ctipilot.ch

2026-05-16-5bc123a0

One pipeline fire, in full · intel run of 2026-05-16 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-16/2026-05-16-5bc123a0.md.

Run telemetry

2026-05-16-5bc123a0 intel prompt v2.59
24m 30s duration 10 published 0 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
3m 56s
Tool calls
7 WebFetch6 WebSearch18 bridge
Cited sources
12 of 27 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
3
Duration
4m 05s
Tool calls
14 WebFetch8 WebSearch12 bridge
Cited sources
7 of 43 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
10m 16s
Tool calls
12 WebFetch0 WebSearch8 bridge
Cited sources
8 of 68 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
5
Duration
8m 44s
Tool calls
12 WebFetch12 WebSearch11 bridge
Cited sources
11 of 25 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.7 (1M context) · t=4 e=0 a=0 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=2 e=1 a=2 #3 NEEDS_FIXES · Claude Opus 4.7 (1M context) · t=4 e=0 a=1 #4 CLEAN · Claude Sonnet 4.6 · t=0 e=0 a=0

Deep dive

2026-05-16/microsoft-exchange-cve-2026-42897-active-exploitation-withou

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
databreaches-nethttps://databreaches.net/webfetchbridge:fetch_source.py url https://databreaches.net/websearch-fallback403 transport-403
WebFetch returned HTTP 403; 5th consecutive run failing
WebSearch fallback used for breach-story discovery; no unique stories lost
inside-it-chhttps://www.inside-it.ch/webfetchbridge:fetch_source.py url https://www.inside-it.ch/websearch-fallback403 cloudflare-challenge
Cloudflare Managed Challenge; 4th consecutive run failing
WebSearch fallback; no CH-specific items beyond NCSC-CH coverage
sophos-xopshttps://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242webfetch503 transport-5xx
HTTP 503; no items retrieved
none — no in-window items lost confirmed

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 4 findings (truth=4, editorial=0, advisory=0) · Claude Opus 4.7 · 6m 05s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F1
claim-not-supported
deep-diveCVE-2026-42897 Exchange OWA — Period 2 ESU paragraphNCSC-CH advisory does not mention Period 2 ESU; cite the Microsoft Exchange Team techcommunity blog insteadRepointed Period 2 ESU citation from NCSC-CH #12577 to Microsoft Exchange Team techcommunity blog fixed-clean
F2
claim-not-supported
active-threatsGTIG BlackFile — ClientAppId spoofing description
the operators spoof Microsoft Office's ClientAppId ... in their user-agent strings
ClientAppId is spoofed in AppAccessContext audit field, not user-agent; brief contradicted itselfReworded to: ClientAppId surfaces in M365 AppAccessContext audit field (matching legitimate Office); detection break is the underlying user-agent (python-reques fixed-clean
F3
hallucinated-fact
research-investigativeUnit 42 Gremlin Stealer — crypto-clipper API claim
monitors the clipboard via the SetClipboardViewer / WM_DRAWCLIPBOARD chain
Unit 42 source says only 'continuously monitors the system clipboard'; specific Windows API names not stated by sourceDropped SetClipboardViewer / WM_DRAWCLIPBOARD from descriptive sentence; kept as defender detection recommendation (which the source supports as a hunt concept) fixed-clean
F4
quantifier-without-source
active-threatsnode-ipc — 822 K weekly downloads
822 K weekly downloads
None of four cited sources state 822 K; CSO says ~700 K, StepSecurity 10M, Socket/THN unstatedReplaced '822 K weekly downloads' with CSO's '~700 K weekly downloads' attribution; reworded TL;DR bullet to 'widely-used Node.js IPC library' without specific fixed-clean

