2026-05-21-77cdc4cd
One pipeline fire, in full · intel run of 2026-05-21 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-21/2026-05-21-77cdc4cd.md.
Run telemetry
- Items returned
- 6
- Duration
- 8m 26s
- Tool calls
- 14 WebFetch10 WebSearch12 bridge
- Cited sources
- 11 of 26 in slice
- Items returned
- 6
- Duration
- 8m 37s
- Tool calls
- 10 WebFetch12 WebSearch8 bridge
- Cited sources
- 13 of 21 in slice
- Items returned
- 7
- Duration
- 6m 40s
- Tool calls
- 3 WebFetch3 WebSearch18 bridge
- Cited sources
- 10 of 18 in slice
- Items returned
- 4
- Duration
- 9m 09s
- Tool calls
- 18 WebFetch6 WebSearch7 bridge
- Cited sources
- 7 of 17 in slice
Verification
1 entry dropped by verification this run (recorded in the verification & coverage notes).
Deep dive
2026-05-21/verizon-2026-dbir-vulnerability-exploitation-overtakes-crede
Entries published (this run)
- Webworm (China-aligned) shifts to EU government targets — EchoCreep (Discord C2) and GraphWorm (Microsoft Graph / OneDrive C2) backdoors documented by ESET, with Belgian, Italian, Serbian, Polish and Spanish governmental victims threat high
- SonicWall Gen6 SSL-VPN incomplete-patching (CVE-2024-12802) — Akira-linked actors brute-force MFA via UPN/SAM account-name split, February–March 2026 intrusions threat notable
- B1ack's Stash carding marketplace publicly releases 4.6M card records — SOCRadar attributes collection to e-skimming and phishing; not confirmed by issuing banks incident notable
- CVE-2026-42822 — Microsoft Azure Local Disconnected Operations (ALDO): CVSS 10.0 unauthenticated network elevation-of-privilege, "Exploitation More Likely" vulnerability high
- CVE-2026-45829 — ChromaDB Python FastAPI server: pre-auth RCE via embedding-function model loading before auth check (CVSS 4.0 = 10.0; still unpatched in v1.5.9) vulnerability notable
- Keycloak 26.6.2 — 16 CVEs including OIDC session fixation (CVE-2026-7507), WebAuthn execute-actions token replay (CVE-2026-37982), introspection audience bypass (CVE-2026-37979) and cross-realm IDOR in Authorization Services (CVE-2026-4630) vulnerability notable
- PinTheft — Linux kernel local-privilege-escalation primitive (RDS zerocopy double-free + io_uring fixed-buffer page-cache overwrite), PoC public, Arch Linux default-loaded research notable
- Drupal SA-CORE-2026-004 / CVE-2026-9082 ships — "highly critical" pre-auth SQL injection in core database API, PostgreSQL-only vulnerability high update
- TeamPCP / Mini Shai-Hulud campaign — GitHub itself breached (~3,800 internal repos via poisoned VS Code extension), Microsoft durabletask PyPI worm propagates via AWS SSM and kubectl exec, Grafana confirms missed-token-rotation root cause incident high update
- Verizon 2026 DBIR: vulnerability exploitation overtakes credentials as primary breach vector for the first time in 19 years threat high
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
No source-list edits recorded for this run.
