT-FR RSS feed fetched; CERTFR-2026-AVI-0564 / 0572 advisory bodies via per-URL bridge:url
cert-euhttps://cert.europa.eu/publications/security-advisories/bridge:url200 spa-empty-body
Listing returned navigation scaffold only
WebSearch fallback; no new in-window CERT-EU advisories beyond what national CERTs covered
cisa-kev
covered via alternate · should NOT be in this list
https://www.cisa.gov/known-exploited-vulnerabilities-catalogbridge:cisa-kev200 none
bridge OK; catalog version 2026.05.08 — no new KEV additions in window
bridge:cisa-kev → 200 OK; no new entries
enisa-euvd
covered via alternate · should NOT be in this list
https://euvd.enisa.europa.eu/bridge:enisa-euvd.recent200 spa-empty-body
Direct page is SPA shell; bridge endpoint returned full data
bridge:enisa-euvd.recent → 200 OK (criticals, exploited); EUVD-2026-29824 Exim and EUVD-2026-29872 Thymeleaf surfaced
bsi-de
covered via alternate · should NOT be in this list
https://wid.cert-bund.de/portal/wid/securityadvisorybridge:bsi-rss200 spa-empty-body
Angular SPA portal returns navigation only; bridge RSS returned feed
bridge:bsi-rss → 200 OK; no new in-window KRITISCH items
advisories-ncsc-nlhttps://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0380.jsonbridge:ncsc-nl.csaf404 transport-404
speculative advisory-id 404 — no enumeration index available
none — coverage gap for NCSC-NL this run
databreaches-nethttps://databreaches.net/webfetchbridge:urlwebsearch403 robots-blocked
Cloudflare Managed Challenge on every UA
bridge:url also blocked by Cloudflare Managed Challenge (documented for databreaches-net); WebSearch fallback — no unique in-window items
inside-it-chhttps://www.inside-it.ch/webfetchbridge:urlwebsearch403 robots-blocked
Cloudflare Managed Challenge on every UA
bridge:url also blocked by Cloudflare Managed Challenge (documented for inside-it-ch); WebSearch fallback — no unique in-window items
ico-ukhttps://ico.org.uk/sitemap.xmlbridge:url200
Sitemap returned; no in-window enforcement actions identifiable from lastmod
WebSearch fallback confirmed South Staffordshire (2026-05-12, prior brief) as freshest
sec-disclosures-edgarhttps://www.sec.gov/cgi-bin/browse-edgarwebfetch503 transport-5xx
HTTP 503 Service Unavailable
WebSearch fallback; Itron (Apr 2026, out-of-window) and West Pharma (2026-05-12, prior brief) confirmed as most-recent relevant 8-K Item 1.05; no new in-window
nltimeshttps://nltimes.nl/2026/05/12/odido-rules-compensation-massive-cyberattack-affecwebfetchbridge:url403 robots-blocked
Cloudflare Managed Challenge; bridge fetcher does not allow-list nltimes.nl
Search-engine confirmed publication date and headline; primary unreadable; Odido item dropped from § 1 to § 7 as coverage gap

