ctipilot.ch

2026-05-20-a0f7b07f

One pipeline fire, in full · intel run of 2026-05-20 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-20/2026-05-20-a0f7b07f.md.

Run telemetry

2026-05-20-a0f7b07f intel prompt v2.59
26m 01s duration 16 published 2 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
5
Duration
10m 55s
Tool calls
14 WebFetch18 WebSearch16 bridge
Cited sources
7 of 12 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
5m 21s
Tool calls
6 WebFetch10 WebSearch12 bridge
Cited sources
4 of 9 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
8
Duration
7m 32s
Tool calls
22 WebFetch6 WebSearch14 bridge
Cited sources
9 of 11 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
9m 32s
Tool calls
14 WebFetch18 WebSearch9 bridge
Cited sources
3 of 8 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.7 (1M context) · t=3 e=1 a=0 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=0 a=0 #3 NEEDS_FIXES · Claude Opus 4.7 (1M context) · t=2 e=0 a=0 #4 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=0 a=0

Deep dive

2026-05-20/storm-2949-sspr-to-key-vault-azure-kill-chain

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
inside-it-chhttps://www.inside-it.ch/webfetchbridge:urlwebsearch403 transport-403
Cloudflare Managed Challenge blocks both WebFetch and bridge:url; rotation-priority candidate for 4 consecutive runs
none — no in-window Swiss-only content distinct from NCSC.ch / BSI captures
databreaches-nethttps://www.databreaches.net/webfetchbridge:urlwebsearch403 transport-403
Cloudflare-gated; bridge:url also blocked; no usable Wayback snapshot in-window; rotation-priority candidate
none — WebSearch pivots returned only aggregator restatements
sophos-xopshttps://news.sophos.com/feed/webfetch503 transport-5xx
Sophos X-Ops featured-blog feed returned HTTP exit-1 (feed parse failure); rotation-priority candidate (3 runs failing)
none — no in-window Sophos content recovered

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 5 findings (truth=3, editorial=1, advisory=0) · Claude Opus 4.7 · 7m 04s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
researchCisco Talos demo.pdb BadIIS — campaign scope claims
over 1,800 Windows IIS servers compromised globally; Thailand, Vietnam, India, Pakistan, Japan
Cited Talos article does not state any specific server count and does not name those countries; says 'Asia-Pacific region (along with a few in South Africa, Europe, North America)'.Replaced specific count + country list with the verbatim Talos phrasing ('Asia-Pacific region with smaller number in South Africa, Europe, and North America'). fixed-clean
F3
claim-not-supported
active-threatsFox Tempest pricing / Telegram / Google Form sentence
$5,000-$9,000 per signing run via Google Form; 'EV Certs for Sale by SamCodeSign' Telegram channel attributed to The Rec
Specifics come from Microsoft Threat Intelligence blog; The Record citation does not contain them. Re-attribute.Removed the unsupported pricing/Telegram/Google Form specifics; restructured paragraph so Microsoft TI is the cited primary for the technical details and The Re fixed-clean
F3
claim-not-supported
trending-vulnerabilitiesvm2 patched-version claim
Full patch: upgrade to vm2 3.11.2
BSI WID-SEC-2026-1583 (cited primary) lists fixed version <3.11.4; brief asserts 3.11.2.Updated brief + § 6 action item to vm2 3.11.4 per BSI primary; added § 7 contradiction line surfacing the 3.11.2 vs 3.11.4 discrepancy. fixed-clean
F14
quantifier-without-source
trending-vulnerabilitiesDirtyDecrypt CVSS 7.5 / CWE-122
(CVSS 7.5, CWE-122)
Primary sources (Moselwal, BleepingComputer) don't state CVSS 7.5 or CWE-122; only Hacker News (Additional source) carries 7.5.Dropped CVSS/CWE inline early in body; added a half-sentence noting Hacker News carries CVSS 7.5 while Moselwal characterises LPE class as 7.8-8.1 range without fixed-clean
F12
single-source-flag-missing
active-threatsFox Tempest — effectively single-organisational-source
Two of three sources are Microsoft properties
Microsoft Threat Intelligence + Microsoft On the Issues + corroborating The Record; effectively single-organisational primary.Added § 7 Verification Notes line acknowledging single-organisational-source posture; vendor-as-primary carve-out per PD-5 applies (Microsoft is disclosing part fixed-clean