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
| Source (uncovered) | URL tried | Method chain | Status / class | What the agent did instead |
|---|---|---|---|---|
| databreaches-net | https://www.databreaches.net/ | webfetch → bridge:url → websearch | 403 transport-403 Cloudflare 403 persists across direct WebFetch + bridge:url; Wayback returned only 24-byte placeholder; now 5 consecutive run failures | none — WebSearch pivots returned only aggregator restatements; gap persists |
| inside-it-ch | https://www.inside-it.ch/ | webfetch → bridge:url | 403 transport-403 Cloudflare Managed Challenge blocks both WebFetch and bridge:url; no S2 in-window pivot attempted in this run; 4 consecutive run failures | Bridge:url also returned 403 (Cloudflare Managed Challenge); no in-window CH-only content distinct from NCSC-CH / BSI captures |
| sophos-xops | https://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242 | bridge:url | 503 transport-5xx Sophos blog feed returned HTTP 503 across direct + bridge; alternate news.sophos.com/feed/ not yet attempted; 4 consecutive run failures | none — no in-window Sophos content recovered |
| trendmicro-research | https://www.trendmicro.com/en_us/research.html | bridge:url | 500 transport-5xx Trend Micro research portal returned HTTP 500; Wayback had only 24-byte availability response; 2 consecutive run failures | none — no Trend Micro content in this run |
| cyberscoop covered via alternate · should NOT be in this list | https://cyberscoop.com/ | webfetch | 0 transport-tls TLS certificate not-yet-valid error; fetch failed entirely | none — covered via The Record / Infosecurity Magazine corroboration on same stories |
| darkreading covered via alternate · should NOT be in this list | https://www.darkreading.com/ | webfetch | 403 transport-403 Direct URL fetch returned HTTP 403; Wayback Machine had no usable snapshot | none — covered via The Record / Infosecurity Magazine / Help Net Security on same stories |
| us-treasury-ofac covered via alternate · should NOT be in this list | https://ofac.treasury.gov/sanctions-programs-and-country-information/sanctions-r | webfetch → websearch | 503 transport-5xx OFAC recent-actions page returned HTTP 503; WebSearch confirmed no in-window cyber sanctions actions | WebSearch confirmed no in-window OFAC cyber sanctions to miss |
| cert-eu covered via alternate · should NOT be in this list | https://cert.europa.eu/publications/security-advisories | webfetch → bridge:url | 200 spa-empty-body CERT-EU advisories page returned 200 but body empty (SPA renders client-side); 2 consecutive run failures | Bridge:url returned the same SPA-empty body; agency advisory landscape covered via NCSC-NL, BSI, NCSC-CH instead |
| cert-fr-actu covered via alternate · should NOT be in this list | https://www.cert.ssi.gouv.fr/actualite/ | webfetch | 200 stale-feed Most recent CERT-FR actualite bulletin in feed is from October 2025 (feed not refreshed in window); CERT-FR avis feed remains current and is covered indirectly | Use CERT-FR avis feed instead; actualite feed treated as quiet |
Verification findings · all iterations
Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.
Iteration #1 NEEDS_FIXES · 7 findings (truth=4, editorial=2, advisory=1) · Claude Opus 4.7 · 11m 59s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F1 hallucinated-fact | research | ANNUAL REPORT — CrowdStrike 2026 Financial Services Threat Landscape Report CrowdStrike published its 2026 Financial Services Threat Landscape Report on 2026-05-20 | Both cited URLs carry publication date 2026-05-14, not 2026-05-20. 6 days outside 36 h window. | Dropped item; added § 7 line consistent with SAP/Fortinet treatment. dropped-item |
| F2 hallucinated-fact | active-threats | Webworm (China-aligned) shifts to EU government targets GraphWorm is more capable: a Go implant | ESET specifies EchoCreep as Go-written but does not specify GraphWorm language. | Removed Go qualifier from GraphWorm; rephrased as implementation language not stated in source. fixed-clean |