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 10 findings (truth=8, editorial=0, advisory=2) · Claude Opus 4.7 · 4m 22s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
active-threatsFoxconn — Nitrogen ransomware (TTP chain unsourced)
malvertising → trojanised installer → Cobalt Strike → AD reconnaissance within 72 h
TTP chain not in any cited sourceRemoved unsourced TTP chain; replaced with generic hypervisor-recovery detection concepts tied to the Coveware decryptor-bug analysis fixed-clean
F4
hallucinated-fact
trending-vulnerabilitiesCVE-2026-45185 Exim — EUVD-2026-29824 critical claim
ENISA EUVD-2026-29824 lists the vulnerability as Critical
EUVD entry not confirmable from cited sources; verification SSL-failure on bridge re-fetchRemoved EUVD claim and enisa-critical Tags/Status; kept CVSS 9.8 per vendor disclosure fixed-degraded
F4
hallucinated-fact
trending-vulnerabilitiesCVE-2026-41901 Thymeleaf — EUVD claim
ENISA EUVD-2026-29872
EUVD entry not confirmable; CSO Online cited is wrong CVE; GHSA dated 2026-04-29 (out of window)Dropped entire Thymeleaf item from § 2, action items, CVE table, cves_seen.json, covered_items.json; documented in § 7 dropped-item
F3
claim-not-supported
trending-vulnerabilitiesCVE-2026-41901 Thymeleaf — CSO Online citation
CSO Online 2026-05-12
CSO Online cite is April 17 and covers a different CVESubsumed into Thymeleaf drop dropped-item
F4
hallucinated-fact
trending-vulnerabilitiesCVE-2026-41901 Thymeleaf — GHSA date 2026-05-12
GitHub Security Advisory GHSA-c9ph-gxww-7744, 2026-05-12
Actual GHSA publication 2026-04-29Subsumed into Thymeleaf drop dropped-item
F4
hallucinated-fact
researchNCSC-UK 10 Questions date
2026-05-12
Actual publication 2026-05-11 (Ruth C, head of Vulnerability Management Group)Corrected date in heading, prose and footer to 2026-05-11 fixed-clean
F4
hallucinated-fact
active-threatsFoxconn H3 — five sites
Foxconn confirms Nitrogen ransomware crippled five North-American manufacturing sites
H3 says 'five' but body lists six locationsRemoved numeric count from H3; reads "crippled North-American manufacturing sites" fixed-clean
F4
hallucinated-fact
updatesCanvas — Garbarino letter on extortion deadline
On the 2026-05-12 ShinyHunters extortion deadline, … Garbarino sent a formal letter
Letter sent late on 2026-05-11; deadline was 2026-05-12; ransom paid before the deadlineRewrote UPDATE para 1 with corrected timeline (letter 05-11, deadline 05-12) and corrected institution count (8,800 per The Register, ~9,000 per The Record surf fixed-clean
F11
editorial-advisory
updatesCanvas institution-count discrepancy
~275 million records across ~9,000 institutions
Source contradictionSurfaced both figures inline (~8,800 per Register, ~9,000 per Record); added to § 7 contradictions list fixed-clean
F11
editorial-advisory
tldrTL;DR Foxconn bullet
Coveware programming bug insight
Paired with F4 #1 — flagged source quality onlyCoveware insight retained; TTP-chain claim removed in body fix fixed-clean

Iteration #2 NEEDS_FIXES · 5 findings (truth=1, editorial=3, advisory=1) · Claude Sonnet 4.6 · 3m 50s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F1
broken-url
trending-vulnerabilitiesCVE-2026-44277 Fortinet FortiAuthenticatorVerifier WebFetch returned 403 (transient UA filter)Fresh re-fetch returned 200 with full advisory; UA-filter transient; no source-list change; § 7 documents the verification re-fetch and notes vendor-canonical C fixed-clean
F3
claim-not-supported
trending-vulnerabilitiesCERTFR-2026-AVI-0572 Centreon
reflected / stored XSS findings; "RCE"
Bulletin lists "command injection" (MBI) and XSS only on Centreon Map; brief overstatedReplaced "RCE" with "command injection (effectively RCE in Centreon MBI)"; replaced "reflected / stored XSS" with "XSS (Centreon Map, CVSS 6.8)" fixed-clean
F5
missing-citation
active-threatsBWH Hotels Swiss claim
Switzerland, Germany, France, Italy and other EEA jurisdictions
Switzerland not in cited sourcesRemoved Switzerland from country list fixed-clean
F10
missed-angle
trending-vulnerabilitiesCentreon affected branches
24.10.x and 25.10.x branches
24.04.x (MBI only) also patched by April 2026 bulletinAdded "24.04.x (MBI only), 24.10.x and 25.10.x" to affected versions fixed-clean
F11
editorial-advisory
deep-diveMini Shai-Hulud step 8 ATT&CK mapping
T1647 Plist File Modification
T1647 is macOS persistence — wrong analogy for SLSA provenance forgeryReplaced with T1553.002 Subvert Trust Controls: Code Signing and explicit note that no current ATT&CK sub-technique precisely maps fixed-clean

