ctipilot.ch

2026-05-18-2eabc1cf

One pipeline fire, in full · intel run of 2026-05-18 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-18/2026-05-18-2eabc1cf.md.

Run telemetry

2026-05-18-2eabc1cf intel prompt v2.59
24m 17s duration 5 published 0 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
3
Duration
5m 48s
Tool calls
8 WebFetch18 WebSearch6 bridge
Cited sources
4 of 9 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
11m 17s
Tool calls
22 WebFetch14 WebSearch12 bridge
Cited sources
7 of 13 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
3
Duration
9m 36s
Tool calls
9 WebFetch8 WebSearch22 bridge
Cited sources
3 of 10 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
2
Duration
11m 19s
Tool calls
14 WebFetch18 WebSearch12 bridge
Cited sources
2 of 8 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.7 · t=4 e=1 a=2 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=4 e=1 a=0 #3 NEEDS_FIXES · Claude Opus 4.7 · t=3 e=1 a=1 #4 CLEAN · Claude Sonnet 4.6 · t=0 e=0 a=1

Deep dive

2026-05-18/tycoon2fa-after-the-march-2026-takedown-oauth-device-authori

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
inside-it-chhttps://www.inside-it.ch/webfetchbridge:urlwebsearch-fallback403 transport-403
WebFetch returned HTTP 403; documented known-403 host
bridge:url attempted via tools/fetch_source.py — host still 403; WebSearch fallback found no in-window CH public-sector incidents — source genuinely empty rathe
cert-euhttps://cert.europa.eu/publications/security-advisorieswebfetchbridge:url200 spa-empty-body
Feed returned but most-recent entry is 2026-05-06 (PAN-OS) — outside 36h window
bridge:url confirmed via tools/fetch_source.py — RSS feed reachable but most-recent entry is 2026-05-06 (PAN-OS) — outside 36h window
databreaches-nethttps://databreaches.net/webfetchbridge:urlwebsearch-fallback403 transport-403
WebFetch returned HTTP 403 — host blocks routine UA
bridge:url attempted via tools/fetch_source.py — host still 403; WebSearch fallback returned no unique in-window breach material beyond what S4 sources covered
akamai-sirthttps://www.akamai.com/blog/security-researchwebfetchwebsearch-fallback403 transport-403
Both RSS feed and blog listing returned 403
WebSearch found no in-window Akamai SIRT research — no content loss confirmed
trendmicro-researchhttps://www.trendmicro.com/en_us/research.htmlwebfetchwebsearch-fallback500
Feed XML parse error during fetch
WebSearch returned only January 2026 TrendMicro research — no in-window content
sophos-xopshttps://news.sophos.com/en-us/category/security-operations/webfetch503 transport-5xx
HTTP 503 Service Unavailable
Transient transport failure — content loss for this run; will retry next run

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 8 findings (truth=4, editorial=1, advisory=2) · Claude Opus 4.7 · 5m 25s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F1
broken-url
deep-diveTycoon2FA deep dive — Conditional Access doc URL404. Replaced with policy-block-authentication-flows canonical doc.replaced URL with https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows fixed-clean
F3
claim-not-supported
updatesCVE-2026-42945 Security Affairs corroboration
Security Affairs date and ITW claim
Security Affairs byline is 2026-05-14 not 17; article does not claim ITW exploitation. Fix date; demote to corroborating flaw+patch source.corrected date to 2026-05-14; kept as Additional source for flaw/patch background only fixed-clean
F3
claim-not-supported
active-threatsTHORChain Chainalysis five-part
five-part on-chain analysis
CryptoTimes describes single X-thread disclosure; five-part unsupported.replaced with on-chain analysis thread on 2026-05-16 fixed-clean
F4
hallucinated-fact
updatesCVE-2026-42945 patches list — 37.0.0
NGINX Plus 37.0.0
No source supports NGINX Plus 37.0.0 patch.dropped 37.0.0 from TL;DR and § 4 UPDATE fixed-clean
F4
hallucinated-fact
updatesCVE-2026-42945 first-release date 2008-06
2008-06
NGINX 0.6.27 released 2008-03-12; sub-agent did not state month.changed 2008-06 to 2008 (no month) fixed-clean
F6
strengthen-primary-source
updatesCVE-2026-42945 primary source chain
Source order
Better primary is depthfirst (researcher) and F5 K000161019 (vendor).depthfirst remains candidate (per PD-3.6 one-per-run cap with cryptotimes); F5 advisory referenced via NCSC-CH detection anchor. THN retained as Source for May- deferred
F11
editorial-advisory
active-threatsTHORChain Switzerland-incorporated framing
Switzerland-incorporated
Source says Switzerland-based; incorporated implies legal entity.softened to Switzerland-based throughout brief + covered_items.json fixed-clean
F11
editorial-advisory
active-threatsTHORChain GG20-TSS hypothesis attribution chain
GG20 TSS hypothesis
Hypothesis carried via CryptoTimes (candidate); attribute via Chainalysis/PeckShield/Cyvers framing.reworded to attribute hypothesis to Chainalysis / PeckShield / Cyvers via CryptoTimes fixed-clean