| F3 hallucinated-fact | trending-vulnerabilities | CVE-2026-45829 — ChromaDB Python FastAPI server Approximately 73 % of internet-accessible ChromaDB deployments use the Python server per Hadrian s scan. | Hadrian has no percentage. 73% is from BleepingComputer Shodan queries describing vulnerable-version share, not Python-server share. | Reframed and reattributed to BleepingComputer Shodan; population now correctly stated as running a vulnerable version. fixed-clean |
| F4 hallucinated-fact | tldr | TL;DR bullet 1 (Drupal) and § 6 Action Item 1 (Drupal) the Security Team explicitly warned exploits typically emerge within hours of advisory release | Drupal verbatim is conditional might be developed within hours or days; TL;DR + § 6 inflated to typically emerge. | Reverted TL;DR + § 6 to conditional might be developed within hours or days wording matching the § 4 UPDATE blockquote. fixed-clean |
| F6 drop | research | ANNUAL REPORT — CrowdStrike 2026 Financial Services Threat Landscape Report | Out-of-window per F1. Drop and add § 7 deferral line. | Dropped item; state updated to remove annual-report:crowdstrike entry from covered_items.json. dropped-item |
| F7 needs-more-research | updates | UPDATE: Drupal SA-CORE-2026-004 / CVE-2026-9082 Drupal Steward WAF service provides immediate protection at advisory release for subscribers | Marketing-grade claim without inline source. | Softened to subscribers receive vendor-provided rules at advisory release per the service description with inline link to Drupal Steward. fixed-clean |
| F10 editorial-advisory | updates | UPDATE: TeamPCP / Mini Shai-Hulud campaign Single multi-paragraph blockquote consolidates GitHub + durabletask + Grafana | Advisory only. Consider splitting blockquote with bold sub-leads. | Added bold sub-leads (**GitHub:** / **durabletask:** / **Grafana:**) at top of each blockquote paragraph for skim-readability. fixed-clean |
Iteration #2 NEEDS_FIXES · 2 findings (truth=1, editorial=0, advisory=1) · Claude Sonnet 4.6 · 7m 00s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F1 broken-url | updates | UPDATE: Drupal SA-CORE-2026-004 — inline Drupal Steward WAF link | HTTP 404 — page does not exist; correct URL https://www.drupal.org/steward. Self-introduced by iter-1 F7 remediation. | Replaced /drupal-steward with /steward in § 4 Drupal UPDATE blockquote inline link. fixed-clean |
| F14 quantifier-without-source | deep-dive | § 5 Verizon DBIR — dataset quantifiers (22,052 incidents / 12,195 confirmed brea 22,052 / 12,195 / Nov 2024 - Oct 2025 / 13% | Specific quantifiers not surfaced in either accessible cited source on re-fetch; sub-agent traced to press release but iter-2 re-fetch did not confirm. Plausible per DBIR-style publication; PDF too la | Hedged: attributed methodology paragraph to the full DBIR PDF; attributed 13% credentials figure to Help Net Security explicitly; preserved the press-release-su fixed-degraded |
Iteration #3 NEEDS_FIXES · 10 findings (truth=8, editorial=1, advisory=1) · Claude Opus 4.7 · 9m 51s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F1 claim-not-supported | deep-dive | Verizon DBIR § 5 quote AI is compressing exploitation windows from months to hours | Brief quoted phrase Verizon does not use; correct verbatim is shrinking the window for defense from months to mere hours. | Replaced with Verizon verbatim language and added explicit GlobeNewswire citation on the quote. fixed-clean |
| F2 claim-not-supported | active-threats | SonicWall pivots to DC within hours intrusion responders observed pivots to domain controllers within hours of initial access | BleepingComputer says 30-60 minute recon/credential-reuse sessions; no DC-pivot claim in source. | Replaced with source-accurate 30-60-minute sessions description in both body and detection-concept text. fixed-clean |
| F3 hallucinated-fact | updates | TeamPCP Grafana 3800-repo conflation the residual unrotated token gave TeamPCP access to clone ~3,800 private source-code repos | 3,800 figure belongs to GitHub VS Code breach not Grafana; Grafana own blog gives no count. | Removed 3,800 from Grafana sub-paragraph; reframed to private source-code repositories (exact count not disclosed in Grafana post-mortem). fixed-clean |
