2026-05-20-a0f7b07f
One pipeline fire, in full · intel run of 2026-05-20 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-20/2026-05-20-a0f7b07f.md.
Run telemetry
- Items returned
- 5
- Duration
- 10m 55s
- Tool calls
- 14 WebFetch18 WebSearch16 bridge
- Cited sources
- 7 of 12 in slice
- Items returned
- 4
- Duration
- 5m 21s
- Tool calls
- 6 WebFetch10 WebSearch12 bridge
- Cited sources
- 4 of 9 in slice
- Items returned
- 8
- Duration
- 7m 32s
- Tool calls
- 22 WebFetch6 WebSearch14 bridge
- Cited sources
- 9 of 11 in slice
- Items returned
- 4
- Duration
- 9m 32s
- Tool calls
- 14 WebFetch18 WebSearch9 bridge
- Cited sources
- 3 of 8 in slice
Verification
Deep dive
2026-05-20/storm-2949-sspr-to-key-vault-azure-kill-chain
Entries published (this run)
- Drupal core "highly critical" pre-patch warning — unauthenticated, zero-complexity, patch window today 17:00–21:00 UTC threat notable
- Microsoft DCU disrupts Fox Tempest malware-signing-as-a-service feeding Rhysida, INC, Qilin and Akira ransomware operations threat high
- Sparx Enterprise Architect / Pro Cloud Server — five-CVE chain (pre-auth SQL injection + WebEA race-condition RCE), public PoC, no vendor patch threat high
- actions-cool/issues-helper GitHub Action compromised — 53 tags moved to imposter commit reading Runner.Worker /proc/PID/mem; linked to Mini Shai-Hulud threat high
- Nx Console VS Code extension (2.2 M installs) compromised via stolen publisher credentials — 11-minute window 2026-05-18 12:36–12:47 UTC threat notable
- Huawei VRP enterprise-router zero-day caused POST Luxembourg nationwide telecom outage (July 2025) — no CVE filed 10 months later threat notable
- CVE-2026-41091 — Microsoft Defender Engine link-following EoP, actively exploited vulnerability high
- CVE-2026-45584 — Microsoft Defender Engine heap-buffer-overflow RCE over network vulnerability notable
- CVE-2026-31635 ("DirtyDecrypt") — Linux kernel RxGK page-cache write, public PoC; Fedora, Arch, openSUSE Tumbleweed affected vulnerability notable
- vm2 Node.js sandbox — 12 critical CVEs (CVE-2026-43997 / 43999 / 44005 / 44006 / 44008 / 44009 et al.), sandbox escape to host RCE, upgrade to ≥ 3.11.4 vulnerability notable
- Cisco Talos: "demo.pdb" BadIIS variant now a commodity MaaS IIS ISAPI backdoor; lwxat developer alias, builder tool recovered research notable
- CVE-2026-45585 (YellowKey) — Microsoft formally assigns CVE and publishes WinRE mitigation vulnerability notable update
- SEPPmail Secure E-Mail Gateway — InfoGuard Labs full technical write-up; new CVE-2026-2743 (CVSS 10.0 pre-auth path traversal in LFT) vulnerability notable update
- TheGentlemen RaaS lists Czech university and Swiss engineering firm on leak site incident notable
- Storm-2949 SSPR-to-Key-Vault Azure kill chain threat high
- Prepare emergency Drupal patch window for today 17:00–21:00 UTC threat critical
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
No source-list edits recorded for this run.