Iteration #2 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Sonnet 4.6 · 3m 14s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
trending-vulnerabilitiesvm2 H3 heading — stale 'patch to 3.11.2' inconsistent with body / action item /
vm2 Node.js sandbox — ... sandbox escape to host RCE, patch to 3.11.2
Heading drift from iter-1 remediation: body / § 6 / § 7 were updated to 3.11.4 (BSI WID-SEC-2026-1583 primary) but the H3 heading still read 'patch to 3.11.2'.Heading updated to 'upgrade to ≥ 3.11.4' (consistent with body, action item, § 7). fixed-clean

Iteration #3 NEEDS_FIXES · 2 findings (truth=2, editorial=0, advisory=0) · Claude Opus 4.7 · 4m 39s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
active-threatsFox Tempest — '~1,000 accounts' takedown count not in sources
took down ~1,000 accounts
Microsoft TI confirms 1,000+ certificates; On the Issues blog references 'hundreds of fraudulent Microsoft accounts' Fox Tempest created. Likely conflation with certificates count.Dropped the '~1,000 accounts' clause; clarified language to 'disabled hundreds of Cloudzy-hosted VMs that Fox Tempest used as its delivery surface'. fixed-clean
F3
claim-not-supported
deep-diveStorm-2949 — Key Vault role misattributed as Contributor; Microsoft says Owner
pivoted to Azure Key Vault using the Key Vault Contributor role
Microsoft Storm-2949 blog verbatim: 'Part of the compromised user's Azure RBAC permissions was the privileged Owner role over a specific Key Vault'. Brief misattributed in both Phase 3 narrative and tReplaced 'Key Vault Contributor' with 'Owner' in the Phase 3 narrative; updated hardening bullet to discuss both Owner and Key Vault Contributor (both confer ma fixed-clean

Iteration #4 NEEDS_FIXES cap-breach · 1 finding (truth=1, editorial=0, advisory=0) · Claude Sonnet 4.6 · 4m 50s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F13
analytical-link-as-fact
tldrTL;DR over-attributes Nx Console to Mini Shai-Hulud cluster
actions-cool/issues-helper GitHub Action and Nx Console VS Code extension — confirmed linked to the Mini Shai-Hulud clus
Only actions-cool/issues-helper carries the Socket-attributed Mini Shai-Hulud cluster link (via domain overlap). The Nx Console primary (The Hacker News) attributes to 'a developer's compromised machiRe-scoped the TL;DR sentence: 'actions-cool/issues-helper GitHub Action (exfil infrastructure overlapping with the Mini Shai-Hulud cluster per Socket) and Nx Co fixed-clean

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-20-a0f7b07f · Claude Opus 4.7 · 16 entries published