| F4 hallucinated-fact | updates | TeamPCP durabletask FIRESCALE A backup C2-discovery mechanism named FIRESCALE scans GitHub public commit messages | FIRESCALE mechanism attributed to Wiz but not in Wiz article; likely from StepSecurity / Endor Labs / Safedep or fabricated. | Removed the FIRESCALE sentence entirely from the durabletask sub-paragraph. fixed-clean |
| F5 hallucinated-fact | updates | TeamPCP durabletask 417k downloads official Microsoft durabletask PyPI package (~417k monthly downloads) | 417k figure attributed to Wiz but not in Wiz article. | Dropped (~417k monthly downloads) parenthetical from both TL;DR and § 4 UPDATE. fixed-clean |
| F6 hallucinated-fact | updates | TeamPCP durabletask SSM specifics AWS Systems Manager SendCommand (AWS-RunShellScript) up to five instances per profile | Wiz says 5 targets/host; AWS-RunShellScript document-name and per-profile phrasing not in Wiz. | Reframed to AWS Systems Manager SendCommand against up to 5 targets per host; dropped AWS-RunShellScript document-name specifier. fixed-clean |
| F7 hallucinated-fact | updates | TeamPCP durabletask infostealer target list AWS credentials, 1Password and Bitwarden vaults, SSH keys, Docker credentials, VPN configs and shell history | Wiz lists AWS / Azure / GCP / Kubernetes / Vault / 1Password / Bitwarden / filesystem credentials / shell history. Brief dropped multi-cloud targets and added SSH/Docker/VPN absent from source. | Aligned to Wiz verbatim list: AWS Azure GCP Kubernetes Vault 1Password Bitwarden filesystem credentials shell history. fixed-clean |
| F8 surface-contradiction | updates | Grafana TanStack detection date Grafana detected the TanStack compromise on 2026-05-01 | Grafana own blog says May 11; BleepingComputer says May 1. Brief picked BleepingComputer date against Grafana primary. | Adopted Grafana 2026-05-11 detection date; surfaced May-11-vs-May-1 contradiction explicitly in § 7 as the difference between consumption time and detection tim fixed-clean |
| F9 quantifier-without-source | deep-dive | DBIR 22052/12195 figures approximately 22,052 security incidents and 12,195 confirmed breaches | Iter-2 hedge insufficient; figures still presented as if confirmed but absent from accessible cited sources. | Replaced precise figures with qualitative scale tens of thousands of incidents / over ten thousand confirmed breaches and explicit not separately confirmed in t fixed-degraded |
| F10 editorial-advisory | updates | TeamPCP GitHub VS Code extension identity scope audit VS Code extension marketplace policies | Advisory — adding extension identity not disclosed helps reader scope the hunt. | Added GitHub has not publicly named the malicious VS Code extension or its publisher at this writing to GitHub sub-paragraph. fixed-clean |
Iteration #4 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Sonnet 4.6 · 4m 37s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | tldr | Verizon DBIR TL;DR bullet — 31 % vs 13 % attribution 31 % vs 13 % | GlobeNewswire confirms 31% for exploitation but does not state 13% for credentials. The 13% is from Help Net Security (correctly cited in § 5 body but not in TL;DR). | Extended TL;DR bullet 5 citation chain to include the Help Net Security link covering the 13% figure. fixed-clean |
Iteration #5 NEEDS_FIXES cap-breach · 2 findings (truth=1, editorial=0, advisory=1) · Claude Opus 4.7 · 3m 57s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F1 hallucinated-fact | deep-dive | Verizon DBIR § 5 Headline shift 31 % of breaches, up from approximately 20 % the previous year — Verizon press-release language | GlobeNewswire press release confirms 31% but does not state ~20% prior-year baseline. Help Net Security analysis also does not carry it. Unsupported attribution under em-dash citation. | Deleted the , up from approximately 20 % the previous year phrase from § 5 Headline shift paragraph (one-line edit). fixed-clean |