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
| Source (uncovered) | URL tried | Method chain | Status / class | What the agent did instead |
|---|---|---|---|---|
| inside-it-ch | https://www.inside-it.ch/ | webfetch → bridge:url → websearch | 403 transport-403 Cloudflare Managed Challenge blocks both WebFetch and bridge:url; rotation-priority candidate for 4 consecutive runs | none — no in-window Swiss-only content distinct from NCSC.ch / BSI captures |
| databreaches-net | https://www.databreaches.net/ | webfetch → bridge:url → websearch | 403 transport-403 Cloudflare-gated; bridge:url also blocked; no usable Wayback snapshot in-window; rotation-priority candidate | none — WebSearch pivots returned only aggregator restatements |
| sophos-xops | https://news.sophos.com/feed/ | webfetch | 503 transport-5xx Sophos X-Ops featured-blog feed returned HTTP exit-1 (feed parse failure); rotation-priority candidate (3 runs failing) | none — no in-window Sophos content recovered |
Verification findings · all iterations
Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.
Iteration #1 NEEDS_FIXES · 5 findings (truth=3, editorial=1, advisory=0) · Claude Opus 4.7 · 7m 04s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | research | Cisco Talos demo.pdb BadIIS — campaign scope claims over 1,800 Windows IIS servers compromised globally; Thailand, Vietnam, India, Pakistan, Japan | Cited Talos article does not state any specific server count and does not name those countries; says 'Asia-Pacific region (along with a few in South Africa, Europe, North America)'. | Replaced specific count + country list with the verbatim Talos phrasing ('Asia-Pacific region with smaller number in South Africa, Europe, and North America'). fixed-clean |
| F3 claim-not-supported | active-threats | Fox Tempest pricing / Telegram / Google Form sentence $5,000-$9,000 per signing run via Google Form; 'EV Certs for Sale by SamCodeSign' Telegram channel attributed to The Rec | Specifics come from Microsoft Threat Intelligence blog; The Record citation does not contain them. Re-attribute. | Removed the unsupported pricing/Telegram/Google Form specifics; restructured paragraph so Microsoft TI is the cited primary for the technical details and The Re fixed-clean |
| F3 claim-not-supported | trending-vulnerabilities | vm2 patched-version claim Full patch: upgrade to vm2 3.11.2 | BSI WID-SEC-2026-1583 (cited primary) lists fixed version <3.11.4; brief asserts 3.11.2. | Updated brief + § 6 action item to vm2 3.11.4 per BSI primary; added § 7 contradiction line surfacing the 3.11.2 vs 3.11.4 discrepancy. fixed-clean |
| F14 quantifier-without-source | trending-vulnerabilities | DirtyDecrypt CVSS 7.5 / CWE-122 (CVSS 7.5, CWE-122) | Primary sources (Moselwal, BleepingComputer) don't state CVSS 7.5 or CWE-122; only Hacker News (Additional source) carries 7.5. | Dropped CVSS/CWE inline early in body; added a half-sentence noting Hacker News carries CVSS 7.5 while Moselwal characterises LPE class as 7.8-8.1 range without fixed-clean |
| F12 single-source-flag-missing | active-threats | Fox Tempest — effectively single-organisational-source Two of three sources are Microsoft properties | Microsoft Threat Intelligence + Microsoft On the Issues + corroborating The Record; effectively single-organisational primary. | Added § 7 Verification Notes line acknowledging single-organisational-source posture; vendor-as-primary carve-out per PD-5 applies (Microsoft is disclosing part fixed-clean |
Iteration #2 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Sonnet 4.6 · 3m 14s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | trending-vulnerabilities | vm2 H3 heading — stale 'patch to 3.11.2' inconsistent with body / action item / vm2 Node.js sandbox — ... sandbox escape to host RCE, patch to 3.11.2 | Heading drift from iter-1 remediation: body / § 6 / § 7 were updated to 3.11.4 (BSI WID-SEC-2026-1583 primary) but the H3 heading still read 'patch to 3.11.2'. | Heading updated to 'upgrade to ≥ 3.11.4' (consistent with body, action item, § 7). fixed-clean |