Iteration #2 NEEDS_FIXES · 5 findings (truth=4, editorial=1, advisory=0) · Claude Sonnet 4.6 · 1m 57s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
action-itemsNGINX action item still contains 37.0.0
NGINX Plus → R32 P6 / R36 P4 / 37.0.0
iter 1 fix missed § 6.dropped /37.0.0 from § 6 action item fixed-clean
F4
hallucinated-fact
tldr/deep-diveTycoon2FA BunnyCDN claim
Infrastructure migrated from Cloudflare Workers to BunnyCDN
Neither BleepingComputer nor eSentire TRU mention BunnyCDN.fetched eSentire article in fix-iteration (META invariant #16 carve-out); eSentire records ASN rotation to AS45102 Alibaba Cloud, not BunnyCDN. Replaced BunnyCD fixed-clean
F4
hallucinated-fact
active-threatsTHORChain 12,847 affected wallets
12,847 user wallets reported affected swap positions
Not in The Record, TRM Labs, or CryptoTimes.removed quantifier; replaced with The Record citation that user balances were not directly drained fixed-clean
F4
hallucinated-fact
active-threatsTHORChain recovery portal claims-deadline
recovery portal on 2026-05-16 (claims deadline 2026-06-04)
Not in The Record, TRM Labs, or CryptoTimes.removed recovery portal date claim entirely from § 1 body and TL;DR fixed-clean
F10
missed-angle
deep-diveAbnormal Security Tycoon2FA rebuild postLinked from BleepingComputer; possible primary source.fetched eSentire URL instead (was already the primary cited source for the campaign) and confirmed the original details. Abnormal Security URL not fetched this deferred

Iteration #3 NEEDS_FIXES · 5 findings (truth=3, editorial=1, advisory=1) · Claude Opus 4.7 · 8m 07s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
updatesCVE-2026-42945 NGINX detection anchors attributed to NCSC-CH post #12575
SIGSEGV/SIGABRT detection anchors
NCSC-CH post #12575 contains no SIGSEGV/SIGABRT/syslog/journald anchors.reworded attribution to omit NCSC-CH source claim and frame the anchors as defender-derived from the flaw class; added F5 PSIRT K000161019 as Additional source fixed-clean
F4
hallucinated-fact
deep-diveTycoon2FA Evidence fabricated quote continuation
eSentire quote second half
Only first half verbatim; post-em-dash continuation fabricated.replaced fabricated continuation with the article's actual sentence: "There is no proxy, no credential capture, no fake Microsoft page." fixed-clean
F4
hallucinated-fact
active-threatsTHORChain TSSHOCK CVE-2023-33242 vs -33241
CVE-2023-33242 cited for GG20 keygen mechanism
CVE-2023-33242 is Lindell17 TSS abort-handling; the mechanism described is CVE-2023-33241 (Fireblocks GG18/GG20 Paillier).replaced CVE-2023-33242 with CVE-2023-33241 in brief body, NVD URL, and state/cves_seen.json fixed-clean
F6
strengthen-primary-source
updatesCVE-2026-42945 NGINX missing F5 PSIRT
F5 K000161019
F5 PSIRT advisory is canonical vendor primary cited by NCSC-CH + Security Affairs.added F5 PSIRT K000161019 to § 4 UPDATE Source chain (as Additional source) and § 6 action item Source (as first link); referenced in § 4 body as Affected attri fixed-clean
F11
editorial-advisory
deep-divetrustifi.com marketing-homepage linkVendor marketing homepage; not a Source.dropped the inline link entirely; Trustifi name retained as plain text fixed-clean

Iteration #4 CLEAN · 1 finding (truth=0, editorial=0, advisory=1) · Claude Sonnet 4.6 · 5m 17s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F11
editorial-advisory
active-threatsTHORChain Evidence footer composite paraphrase of The Record
One of THORChain six vaults...
Quoted phrasing is a composite paraphrase of The Record, not verbatim; underlying claim factually supported and body prose correctly paraphrases.Accepted on CLEAN verdict per verifier (no remediation required for publication). To address in a follow-up edit if a future iteration surfaces it as truth-clas residual-at-cap

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-18-2eabc1cf · Claude Opus 4.7 · 5 entries published