Iteration #3 NEEDS_FIXES cap-breach · 4 findings (truth=1, editorial=1, advisory=2) · Claude Opus 4.7 · 6m 14s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
trending-vulnerabilitiesCVE-2026-44277 / CVE-2026-26083 CVSS
vendor lists CVSS 9.8
Fortinet PSIRT pages publish CVSS 9.1 for both; brief carried 9.8 in body, TL;DR, CVE table, and § 6 action itemConverged on 9.1 throughout § 0 / § 2 / § 6; updated CVE Summary Table footnote fixed-clean
F11
editorial-advisory
action-itemsExim action item Tags/Status
Tags: vulnerabilities, pre-auth, rce, enisa-critical, patch-available · Status: enisa-critical, patch-available
iter-1 F4 fix removed enisa-critical from § 2 but the § 6 action item still carried itRemoved enisa-critical from § 6 Exim action item Tags + Status fixed-clean
F5
missing-citation
active-threatsBWH country list
Germany, France, Italy and other EEA jurisdictions
Neither cited source enumerates per-country exposureReplaced with "multiple EEA jurisdictions"; noted absence of per-country enumeration fixed-clean
F11
editorial-advisory
updatesCanvas via support-ticket access
via support-ticket access
Specifier not surfaced in either cited sourceRemoved the "via support-ticket access" specifier from the Canvas UPDATE fixed-clean

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-13-c148b9a5 · Claude Opus 4.7 · 15 entries published