Iteration #3 NEEDS_FIXES · 2 findings (truth=2, editorial=0, advisory=0) · Claude Opus 4.7 · 4m 39s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | active-threats | Fox Tempest — '~1,000 accounts' takedown count not in sources took down ~1,000 accounts | Microsoft TI confirms 1,000+ certificates; On the Issues blog references 'hundreds of fraudulent Microsoft accounts' Fox Tempest created. Likely conflation with certificates count. | Dropped the '~1,000 accounts' clause; clarified language to 'disabled hundreds of Cloudzy-hosted VMs that Fox Tempest used as its delivery surface'. fixed-clean |
| F3 claim-not-supported | deep-dive | Storm-2949 — Key Vault role misattributed as Contributor; Microsoft says Owner pivoted to Azure Key Vault using the Key Vault Contributor role | Microsoft Storm-2949 blog verbatim: 'Part of the compromised user's Azure RBAC permissions was the privileged Owner role over a specific Key Vault'. Brief misattributed in both Phase 3 narrative and t | Replaced 'Key Vault Contributor' with 'Owner' in the Phase 3 narrative; updated hardening bullet to discuss both Owner and Key Vault Contributor (both confer ma fixed-clean |
Iteration #4 NEEDS_FIXES cap-breach · 1 finding (truth=1, editorial=0, advisory=0) · Claude Sonnet 4.6 · 4m 50s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F13 analytical-link-as-fact | tldr | TL;DR over-attributes Nx Console to Mini Shai-Hulud cluster actions-cool/issues-helper GitHub Action and Nx Console VS Code extension — confirmed linked to the Mini Shai-Hulud clus | Only actions-cool/issues-helper carries the Socket-attributed Mini Shai-Hulud cluster link (via domain overlap). The Nx Console primary (The Hacker News) attributes to 'a developer's compromised machi | Re-scoped the TL;DR sentence: 'actions-cool/issues-helper GitHub Action (exfil infrastructure overlapping with the Mini Shai-Hulud cluster per Socket) and Nx Co fixed-clean |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-05-20-a0f7b07f · Claude Opus 4.7 · 16 entries published
- Items dropped — out-of-window primary sources (PD-7 recency enforcement).
- CVE-2026-44277 / CVE-2026-26083 — Fortinet FortiAuthenticator + FortiSandbox unauthenticated RCE (Fortinet PSIRT FG-IR-26-128 / FG-IR-26-136 dated 2026-05-12; NCSC.ch CSH post 12569 dated 2026-05-13). Primary advisories sit ~8 days outside the 36-h window with no fresh exploitation evidence in-window; defer to next coverage if Fortinet exploitation evidence emerges. Both CVEs and the patched-versions reference remain in the § 2 CVE summary table as context only.
- CVE-2026-45185 — Exim "Dead.Letter" UAF in BDAT/GnuTLS (oss-security disclosure 2026-05-12, XBOW blog 2026-05-12, NCSC.NL NCSC-2026-0163 published 2026-05-15). Primary source 8 days outside window; NCSC.NL corroboration is 5 days outside. No in-window exploitation evidence to drive an UPDATE; defer.
- Ofcom UK Online Safety Act hash-matching final decision (The Record, 2026-05-19). UK-domestic regulatory action affecting platform operators; single-source, in-window, but does not clear PD-11 inclusion bar (no Swiss/EU public-sector SOC operational delta in the next 1–7 days). Deferred from § 1 / § 6.
- Single-source items (PD-5 marked).
- Huawei VRP / POST Luxembourg zero-day in § 1 — Recorded Future News, 2026-05-19. HIGH-reliability investigative journalism with named institutional sources (POST Luxembourg head of communications Paul Rausch, Luxembourg High Commission for National Protection spokesperson Anne Jung). Huawei did not respond to questions; no second independent outlet had broken the story at brief composition. Marked
[SINGLE-SOURCE]per policy. - CVE-2026-45584 — Microsoft Defender network RCE in § 2 — MSRC only; national-CERT carve-out applies (Microsoft is the disclosing vendor; primary).
- CVE-2026-45585 (YellowKey) UPDATE in § 4 — MSRC only for the formal CVE assignment + mitigation publication. National-CERT-style carve-out for vendor-as-primary applies.