| F2 editorial-advisory | updates | TeamPCP UPDATE Grafana sub-paragraph closing line limited to internal repositories | Grafana own language covers public + private source code + internal repos. Brief framing risked misreading as private-only. | Tightened wording to: limited to Grafana Labs GitHub repositories (public source code, private source code and internal repos); customer production data was not fixed-clean |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-05-21-77cdc4cd · Claude Opus 4.7 · 10 entries published
- Out-of-window drops (primary source older than 36h window): Exim CVE-2026-45185 "Dead.Letter" — XBOW disclosure 2026-05-12, NCSC-NL advisory 2026-05-15; S2 surfaced an exploitation-confirmation quote from NCSC-NL but its publication date is ambiguous, so the item is held to the next run with the underlying advisory carried forward; Fortinet CVE-2026-44277 (FortiAuthenticator) / CVE-2026-26083 (FortiSandbox) — Fortinet PSIRT FG-IR-26-128 dated 2026-05-12, NCSC-CH advisory 2026-05-13, both outside the 36 h window; SAP May 2026 Security Patch Day (CVE-2026-34260, CVE-2026-34263) — SAP Security Notes dated 2026-05-12, outside window; CrowdStrike 2026 Financial Services Threat Landscape Report — both cited URLs carry publication date 2026-05-14 (not 2026-05-20 as the sub-agent return initially asserted), which puts the report 6 days outside the 36 h window. Item dropped from § 3 by iteration-1 verification (consistent with the SAP / Fortinet treatment in this same list); finance-sector audience may pick up the synthesis directly from the CrowdStrike press release or CrowdStrike blog.
- Already-covered drops: Microsoft Fox Tempest malware-signing-as-a-service disruption — covered in 2026-05-20 active-threats; S3 re-surfaced the Microsoft Threat Intelligence and Microsoft On the Issues posts with no material new development beyond yesterday's coverage. Huawei VRP zero-day → Luxembourg POST 2025 nationwide outage — covered in 2026-05-20 active-threats with the same The Record + Security Affairs sources S4 re-surfaced; no new technical specificity or CVE assignment in this run.
- Long-running-campaign rule application: Microsoft Exchange CVE-2026-42897 — re-surfaced by S2 with the same Microsoft MSRC + Microsoft Exchange Team + NCSC-CH + Help Net Security sources cited in the 2026-05-16 deep dive and the 2026-05-18 UPDATE. No new exploitation attribution, no new patch, no new victim class — per the long-running-campaign rule (≤1 consolidated UPDATE per week unless something critical changes) the item is not re-issued. Per PD-13 the imminent CISA KEV remediation deadline (2026-05-29, US-FCEB-only) is not a valid driver for a § 4 UPDATE.
- Reduced-confidence / framing: B1ack's Stash 4.6M card dump included as a dark-web claim with explicit "not confirmed by issuing institutions" framing; SOCRadar and Security Affairs both analyse the actual dump, but per-issuer attribution is unverified. Huawei VRP / Luxembourg (not in this brief, but referenced in the dropped-list) — confidence remains MEDIUM in the sub-agent finding due to absence of any Huawei PSIRT advisory after ~10 months, no CVE assigned and no technical advisory specificity.
- Contradiction: Grafana TanStack timeline — Grafana's own post-mortem (Grafana Labs, 2026-05-19) cites detection of the TanStack compromise on 2026-05-11; BleepingComputer's reporting (BleepingComputer, 2026-05-20) cites 2026-05-01 for the malicious-package consumption event. The brief reports Grafana's date on the basis that Grafana is the primary disclosing party for its own incident; the 10-day discrepancy may reflect the difference between the malicious-package's pull-time on the CI/CD runner and the detection event on Grafana's security team's timeline.
- Single-source items: none in this brief — every published item carries ≥2 independent reputable sources or qualifies under the PD-5 national-CERT carve-out with the CERT acting as primary disclosing party.