Iteration #2 NEEDS_FIXES · 5 findings (truth=2, editorial=1, advisory=2) · Claude Sonnet 4.6 · 6m 41s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F1
hallucinated-fact
trending-vulnerabilitiesAMD-SB-7052 CVE Summary Table — CVE/CVSS missing
CVE: n/a · CVSS: n/a
AMD bulletin + NCSC-NL confirm CVE-2025-54518 and CVSS 7.3 (CVSS 4.0); table and prose both said n/aAdded CVE-2025-54518 + CVSS 7.3 to prose H3, footer, CVE summary table; added CVE to cves_seen.json fixed-clean
F2
quantifier-without-source
active-threatsnode-ipc — DNS TXT 29,400 queries per 500 KiB
DNS TXT queries (~29,400 per 500 KiB archive)
Specific query-count quantifier not in any cited sourceDropped the parenthetical count fixed-clean
F3
needs-more-research
research-investigativeGremlin Stealer detection — SetClipboardViewer not in source
clipboard-hook registration via SetClipboardViewer
Unit 42 source does not name SetClipboardViewer; brief is [SINGLE-SOURCE] — should softenSoftened to 'clipboard-monitoring hook registration from non-standard processes (generic Windows clipboard-listener API surface)' fixed-clean
F4
missed-angle
trending-vulnerabilitiesAMD-SB-7052 — Fedora/Lenovo advisory IDs not verified
FEDORA-2026-7b2b7837b6, FEDORA-2026-8b2957222f, LEN-216977
Advisory IDs not independently verified against Fedora bodhi or Lenovo PSIRT (advisory only)Dropped specific IDs from prose and § 6 action item; left general 'Fedora kernel + microcode updates per NCSC-NL CSAF references' and 'Lenovo PSIRT' references fixed-degraded
F5
editorial-advisory
action-itemsTypo in § 6 BlackFile action item
helpdesk-priviledged
Misspelling — should be 'helpdesk-privileged'Fixed typo (both occurrences via replace_all) fixed-clean

Iteration #3 NEEDS_FIXES · 5 findings (truth=4, editorial=0, advisory=1) · Claude Opus 4.7 · 10m 05s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F1
hallucinated-fact
research-investigativeGremlin Stealer — Brave browser claim
reads active browser process memory (Chrome, Edge, Brave)
Unit 42 source does not name Brave; [SINGLE-SOURCE] itemReplaced '(Chrome, Edge, Brave)' with '(Chrome-based browsers)' in prose; replaced 'brave.exe' in detection with generic 'Chrome-based browser processes' fixed-clean
F2
hallucinated-fact
trending-vulnerabilitiesOpenClaw — version 2026.4.22 not in source
OpenClaw 2026.4.22 (released 2026-04-23)
Cyera source references '2026-04-23 fixes' and four GHSA IDs; '2026.4.22' version label not citedReplaced all 7 occurrences (TL;DR, §2 prose, 4 CVE-table rows, §6 action item) with date-based label '2026-04-23 release' + per-row GHSA IDs fixed-clean
F3
hallucinated-fact
active-threatsKazuar — 'European' narrows MS 'worldwide'
primary targets are European ministries of foreign affairs, embassies, defence contractors
MS source says 'worldwide'; brief narrowed to 'European' in TL;DR + § 1 H3Rephrased TL;DR to 'target set documented as ministries... worldwide — European environments fall squarely within that scope'; § 1 H3 changed to 'worldwide mini fixed-clean
F13
analytical-link-as-fact
research-investigativeSentinelOne — Sha1-Hulud pattern attribution
the 'Sha1-Hulud' pattern — distinct from and predating the Mini Shai-Hulud TeamPCP worm
SentinelOne does not label self-hosted-runner vector 'Sha1-Hulud pattern'; cross-link is separate analysis; 'distinct from / predating' Mini Shai-Hulud claim unsupportedRewrote: 'Additional vectors covered include attacker-registered self-hosted runners, workflow triggers... and maintainer-account compromise appending malicious fixed-clean
F11
editorial-advisory
active-threatsKazuar — 'frequently acquires' / 'selectively reuses' overstated
Microsoft documents that Secret Blizzard frequently acquires footholds from Aqua Blizzard / Gamaredon... and selectively
MS source says only 'targeted systems in Ukraine previously compromised by Aqua Blizzard'; frequency adverb + strategy phrase exceed sourceSoftened to 'has been observed targeting systems in Ukraine previously compromised by Aqua Blizzard'; defender inference flagged as such, not attributed to Micr fixed-clean

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-16-5bc123a0 · Claude Opus 4.7 · window 36 h · 10 entries published