  • Coverage window: standard daily (gap to prior brief 2026-05-17 ≈ 24 h; window_hours = 36). Quiet Sunday-into-Monday — § 2 and § 3 are intentionally empty per PD-11.
  • Items dropped (sub-agent returned but failed Phase 2 / dedup / recency):
    • SEPPmail CVE-2026-44125 / 44126 / 44127 / 44128 / 44129 / 7864 cluster (NCSC-CH post #12551, 2026-05-08) — already covered in the 2026-05-09 deep dive and the CVEs are all in cves_seen.json; the NCSC-CH advisory date (2026-05-08) is 10 days outside window_hours = 36; dropped, no in-window delta.
    • Windows YellowKey / GreenPlasma zero-days (NCSC-CH post #12574, 2026-05-14) — already covered in the 2026-05-15 § 1; no fresh in-window development.
    • DHTMLX CVE-2026-41553 / 41552 / 7182 — already covered as a TL;DR item in 2026-05-17; CERT-PL advisory date 2026-05-15 sits at the edge of window but the coverage is already current.
    • NCSC-CH weekly review Week 19 (advance-fee scam, double-phishing awareness items) — primary-source date 2026-05-12 is outside window_hours; awareness-class content with no fresh defender action.
  • Single-source items: [SINGLE-SOURCE] CVE-2026-0300 PAN-OS § 4 UPDATE — sole primary source is the Palo Alto Networks PSIRT advisory (vendor-authoritative; national-CERT carve-out does not apply but vendor-PSIRT is itself the primary disclosing party).
  • Included with reduced confidence (no in-window primary): none in this brief — the three out-of-window S3 items were dropped rather than promoted.
  • Out-of-window research deferred to weekly summary (or next-week daily if material develops):
    • The DFIR Report, 2026-05-11 — EtherRAT blockchain-C2 + TukTuk SaaS-C2 chain ending in Gentleman ransomware; novel detection-engineering content (EtherHiding / Arweave dead-drop / multi-SaaS C2 fingerprints) but source is 7 days outside window_hours.
    • Microsoft Security Blog, 2026-05-12 — 123-day MSP-mediated intrusion via HPE Operations Manager with malicious Windows Network Provider DLL and LSA password-filter persistence; high relevance to public-sector outsourced IT but 6 days outside window_hours.
    • Unit 42, 2026-05-11 — Active Directory Certificate Services ESC1 + shadow-credential exploitation attributed to Fighting Ursa (APT28); 7 days outside window_hours.
  • Contradictions surfaced: CVSS scoring for CVE-2026-42945 NGINX Rift differs across primaries — NCSC-CH lists CVSS 4.0: 9.2 Critical while NVD currently has no published score; The Hacker News and Security Affairs cite the F5 advisory's CVSS 4.0 base of 9.2 used in this brief. CVSS 3.1 score reported by NCSC-NL feed is 8.1. Brief uses the CVSS 4.0 score most widely cited by national-CERT sources.
  • Sub-agents that didn't return on time: none — S1 (348 s), S2 (677 s), S3 (576 s), S4 (679 s) all returned inside the 30-min hard cap.
  • Candidate sources surfaced this run (one new candidate maximum per PD-3.6): depthfirst (depthfirst.com) — AI-assisted vulnerability research, primary disclosure source for CVE-2026-42945 NGINX Rift cited by NCSC-CH; recorded as status: candidate in sources/sources.json. A second candidate (cryptotimes) was surfaced by S4 for THORChain technical post-mortems and is held for a future run per the one-candidate-per-run cap.
  • Coverage gaps: cisa-kev (bridge subcommand returned no in-window adds beyond CVE-2026-20182 / CVE-2026-42897 already covered); apple-security (no in-window emergency update); chrome-releases (no in-window emergency update); akamai-sirt (RSS 403 — no in-window content corroborated via search); trendmicro-research (feed parse error — no in-window content corroborated via search); sophos-xops (HTTP 503 — no in-window content corroborated via search); inside-it-ch (host 403 — no in-window CH-specific incidents); cert-eu (most recent advisory 2026-05-06; feed empty in window); ncsc-ch weekly-review-kw20 (Week 20 review not yet published as of 2026-05-18T04:50Z); cert-fr actu (feed appears stale, items dated Sep–Oct 2025); sec-disclosures-edgar (Item 1.05 search returned zero filings for 2026-05-15 → 2026-05-18 — US weekend); ico-uk (no new enforcement actions in window); cnil-fr (no new enforcement decisions in window); databreaches-net (host 403 — WebSearch fallback used per documented mitigation).

Unmatched action items (migrated)

  • Block OAuth Device Code flow tenant-wide in Entra ID Conditional Access where it is not operationally required. Path: Conditional Access → New policy → Conditions → Authentication flows → Device code flow → Block. Scope to all user accounts and exempt only the named service principals (smart-TV, IoT, CLI) that demonstrably need it. Where a wholesale block is infeasible, restrict the device-code flow to compliant devices and named-location IPs. Monitor Entra ID sign-in logs for AuthenticationProtocol = "deviceCode" from unfamiliar IPs against high-privilege users — see § 5 deep dive.

Migrated from briefs/2026-05-18.md (v2).

← Operations dashboard · day page 2026-05-18 · run-record contract: docs/pipeline.md