ctipilot.ch

2026-05-25-d675ef38

One pipeline fire, in full · intel run of 2026-05-25 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-25/2026-05-25-d675ef38.md.

Run telemetry

2026-05-25-d675ef38 intel prompt v2.59
29m 28s duration 5 published 1 updates
unknown (unknown) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
2
Duration
9m 39s
Tool calls
14 WebFetch7 WebSearch12 bridge
Cited sources
2 of 27 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
4m 43s
Tool calls
10 WebFetch8 WebSearch14 bridge
Cited sources
0 of 43 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
5
Duration
11m 53s
Tool calls
14 WebFetch7 WebSearch6 bridge
Cited sources
2 of 68 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
2
Duration
8m 25s
Tool calls
12 WebFetch11 WebSearch9 bridge
Cited sources
1 of 9 in slice

Verification

#1 NEEDS_FIXES · Anthropic Claude (specific model not determined) · t=1 e=0 a=1 #2 CLEAN · Claude Sonnet 4.6 · t=0 e=0 a=0

Deep dive

2026-05-25/ghost-cms-cve-2026-26980-clickfix-the-cms-compromise-to-endp

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
sophos-xopshttps://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242bridge:feedwebfetch503 transport-5xx
HTTP 503 from Sophos feed (5th consecutive run)
WebSearch fallback — no in-window Sophos story found
inside-it-chhttps://www.inside-it.ch/bridge:urlwebfetchwebsearch403 robots-blocked
Cloudflare managed challenge on bridge; Wayback returned 24-byte stub only (4th consecutive run)
WebSearch fallback — no in-window Swiss-press item uniquely surfaced
databreaches-nethttps://databreaches.net/bridge:urlwebsearch403 transport-403
HTTP 403; no targeted in-window article URLs to fetch
WebSearch fallback — no uncovered in-window breach item
cisco-psirthttps://tools.cisco.com/security/center/psirtrss20.xmlbridge:urlwebsearch404 transport-403
PSIRT RSS 404; no new Cisco PSIRT advisory in window via search
WebSearch found no in-window Cisco advisory

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 2 findings (truth=1, editorial=0, advisory=1) · unknown · 1m 44s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F14
quantifier-without-source
updatesShinyHunters lists Charter Communications (Spectrum)
'first telco victim' repeated in TL;DR, section 4 heading, section 4 body
Absolute quantifier not stated by CyberInsider or Troy Hunt 505; brief inference presented as fact.Dropped 'first' from heading; reworded TL;DR and section 4 body to attribute the first-telco/ISP characterisation to the brief's own campaign tracking; added se fixed-clean
F11
editorial-advisory
updatesShinyHunters lists Charter Communications (Spectrum)
Troy Hunt 505 cite positioned at the Salesforce-vector clause
Troy Hunt corroborates the victim listing, not the OAuth vector; two-source still met.Repositioned the Troy Hunt citation to attach to the fresh-victim-listing clause; section 7 note clarifies scope. fixed-clean

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-25-d675ef38 · unknown · 5 entries published