  • Dropped items / coverage gaps:
    • CVE-2026-41901 — Thymeleaf SSTI sandbox bypass. Initially surfaced by S2 (research returning ENISA EUVD-2026-29872 hit and CSO Online corroborating link) and composed into § 2. Phase 5.7 verifier flagged the source dates: the GitHub Security Advisory GHSA-c9ph-gxww-7744 is dated 2026-04-29 (not 2026-05-12), placing the disclosure 14 days outside the 36-hour recency window; the CSO Online article cited as corroborating is dated 2026-04-17 and concerns a different Thymeleaf CVE (CVE-2026-40478). Per PD-7 the item is dropped from § 2; the ENISA EUVD claim could not be independently re-verified in this iteration (EUVD direct fetch is SPA-only and the bridge fetcher hit an SSL cert-validity error during the verification pass). Operators with Spring Boot Java applications should patch Thymeleaf to 3.1.5.RELEASE in line with the April GHSA. — Source: GitHub Security Advisory GHSA-c9ph-gxww-7744, 2026-04-29 · Tags: vulnerabilities, rce, patch-available · Region: global · CVE: CVE-2026-41901 · CVSS: 9.0 · Vector: user-interaction · Auth: pre-auth · Status: patch-available
    • Odido (Netherlands) compensation refusal, Dutch DPA / criminal investigation, CUIC class action (NL Times, 2026-05-12). Surfaced by S4 but the primary URL https://nltimes.nl/2026/05/12/odido-rules-compensation-massive-cyberattack-affecting-62-million-accounts is behind Cloudflare's Managed Challenge and could not be fetched in-run by either the routine UA or the bridge fetcher (nltimes.nl is not in the bridge allow-list). Search-engine snippets confirmed the publication date, headline and key facts (CEO Søren Abildgaard, ShinyHunters vishing of Salesforce, 6.2M accounts, 350k registered for CUIC class action, Dutch Public Prosecution Service criminal investigation, AP / ILT investigations), but PD-2 requires that every cited URL be one the agent actually fetched. Dropped from § 1 rather than carry an unverifiable primary; will re-attempt next run via WebSearch fallback content or alternative outlet — Source: Techzine, 2026-02-16 · The Register, 2026-02-27 · Tags: data-breach, identity · Region: europe · Sector: telco
    • Kaspersky State of Ransomware 2026 (Securelist, 2026-05-12). PD-9 annual report. Surfaced by S3 with novel headline (PE32 ransomware using ML-KEM/Kyber1024 post-quantum KEM; encryptionless extortion now dominant; Qilin displaces RansomHub; RDWeb portal targeting overtakes phishing). Not promoted to § 3 / § 5 in this brief — yesterday's brief (2026-05-12) already absorbed the annual-report deep-dive slot (GTIG AI Threat Tracker) and PD-3 demotes the same category one rank when in the last-7-day window. Will pick up the PE32 / post-quantum element as a § 3 research item in a later brief if it gains corroborating independent analysis — Source: Securelist (Kaspersky), 2026-05-12 · Tags: ransomware, supply-chain · Region: global · Sector: public-sector
    • CVEs from Microsoft May Patch Tuesday not surfaced in § 2. ~30 Critical CVEs landed in this cycle; § 2 cherry-picked the four most operationally significant (Netlogon, DNS Client, SSO Plugin, Dynamics 365) plus the four Word Preview Pane RCEs. The remaining MDASH-discovered network-stack CVEs are referenced indirectly in § 3 (MDASH article). Operators should review the full Tenable / ZDI breakdowns for their environment.
  • Single-source items:
    • NCSC-UK "10 questions to ask when using AI models to find vulnerabilities" — flagged [SINGLE-SOURCE] in § 3; national-CERT carve-out applies (NCSC-UK is primary disclosing party for its own guidance).
  • Contradictions:
    • CVE-2026-26083 (FortiSandbox) CVSS — NCSC-CH cites 9.1 per Fortinet's own PSIRT, NVD's initial assignment is 9.8. Both indicate Critical; brief lists both ("9.1 (NCSC-CH per the vendor advisory) and 9.8 (NVD's initial assignment)"). Operators should treat as critical pending convergence; per-CVE breakdown carried in § 2 footer.
    • Microsoft May Patch Tuesday CVE count — Tenable reports 118, BleepingComputer reports 120, ZDI / The Register reports up to 138 depending on whether developer-tools and Azure-only items are included. Brief uses "120+" as a conservative summary.
    • Canvas affected-institution count — The Register cites ~8,800 colleges, universities and K-12 schools; The Record cites ~9,000. Brief uses 8,800 (per The Register, the primary cited) with The Record's figure surfaced inline.
  • Reduced-confidence items: None this run beyond the dropped Odido entry above.
  • Verification iteration 1 disposition (Opus): Eight F3/F4 truth findings applied as remediations — corrected NCSC-UK date (2026-05-12 → 2026-05-11), corrected Canvas narrative (Garbarino letter 2026-05-11 ahead of 2026-05-12 deadline), corrected Foxconn site-count phrasing, removed unsourced Nitrogen initial-access TTP chain, removed unverifiable ENISA EUVD claims on Exim and Thymeleaf, dropped Thymeleaf as out-of-window. Two F11 advisory findings (Foxconn TTP-chain advisory paired with the F4 fix; Canvas-institution-count) addressed.
  • Verification iteration 2 disposition (Sonnet rotation): Five findings (1 truth, 3 editorial, 1 advisory) — (a) F1 broken-URL flag on https://fortiguard.fortinet.com/psirt/FG-IR-26-128: fresh re-fetch in this iteration returned 200 with the full advisory body (CVE-2026-44277, CVSS 9.1 per vendor, fixed in 6.5.7 / 6.6.9 / 8.0.3+, internal-audit discovery) — the verifier's 403 was a transient UA-filter on the host; no source-list change required. (b) F3 Centreon wording corrected: "command injection (effectively RCE in Centreon MBI)" instead of "RCE"; "XSS (Centreon Map, CVSS 6.8)" instead of "reflected / stored XSS". (c) F5 BWH Switzerland claim removed (sources do not call out Swiss properties specifically). (d) F10 Centreon 24.04.x branch added to affected versions (MBI only per the vendor bulletin). (e) F11 advisory ATT&CK mapping in § 5 step 8 corrected from T1647 Plist File Modification to T1553.002 Subvert Trust Controls: Code Signing, with an explicit note that no current sub-technique precisely maps to SLSA-L3 provenance forgery via OIDC abuse.
  • Verification iteration 3 disposition (Opus rotation): Four findings (1 truth, 1 editorial, 2 advisory) at truth + editorial = 2 and no F1/F4 — early-exit threshold reached per v2.50. Remediations applied before publish: (a) F3 CVE-2026-44277 / CVE-2026-26083 CVSS converged on vendor PSIRT canonical value 9.1 throughout § 0 / § 2 / § 6 (iter-2 had left 9.8 in the body even after § 7 noted the discrepancy); CVSS table footnote re-worded; (b) F11a Exim § 6 Action Item Tags / Status enisa-critical flag removed (iter-1 F4 fix propagated to § 6); (c) F5 BWH country list (Germany, France, Italy) replaced with "multiple EEA jurisdictions" — neither cited source enumerates per-country exposure; (d) F11b advisory: Canvas UPDATE removed the "via support-ticket access" specifier — neither re-fetched source confirms that detail. Final iteration verdict: NEEDS_FIXES (truth=1 + editorial=1 = 2 ≤ early-exit threshold). Three iterations, model-rotated (Opus / Sonnet / Opus). Brief publishes with the four iter-3 remediations applied; no residual findings carried beyond what § 7 already documents.
  • Sub-agents: S1, S2, S3, S4 all returned within budget. No stalled sub-agents.
  • Fetch failures / bridges used: tools/fetch_source.py bridge used by S1, S2, S3, S4 for ncsc-csh recent / post (NCSC-CH SPA), cisa-kev, enisa-euvd recent, bsi-rss, and url for CERT-FR / BleepingComputer / Centreon. databreaches-net, inside-it-ch and parts of bleepingcomputer returned 403 (Cloudflare Managed Challenge) on every UA per the documented host behaviour — WebSearch fallback used. advisories-ncsc-nl returned 404 on the speculative ID (NCSC-NL CSAF advisory ID guessing not viable without a fresh index); coverage gap for that source this run. ico-uk sitemap fetched but no in-window enforcement actions found; freshest enforcement (South Staffordshire) already covered 2026-05-12. ENISA EUVD direct fetch hit SSL cert-validity error in the verification iteration — bridge worked for the sub-agents but not at verifier time.
  • Coverage gaps: databreaches-net (Cloudflare-blocked, WebSearch fallback only); inside-it-ch (Cloudflare-blocked, WebSearch fallback only); advisories-ncsc-nl (CSAF advisory-ID enumeration failed, no in-window items surfaced); ico-uk (no in-window enforcement); nltimes.nl (Cloudflare-blocked, dropped Odido item logged above).