  • Items dropped (duplicate of prior coverage):
    • Exim CVE-2026-45185 ("Dead.Letter" pre-auth heap UAF via BDAT/GnuTLS) — already covered as a § 2 Trending Vulnerability in briefs/2026-05-13.md (primary source XBOW research blog 2026-05-12). S1's re-surfacing in this run includes the discoverer attribution (Federico Kirschbaum / XBOW) and patch detail (4.99.3 fixes by resetting input-processing stack on TLS close_notify during BDAT) — none of which constitute material new development under PD-8. No § 4 UPDATE warranted.
  • Items dropped / deferred (out-of-window recency, PD-7):
    • Microsoft IR case study "Undermining the trust boundary — 106-day stealth intrusion via trusted HPE Operations Manager (HPOM)" (Microsoft IR, 2026-05-12): primary source published 2026-05-12, more than 36 h before this run's start; no fresher in-window development. Substantive technical research with strong defender takeaways (HPOM VBScript push as living-off-trusted-tools persistence, Updater.dll network-provider DLL credential interception, 106-day undetected dwell) — deferred to the weekly summary for cross-day consolidation. out-of-window: primary source 2026-05-12, window_hours=36.
    • Cushman & Wakefield vishing breach (ShinyHunters Salesforce CRM data + Qilin separate listing): initial disclosure 2026-05-05, victim statement 2026-05-05, HIBP indexing 2026-05-12. All evidence dates fall outside the 36-hour window. Pattern (vishing → SaaS-CRM credential capture → bulk record exfil) is consistent with previously-covered ShinyHunters operations and adds no fresh TTP. out-of-window: primary sources 2026-05-05 to 2026-05-12, window_hours=36.
  • F5 BIG-IP / BIG-IQ May 2026 Quarterly Security Notification (K000160932): NCSC-NL flagged the bundle as HIGH on 2026-05-15 (NCSC-NL NCSC-2026-0162, 2026-05-15). Per-CVE enumeration requires authenticated myF5 portal access and could not be obtained from the public CSAF excerpt in this run. Operators of F5 BIG-IP / BIG-IQ in Swiss financial-sector, telco, and large public-sector perimeters should pull the K-article matrix directly; we will surface the per-CVE detail in the next brief that pivots through an authenticated review or a corroborating researcher write-up.
  • Sub-agent telemetry: S1 returned (Claude Sonnet 4.6, 236 s, 7 webfetch + 6 websearch + 18 bridge). S2 returned (Claude Sonnet 4.6, 245 s, 14 webfetch + 8 websearch + 12 bridge). S3 returned (Claude Sonnet 4.6, 616 s, 12 webfetch + 0 websearch + 8 bridge). S4 returned (Claude Sonnet 4.6, 524 s, 12 webfetch + 12 websearch + 11 bridge).
  • Item-overlap consolidation: CVE-2026-42897 Exchange OWA XSS was independently surfaced by S1, S2, S3, and S4 — consolidated into one § 2 item, one § 5 deep dive, and the § 0 Immediate Action callout, with sources pooled across all four sub-agent returns. Kazuar / Secret Blizzard was surfaced by S2 and S3 — consolidated into one § 1 item. node-ipc npm was surfaced by S3 and S4 — consolidated into one § 1 item.
  • Single-source items: Gremlin Stealer evolved (Palo Alto Networks Unit 42, 2026-05-15) — sole reputable primary, no independent corroboration found in window. SentinelOne "Living Off the Pipeline" CI/CD subversion taxonomy (SentinelOne, 2026-05-15) — sole primary; the analytical content draws on prior public CVE-2023-42793 / Contagious Interview reporting, but the synthesis is single-sourced.
  • Coverage gaps / fetch failures:
    • databreaches-net: WebFetch returned 403 (5th consecutive run failing); WebSearch fallback used for breach-story discovery, no unique stories lost in this run. Rotation-priority signal preserved for the next run.
    • inside-it-ch: Cloudflare Managed Challenge blocked WebFetch (4th consecutive run); WebSearch fallback found no CH-specific items beyond what NCSC-CH posts surfaced. Rotation-priority signal preserved.
    • bleepingcomputer: rotation-priority source — multiple article URLs returned 403; URLs successfully fetched by S2 (e.g. the Microsoft Exchange zero-day article) used after cross-confirmation; broader feed listing not enumerated.
    • helpnetsecurity: rotation-priority source — known 429 rate-limit; one article cited (CVE-2026-42897 coverage) fetched successfully and corroborated.
    • cert-eu: no new advisories in the 36-hour window (latest 2026-006 dated 2026-05-06).
    • anssi-fr (CERT-FR): most recent avis bulletins outside the 36-hour window (latest 2026-05-12 / 13).
    • sophos-xops: feed returned HTTP 503; no items retrieved this run.
    • sekoia: no new posts in window (latest 2026-04-23).
    • cert-pl: SPA listing not navigated this run.
    • cnil-fr: site under scheduled maintenance 2026-05-13 to 2026-05-18 per maintenance notice.
    • sec-disclosures-edgar: SEC EDGAR Item 1.05 bridge returned 0 cyber-disclosure filings for the 2026-05-12 to 2026-05-16 window — quiet period for material cyber disclosures.
  • Coverage gaps: databreaches-net (403 5×); inside-it-ch (Cloudflare 4×); cert-eu (no in-window advisories); anssi-fr (no in-window AVI); sophos-xops (feed 503); sekoia (no in-window posts); cert-pl (SPA listing not navigated); cnil-fr (scheduled maintenance); sec-disclosures-edgar (no in-window 8-K Item 1.05 filings).
  • Verification status: CLEAN at iteration 4 (4 iterations, model-rotated). Iter 1 (Opus): 4 truth findings (Period 2 ESU citation, BlackFile ClientAppId location, Gremlin SetClipboardViewer API, node-ipc 822K download count) — all fixed. Iter 2 (Sonnet): 2 truth + 1 editorial + 2 advisory (AMD-SB-7052 CVE/CVSS missing → CVE-2025-54518 CVSS 7.3 added, node-ipc DNS TXT count unsupported → dropped, Gremlin detection SetClipboardViewer still unsupported → softened, Fedora/Lenovo advisory IDs unverified → IDs dropped, helpdesk-priviledged typo) — all fixed. Iter 3 (Opus, cold): 4 truth + 1 advisory (Gremlin Brave browser, OpenClaw "2026.4.22" version label, Kazuar "European" narrowing, SentinelOne Sha1-Hulud pattern claim, Aqua Blizzard paraphrase strength) — all fixed. Iter 4 (Sonnet, with deltas): CLEAN — all iter-3 remediations verified correct against re-fetched primary sources. verification_residual_count: 0.