- CVE-2026-41091 in § 2 — MSRC only for the active-exploitation confirmation; vendor-as-primary carve-out.
- Cisco Talos BadIIS "demo.pdb" in § 3 — Cisco Talos research is itself the primary; included as substantive primary research per PD-12.
- Fox Tempest disruption (§ 1) — effectively single-organisational-source: two of three cited URLs are Microsoft properties (Microsoft Threat Intelligence security blog + Microsoft On the Issues DCU legal blog); The Record corroborates but does not independently verify the technical specifics. Vendor-as-primary carve-out applies — Microsoft is the disclosing party and the action's filer.
- Huawei VRP / POST Luxembourg zero-day in § 1 — Recorded Future News, 2026-05-19. HIGH-reliability investigative journalism with named institutional sources (POST Luxembourg head of communications Paul Rausch, Luxembourg High Commission for National Protection spokesperson Anne Jung). Huawei did not respond to questions; no second independent outlet had broken the story at brief composition. Marked
- Reduced-confidence items.
- TheGentlemen RaaS UPDATE (§ 4) — DeXpose aggregator coverage of leak-site listings. The listings themselves are the primary fact; neither victim (VSFS, DEVO-Tech AG) has publicly confirmed the breach. Framed as listing-by-actor-not-victim-confirmation per PD-6.
- Contradictions surfaced.
- CVE-2026-44277 CVSS — NCSC.ch CSH post 12569 lists 9.1; BleepingComputer and Fortinet PSIRT carry 9.8. Item deferred this run (out of window); flag for next-run resolution if the item re-enters.
- vm2 comprehensive-fix version — BSI WID-SEC-2026-1583 lists the fixed version as
<3.11.4(i.e. 3.11.4 is the safe cut-over); The Hacker News reports 3.11.2 as the patch closing the last two CVEs in the 12-CVE cluster (CVE-2026-44008 / 44009). Brief and action items report≥ 3.11.4per BSI as the comprehensive, primary-cited cut-over; defenders that already moved to 3.11.2 close 10 of 12 CVEs but BSI flags 3.11.4 as the full fix.
- Coverage window: Standard daily — 36 h (gap of 24 h to prior brief
briefs/2026-05-19.md). - Sub-agents. All four returned (S1 / S2 / S3 / S4). S1 wall-clock 681 s; S2 wall-clock 333 s; S3 wall-clock 468 s; S4 wall-clock 587 s. None stalled at the 30-min cap. Models: Claude Sonnet 4.6 across all four research sub-agents; main agent Claude Opus 4.7. Verification: 4 iterations (Opus 4.7 / Sonnet 4.6 / Opus 4.7 / Sonnet 4.6 per the model-rotation table). Iter 1 found F4 + F3×2 + F14 + F12 (5 findings; all remediated). Iter 2 found one residual H3-heading drift on vm2 patch version (3.11.2 → 3.11.4); remediated. Iter 3 found F4 (Fox Tempest "~1,000 accounts" hallucinated count) + F3 (Storm-2949 Key Vault role misattributed Contributor → Owner); both remediated. Iter 4 found F13 (TL;DR over-attributed Nx Console to Mini Shai-Hulud cluster); remediated in-place — published per early-exit rule (NEEDS_FIXES with
truth + editorial ≤ 2AND no F1/F4 → apply remediations, publish).verification_residual_count= 1 reflects iter-4's flagged truth count even though the remediation has been applied; the Ops dashboard cap-breach signal surfaces the residual for after-the-fact review. - Coverage gaps: inside-it-ch (Cloudflare Managed Challenge — affected S2, S3, S4; WebSearch fallback yielded no Swiss-only in-window items distinct from NCSC.ch and BSI captures); databreaches-net (Cloudflare-gated — S4 rotation-priority candidate; no usable Wayback snapshot in window); cert-fr-actu (feed stale, returned only Sep–Oct 2025 items); ncsc-uk (no in-window advisory body content); cert-eu (last advisory 2026-006 is from 2026-05-06, outside window); ico-uk (no fresh enforcement in-window); sophos-xops (RSS feed parse failure, rotation-priority); trendmicro-research (not attempted within S3 time budget, rotation-priority); drupal.org (PSA-2026-05-18 page Cloudflare-gated for sub-agents; primary captured via NCSC.ch Security Hub corroboration + SecurityWeek + The Register + BSI WID); fortiguard.fortinet.com (SPA returned empty body; coverage via NCSC.ch CSH + BleepingComputer); drupal.org/security feed (Cloudflare client challenge — sub-agents could not fetch directly, used corroborating sources); sec-edgar-8k (0 Item-1.05 filings in 2026-05-19 / 2026-05-20 window).