  • Items dropped (with reason):
    • Laravel-Lang / Packagist supply-chain attack (surfaced by S1, S2 and S3) — already the deep dive in the 2026-05-24 brief (both the autoloader-backdoor strand and the eight-package postinstall strand); no material in-window delta. PD-8 duplicate. Note: S2's findings additionally carried the attacker C2 domain and VirusTotal payload hashes — excluded per the no-IOC policy regardless of the dedup.
    • Exim "Dead.Letter" CVE-2026-45185 (S2) — unauthenticated BDAT use-after-free in Exim 4.97–4.99.2 GnuTLS builds (the default MTA on Debian/Ubuntu) with possible RCE, fixed in 4.99.3. Operationally significant for EU public-sector self-hosted mail, but the freshest source is XBOW/THN/NCSC-NL dated 2026-05-12 to 2026-05-15 — roughly 10 days outside the 36h window with no fresh in-window development. Held as out-of-window; flagged for catch-up if confirmed ITW exploitation or a mass-scanning report lands in window.
    • Stormshield SNS DoS CVE-2025-9086 / CERTFR-2026-AVI-0631 (S2) — remote denial-of-service only, no code-execution path, no exploitation; already assessed and dropped in the 2026-05-24 § 7, and out-of-window (2026-05-21/22). Below the § 2 inclusion gate.
    • GLPI CVE-2026-32312 / CVE-2026-42320 / CERTFR-2026-AVI-0609 (S2) — moderate severity (CVSS 5.1 / 5.9), both post-authentication, no exploitation; out-of-window (2026-05-18/19). Strong CH/EU public-sector ITSM footprint noted, but below the § 2 inclusion gate.
    • Cloud Atlas PowerCloud / VBCloud (S3) — Kaspersky Securelist, 2026-05-22; targeting is Russian/Belarusian government, CH/EU nexus is speculative, and the source is out-of-window. Dropped on nexus + recency.
    • The Oncology Institute SEC Item 1.05 8-K (S4) — US/indirect nexus, [SINGLE-SOURCE] (SEC filing plus aggregator), out-of-window (2026-05-22); already assessed and dropped in the 2026-05-24 § 7.
  • Contradiction resolved (Ghost CMS versions/component): S1 and S3 both surfaced CVE-2026-26980 but disagreed — S1 reported affected 3.24.0–6.19.0 / fixed 6.19.1 / Content API slug filter; S3 reported affected < 5.84.0 / fixed 5.84.0 / ORDER BY clause. The authoritative TryGhost advisory GHSA-w52v-v783-gw97 confirms S1 (affected 3.24.0–6.19.0, fixed 6.19.1, unauthenticated SQLi in the Content API slug filter, CVSS 9.4). S3's version and component details were incorrect and were not used.
  • URL corrections: both sub-agents' BleepingComputer URLs for the Ghost story 404'd on direct fetch (/ghost-cms-vulnerability-exploited-to-hack-sites-spread-malware/ and /ghost-blogging-platform-hacked-to-push-clickfix-via-sql-injection/); replaced with the verified in-window article /ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/ (2026-05-24). S3's XLab URL was the correct one and is used as a primary.
  • Reduced confidence / window edge: Underminr (§ 3) — the freshest source (SecurityWeek, 2026-05-23 ~11:00 UTC) sits ~5 h outside the strict 36 h window but inside the 72 h developing window; included as substantive novel network-evasion research directly relevant to CH/EU DNS-filtering egress architectures. The ADAMnetworks primary is 2026-05-21. Specific vulnerable CDN providers are not named in the public reporting and are not asserted here.
  • Leak-site claim (Charter, § 4): ShinyHunters' 42M-record figure is the actor's unverified leak-site assertion, presented as such; corroborated by Charter's own public statement (a partial denial confirming an incident) and Troy Hunt Weekly 505 (2026-05-24, which corroborates the fresh victim listing, not the Salesforce vector). The campaign-continuity link to 7-Eleven, and the "first telco/ISP victim to respond publicly" characterisation, are our own campaign-tracking assessments (inferred from the prior named victims, none of them telcos), not attributions or claims made by the cited sources.
  • Single-source items in §§ 1–5: none — all included items carry ≥2 independent sources (Ghost: vendor advisory + research lab + news; Underminr: vendor primary + journalism; Charter: victim statement + journalism).
  • Main-agent model self-identification: the runtime self-identification env vars (CLAUDE_FRIENDLY_NAME / CLAUDE_MODEL_ID) were unset and the routine configuration withheld the main-agent model identifier from committed artefacts this run; recorded as "specific model not determined" in the AI-content notice and unknown in state/run_log.json per the prompt's fallback. Sub-agent models (Claude Sonnet 4.6) and the verifier model are recorded verbatim as self-reported.
  • Candidate sources: surfaced this run — xbow-security (S2), xlab-qianxin (S3), aikido-security (S1/S3), adamnetworks (S3). Added one per the one-per-run cap: xlab-qianxin (Qianxin X-Lab — primary discoverer of the in-window Ghost CMS exploitation wave; contributed two cited items today). The others are held as overflow for a future run.
  • Stalled sub-agents: none — S1–S4 all returned within the 30-minute budget.
  • Coverage gaps: sophos-xops (HTTP 503, 5th consecutive run); trendmicro-research (no in-window publications); inside-it-ch (Cloudflare challenge on bridge + no usable Wayback snapshot, 4th consecutive run); databreaches-net (HTTP 403, no targeted article URLs); cisco-psirt (PSIRT RSS 404, no in-window advisories via search); cisa-kev (latest update 2026-05-22, outside window); cert-eu (no advisory in window, latest 2026-006); cert-fr-actu (feed stalled since 2025); mandiant-gtig, dfirreport (no in-window items); ico-uk, cnil-fr, edpb (no in-window enforcement actions); sec-disclosures-edgar (filing index pages 403, content via search/aggregators).

Unmatched action items (migrated)

  • Patch self-hosted Ghost CMS to 6.19.1+ now if internet-exposed — interim, block Content API requests containing slug:[ (slug%3A%5B) at the WAF and restrict the public Content API to trusted origins. Then rotate the Ghost admin API key (assume theft on any exposed instance) and audit posts/themes for injected <script> (§ 2, § 5) (GHSA-w52v-v783-gw97).
  • Hunt the ClickFix execution chain regardless of whether you run Ghostcmd.exe/powershell.exe spawned from browser process trees or from explorer.exe after a Win+R launch (Sysmon EID 1 / Windows 4688), unsigned Electron apps from user-writable paths; enable PowerShell Script Block Logging (4104); brief users that "paste this to verify you are human" is an attack (§ 5) (XLab Qianxin, 2026-05-21).
  • Stop treating DNS / domain allow-listing as a sufficient egress control — Underminr defeats DNS-layer filtering and CDN-IP-range trust on multi-tenant edges; correlate SNI, Host, resolved edge IP and CDN tenant per flow, and move toward per-flow identity (ZTNA) for high-value egress paths (§ 3) (SecurityWeek, 2026-05-23).
  • If you run Salesforce, harden connected apps — audit OAuth app scopes, rotate long-lived connected-app credentials, restrict Experience/Community Cloud guest access, and baseline bulk-object query volumes via Shield Event Monitoring; an anomalous large SELECT on Account/Contact is the exfiltration signature (§ 4) (CyberInsider, 2026-05-23).

Migrated from briefs/2026-05-25.md (v2).

← Operations dashboard · day page 2026-05-25 · run-record contract: docs/pipeline.md