Unmatched action items (migrated)

  • Inventory every node-ipc install across developer workstations and CI/CD runners (transitive deps included); rotate every credential accessible from any environment that installed 9.1.6 / 9.2.3 / 12.0.1. Run npm ls node-ipc against every project; flag any install whose timestamp falls between 2026-05-14 publish-time and registry removal. Treat any match as a full developer-secret compromise: cloud SDK profiles, SSH keys, Kubernetes contexts, GitHub / npm / Git tokens, Terraform state, .env files, and macOS Keychain databases were all in scope. Going forward, enforce npm ci --ignore-scripts and lockfile-based installs in CI, monitor outbound DNS to the bt.node.js suffix, and add domain-expiry monitoring for maintainer email domains of critical dependencies. See § 1 (node-ipc entry).
  • Add the BlackFile vishing → AiTM → rogue-MFA → SharePoint-API exfiltration detections to M365 / Okta monitoring. Concretely: alert on Okta system.multifactor.factor.setup events without a preceding user-initiated session; alert on M365 audit FileAccessed events with AppAccessContext.ClientAppId == d3590ed6-52b3-4102-aeff-aad2292ab01c AND user-agent containing python-requests or PowerShell; require Conditional Access compliant-device for Graph API access by administrative accounts; move helpdesk-privileged accounts to FIDO2 phishing-resistant MFA so the live-vishing capture-and-replay chain fails at the second factor. See § 1 (BlackFile entry).
  • Hunt for Kazuar P2P artefacts on systems hosting European government, diplomatic, or defence workloads. Concretely: Sysmon EID 17 / 18 for Mailslot creation from non-standard processes; registry audit on HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages for unsigned DLL additions; flag programmatic Exchange Web Services authentication originating from non-Exchange processes against the organisation's own mail servers. Where Aqua Blizzard / Gamaredon presence has been previously detected, treat Kazuar implant presence as a concurrent hypothesis. See § 1 (Secret Blizzard entry).

Migrated from briefs/2026-05-16.md (v2).

← Operations dashboard · day page 2026-05-16 · run-record contract: docs/pipeline.md