  • Items dropped — out-of-window primary sources (PD-7 recency enforcement).
    • CVE-2026-44277 / CVE-2026-26083 — Fortinet FortiAuthenticator + FortiSandbox unauthenticated RCE (Fortinet PSIRT FG-IR-26-128 / FG-IR-26-136 dated 2026-05-12; NCSC.ch CSH post 12569 dated 2026-05-13). Primary advisories sit ~8 days outside the 36-h window with no fresh exploitation evidence in-window; defer to next coverage if Fortinet exploitation evidence emerges. Both CVEs and the patched-versions reference remain in the § 2 CVE summary table as context only.
    • CVE-2026-45185 — Exim "Dead.Letter" UAF in BDAT/GnuTLS (oss-security disclosure 2026-05-12, XBOW blog 2026-05-12, NCSC.NL NCSC-2026-0163 published 2026-05-15). Primary source 8 days outside window; NCSC.NL corroboration is 5 days outside. No in-window exploitation evidence to drive an UPDATE; defer.
    • Ofcom UK Online Safety Act hash-matching final decision (The Record, 2026-05-19). UK-domestic regulatory action affecting platform operators; single-source, in-window, but does not clear PD-11 inclusion bar (no Swiss/EU public-sector SOC operational delta in the next 1–7 days). Deferred from § 1 / § 6.
  • Single-source items (PD-5 marked).
    • Huawei VRP / POST Luxembourg zero-day in § 1 — Recorded Future News, 2026-05-19. HIGH-reliability investigative journalism with named institutional sources (POST Luxembourg head of communications Paul Rausch, Luxembourg High Commission for National Protection spokesperson Anne Jung). Huawei did not respond to questions; no second independent outlet had broken the story at brief composition. Marked [SINGLE-SOURCE] per policy.
    • CVE-2026-45584 — Microsoft Defender network RCE in § 2 — MSRC only; national-CERT carve-out applies (Microsoft is the disclosing vendor; primary).
    • CVE-2026-45585 (YellowKey) UPDATE in § 4 — MSRC only for the formal CVE assignment + mitigation publication. National-CERT-style carve-out for vendor-as-primary applies.
    • CVE-2026-41091 in § 2 — MSRC only for the active-exploitation confirmation; vendor-as-primary carve-out.
    • Cisco Talos BadIIS "demo.pdb" in § 3 — Cisco Talos research is itself the primary; included as substantive primary research per PD-12.
    • Fox Tempest disruption (§ 1) — effectively single-organisational-source: two of three cited URLs are Microsoft properties (Microsoft Threat Intelligence security blog + Microsoft On the Issues DCU legal blog); The Record corroborates but does not independently verify the technical specifics. Vendor-as-primary carve-out applies — Microsoft is the disclosing party and the action's filer.
  • Reduced-confidence items.
    • TheGentlemen RaaS UPDATE (§ 4) — DeXpose aggregator coverage of leak-site listings. The listings themselves are the primary fact; neither victim (VSFS, DEVO-Tech AG) has publicly confirmed the breach. Framed as listing-by-actor-not-victim-confirmation per PD-6.
  • Contradictions surfaced.
    • CVE-2026-44277 CVSS — NCSC.ch CSH post 12569 lists 9.1; BleepingComputer and Fortinet PSIRT carry 9.8. Item deferred this run (out of window); flag for next-run resolution if the item re-enters.
    • vm2 comprehensive-fix versionBSI WID-SEC-2026-1583 lists the fixed version as <3.11.4 (i.e. 3.11.4 is the safe cut-over); The Hacker News reports 3.11.2 as the patch closing the last two CVEs in the 12-CVE cluster (CVE-2026-44008 / 44009). Brief and action items report ≥ 3.11.4 per BSI as the comprehensive, primary-cited cut-over; defenders that already moved to 3.11.2 close 10 of 12 CVEs but BSI flags 3.11.4 as the full fix.
  • Coverage window: Standard daily — 36 h (gap of 24 h to prior brief briefs/2026-05-19.md).
  • Sub-agents. All four returned (S1 / S2 / S3 / S4). S1 wall-clock 681 s; S2 wall-clock 333 s; S3 wall-clock 468 s; S4 wall-clock 587 s. None stalled at the 30-min cap. Models: Claude Sonnet 4.6 across all four research sub-agents; main agent Claude Opus 4.7. Verification: 4 iterations (Opus 4.7 / Sonnet 4.6 / Opus 4.7 / Sonnet 4.6 per the model-rotation table). Iter 1 found F4 + F3×2 + F14 + F12 (5 findings; all remediated). Iter 2 found one residual H3-heading drift on vm2 patch version (3.11.2 → 3.11.4); remediated. Iter 3 found F4 (Fox Tempest "~1,000 accounts" hallucinated count) + F3 (Storm-2949 Key Vault role misattributed Contributor → Owner); both remediated. Iter 4 found F13 (TL;DR over-attributed Nx Console to Mini Shai-Hulud cluster); remediated in-place — published per early-exit rule (NEEDS_FIXES with truth + editorial ≤ 2 AND no F1/F4 → apply remediations, publish). verification_residual_count = 1 reflects iter-4's flagged truth count even though the remediation has been applied; the Ops dashboard cap-breach signal surfaces the residual for after-the-fact review.
  • Coverage gaps: inside-it-ch (Cloudflare Managed Challenge — affected S2, S3, S4; WebSearch fallback yielded no Swiss-only in-window items distinct from NCSC.ch and BSI captures); databreaches-net (Cloudflare-gated — S4 rotation-priority candidate; no usable Wayback snapshot in window); cert-fr-actu (feed stale, returned only Sep–Oct 2025 items); ncsc-uk (no in-window advisory body content); cert-eu (last advisory 2026-006 is from 2026-05-06, outside window); ico-uk (no fresh enforcement in-window); sophos-xops (RSS feed parse failure, rotation-priority); trendmicro-research (not attempted within S3 time budget, rotation-priority); drupal.org (PSA-2026-05-18 page Cloudflare-gated for sub-agents; primary captured via NCSC.ch Security Hub corroboration + SecurityWeek + The Register + BSI WID); fortiguard.fortinet.com (SPA returned empty body; coverage via NCSC.ch CSH + BleepingComputer); drupal.org/security feed (Cloudflare client challenge — sub-agents could not fetch directly, used corroborating sources); sec-edgar-8k (0 Item-1.05 filings in 2026-05-19 / 2026-05-20 window).