Unmatched action items (migrated)

  • Patch Fortinet FortiAuthenticator and FortiSandbox now. Pre-auth RCEs in two appliance classes that anchor public-sector identity and SOC pipelines. Update FortiAuthenticator to 6.5.7 / 6.6.9 / 8.0.3; update FortiSandbox to 4.4.9 / 5.0.2 / Cloud 5.0.6. Cloud 23 and 24 require migration, not in-place patching. Even after patching, restrict the management interface to admin / SOC source IPs at the perimeter — Fortinet's PSIRT explicitly notes this as the residual hardening. See § 2
  • Audit npm / pnpm lockfiles for Mini Shai-Hulud impact. Search every CI/CD pipeline and developer workstation for malicious versions across @tanstack/*, @uipath/*, @mistralai/*, @opensearch-project/opensearch, @squawk/*, @draftlab/*, @tallyui/* per the StepSecurity / Wiz manifests. UiPath impact is the highest-priority public-sector signal. Before revoking any GitHub PAT or npm token, sanitise the developer machine first — the worm's gh-token-monitor triggers rm -rf ~/ on revocation. Pin all pull_request_target workflows to SHA-locked action versions; gate fork-reachable workflows away from actions/cache writes. See § 4 / § 5
  • Patch Exim on every Debian / Ubuntu mail relay. Run exim -bV | grep GnuTLS on each MTA — if present, upgrade to Exim 4.99.3. Interim workaround if patching is delayed: set CHUNKING_ADVERTISE_HOSTS = (empty) in exim4.conf to suppress BDAT. Expect public exploit-tooling within days; XBOW's disclosure includes full chain traces. See § 2
  • Upgrade SPIP to 4.4.14 and apply the Centreon April 2026 monthly bulletin. SPIP RCE affects French and francophone Swiss-canton CMS deployments — gate ecrire/ to a known admin source set at the reverse proxy. Centreon update queue: any NOC running 24.10.x / 25.10.x Infra Monitoring with Anomaly Detection / Auto Discovery / AWIE / BAM / DSM / License Manager / MAP / MBI / Open Tickets. See § 2
  • Hunt for Foxconn-Nitrogen-style precursor patterns on Windows servers and ESXi. Detection concepts in § 1: unsigned installers spawning cmd.exe / powershell.exe -enc from %TEMP% / %APPDATA% on Windows servers; vmkfstools / esxcli invocations from non-administrator sessions on ESXi /var/log/shell.log. Treat the Nitrogen ESXi decryptor bug as a strategic backup-integrity test — hypervisor-layer recovery from Nitrogen is mathematically impossible regardless of ransom posture. See § 1

Migrated from briefs/2026-05-13.md (v2).

← Operations dashboard · day page 2026-05-13 · run-record contract: docs/pipeline.md