Unmatched action items (migrated)
- Schedule emergency Drupal patch window for today 17:00–21:00 UTC. Freeze unrelated changes, monitor the Drupal Security Advisories feed at 17:00 UTC, apply within hours of release — Drupal Security Team warns exploits expected within hours of disclosure on a 20/25-scored pre-auth flaw. Public-sector portals (Swiss federal / cantonal / municipal, EU-agency, university) are the priority (Drupal PSA-2026-05-18 · NCSC.ch Security Hub 12584).
- Audit GitHub Actions workflows for any unpinned third-party reference. Enforce full-commit-SHA pinning in repository policy; deploy Harden-Runner or equivalent egress controls. Any pipeline that ran
actions-cool/issues-helper@v*between 2026-05-18 and the action's takedown — rotate every secret accessible to that workflow (GitHub PATs, npm, AWS, SSH, deployment keys) (StepSecurity, 2026-05-18). - Apply phishing-resistant MFA + SSPR Conditional Access on privileged Azure / M365 roles. Storm-2949's kill chain starts with SSPR voice-phishing of IT and senior-leadership accounts; FIDO2 / certificate-based MFA on Owner, Key Vault Contributor, Storage Account Contributor, SQL Server Contributor, App Service Contributor, and Global / Privileged admin roles closes the entry vector. Restrict SSPR registration of new recovery methods to pre-registered devices via Conditional Access. Enable Defender for Cloud on Key Vault, App Service, Storage, and SQL (Microsoft Threat Intelligence, 2026-05-18).
- Hunt Microsoft-signed binaries with ≤ 72 h certificate validity from Trusted Signing issuers after 2025-05-01. Where the signing CN does not match a known organisational EV identity, treat as suspect; correlate with Teams / AnyDesk / Webex / PuTTY installer process trees spawning
cmd.exe/powershell.exe/rundll32/regsvr32without Microsoft installer ancestry (Sysmon EID 1 with parent-image filter) — Vanilla Tempest / Rhysida and Oyster/Broomstick (Microsoft Threat Intelligence, 2026-05-19). - SBOM-scan Node.js dependencies for vm2 < 3.11.4 across CI/CD runners, automation platforms (n8n etc.), and AI-agent stacks. Upgrade to 3.11.4 per BSI WID-SEC-2026-1583 as the comprehensive fix; 3.11.2 closes 10 of 12 CVEs but BSI flags 3.11.4 as the safe cut-over. No configuration workaround. Multiple CVSS 10.0 sandbox-escape CVEs with public PoC; AI agents that pass model-generated code through vm2 are direct host-RCE vectors (BSI WID-SEC-2026-1583).
- Huawei VRP enterprise-router operators (telco / large enterprise): escalate the Luxembourg outage advisory with Huawei account team and demand status on whether the underlying flaw is patched and applicable to your fleet. No public CVE 10 months on (The Record, 2026-05-19).
Migrated from briefs/2026-05-20.md (v2).
← Operations dashboard · day page 2026-05-20 · run-record contract: docs/pipeline.md