Unmatched action items (migrated)

  • Schedule emergency Drupal patch window for today 17:00–21:00 UTC. Freeze unrelated changes, monitor the Drupal Security Advisories feed at 17:00 UTC, apply within hours of release — Drupal Security Team warns exploits expected within hours of disclosure on a 20/25-scored pre-auth flaw. Public-sector portals (Swiss federal / cantonal / municipal, EU-agency, university) are the priority (Drupal PSA-2026-05-18 · NCSC.ch Security Hub 12584).
  • Audit GitHub Actions workflows for any unpinned third-party reference. Enforce full-commit-SHA pinning in repository policy; deploy Harden-Runner or equivalent egress controls. Any pipeline that ran actions-cool/issues-helper@v* between 2026-05-18 and the action's takedown — rotate every secret accessible to that workflow (GitHub PATs, npm, AWS, SSH, deployment keys) (StepSecurity, 2026-05-18).
  • Apply phishing-resistant MFA + SSPR Conditional Access on privileged Azure / M365 roles. Storm-2949's kill chain starts with SSPR voice-phishing of IT and senior-leadership accounts; FIDO2 / certificate-based MFA on Owner, Key Vault Contributor, Storage Account Contributor, SQL Server Contributor, App Service Contributor, and Global / Privileged admin roles closes the entry vector. Restrict SSPR registration of new recovery methods to pre-registered devices via Conditional Access. Enable Defender for Cloud on Key Vault, App Service, Storage, and SQL (Microsoft Threat Intelligence, 2026-05-18).
  • Hunt Microsoft-signed binaries with ≤ 72 h certificate validity from Trusted Signing issuers after 2025-05-01. Where the signing CN does not match a known organisational EV identity, treat as suspect; correlate with Teams / AnyDesk / Webex / PuTTY installer process trees spawning cmd.exe / powershell.exe / rundll32 / regsvr32 without Microsoft installer ancestry (Sysmon EID 1 with parent-image filter) — Vanilla Tempest / Rhysida and Oyster/Broomstick (Microsoft Threat Intelligence, 2026-05-19).
  • SBOM-scan Node.js dependencies for vm2 < 3.11.4 across CI/CD runners, automation platforms (n8n etc.), and AI-agent stacks. Upgrade to 3.11.4 per BSI WID-SEC-2026-1583 as the comprehensive fix; 3.11.2 closes 10 of 12 CVEs but BSI flags 3.11.4 as the safe cut-over. No configuration workaround. Multiple CVSS 10.0 sandbox-escape CVEs with public PoC; AI agents that pass model-generated code through vm2 are direct host-RCE vectors (BSI WID-SEC-2026-1583).
  • Huawei VRP enterprise-router operators (telco / large enterprise): escalate the Luxembourg outage advisory with Huawei account team and demand status on whether the underlying flaw is patched and applicable to your fleet. No public CVE 10 months on (The Record, 2026-05-19).

Migrated from briefs/2026-05-20.md (v2).

← Operations dashboard · day page 2026-05-20 · run-record contract: docs/pipeline.md