- CVEs that did not clear § 2 inclusion gates (PD-2 § 2 gates: CISA KEV, ENISA EUVD
exploited=trueor CVSS≥9.0, vendor/researcher report of ITW exploitation, or pre-auth RCE on widely-deployed internet-exposed software with public PoC): none dropped from in-window candidates in this run; out-of-window CVEs listed above were not evaluated against gates. - Sub-agent self-identification: all four
cti-researchsub-agents (S1, S2, S3, S4) returned with**Model:**and**Timestamps:**lines; the AI-content notice andGenerated by:line collapse to the single distinct model Claude Sonnet 4.6 since all four research roles reported that model. - Verification disposition (Phase 5.7): five iterations ran with model rotation per v2.47 (iter-1 Opus, iter-2 Sonnet alt, iter-3 Opus cold, iter-4 Sonnet alt, iter-5 Opus cold); cumulative findings across iterations remediated in-line. Iter-5 returned NEEDS_FIXES with truth=1 (the unsupported "approximately 20 % the previous year" prior-year DBIR baseline in § 5 Headline shift paragraph) and one advisory (Grafana scope wording precision drift) — both remediated post-verdict before commit. The brief publishes at the v2.46 5-cap safety valve with
verification_residual_count=1recording the final-iteration verdict as the cap-breach signal for the Ops dashboard. The notable verification finding-cluster of this run was iter-3's surfacing of multiple sub-agent attribution-discipline regressions in the § 4 TeamPCP UPDATE (five FIRESCALE / 417k / SSM specifics misattributed to Wiz), all remediated by aligning the body to Wiz's actual published technical detail. - Coverage gaps: databreaches-net (Cloudflare 403, Wayback empty — now 5 consecutive run failures); inside-it-ch (403 persistent — 4-run failure); sophos-xops (HTTP 503 persistent — 4-run failure); trendmicro-research (HTTP 500 persistent, no Wayback snapshot); cyberscoop (TLS certificate not-yet-valid error); darkreading (HTTP 403, no Wayback); cert-fr-actu (feed stale since October 2025); us-treasury-ofac (503); cert-eu (200 empty-body — 2-run failure); edpb, cnil-fr, ico-uk, agid-csirt-it — quiet in window (no in-window enforcement items); ncsc-ch-security-hub bridge subcommand and chrome-releases and jpcert not fetched in this run.
Unmatched action items (migrated)
- Patch Drupal core on PostgreSQL backends immediately — upgrade to 10.4.10 / 10.5.10 / 10.6.9 / 11.1.10 / 11.2.12 / 11.3.10. The Drupal Security Team warned that exploits "might be developed within hours or days" of the SA-CORE-2026-004 advisory (see § 4 UPDATE). If patch deployment is gated by change-control, temporarily front the site with Drupal Steward or an equivalent WAF rule covering SQL-injection vectors at the DB-API layer.
- Complete the six-step SonicWall LDAP reconfiguration on every Gen6 SSL-VPN appliance per SonicWall KB
kA1VN0000000RBd0AM— firmware-update status alone is insufficient and Akira-linked actors are actively exploiting the UPN/SAM split (see § 1). Given Gen6 EoL on 2026-04-16, schedule migration to Gen7/Gen8. - Hunt for Webworm Discord and Microsoft Graph API C2 — alert on outbound HTTPS to
discord.com/api/*orgraph.microsoft.comfrom process trees whose parent is not the expected first-party application; correlate Graph API non-interactive sign-ins for app registrations without enterprise approval, and flagcmd.exespawned by long-running services with no interactive user context (see § 1). Apply Conditional Access on Microsoft Graph restricting non-managed device sign-ins on workstations that have no Graph integration need. - Audit VS Code extension installation policies on every developer endpoint — enforce a managed allowlist via Group Policy / MDM, set
extensions.autoUpdate: false, and rotate every secret accessible to extensions whenever a supply-chain compromise is confirmed (see § 4 UPDATE TeamPCP / GitHub breach). Hunt Sysmon EID 1 forcode --install-extensioninvocations on dev endpoints; search CI/CD pipeline logs fordurabletaskpackage imports in versions 1.4.1–1.4.3 and treat any host that imported a malicious version as fully compromised.
Migrated from briefs/2026-05-21.md (v2).
← Operations dashboard · day page 2026-05-21 · run-record contract: docs/pipeline.md