2026-05-26-ae9d0d4b
One pipeline fire, in full · intel run of 2026-05-26 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-26/2026-05-26-ae9d0d4b.md.
Run telemetry
- Items returned
- 6
- Duration
- 9m 50s
- Tool calls
- 9 WebFetch14 WebSearch12 bridge
- Cited sources
- 6 of 13 in slice
- Items returned
- 1
- Duration
- 11m 42s
- Tool calls
- 9 WebFetch30 WebSearch8 bridge
- Cited sources
- 1 of 15 in slice
- Items returned
- 6
- Duration
- 7m 32s
- Tool calls
- 0 WebFetch5 WebSearch22 bridge
- Cited sources
- 5 of 10 in slice
- Items returned
- 2
- Duration
- 11m 18s
- Tool calls
- 16 WebFetch22 WebSearch9 bridge
- Cited sources
- 2 of 9 in slice
Verification
Deep dive
2026-05-26/lazarus-remotepe-a-three-stage-memory-only-rat-that-unhooks
Entries published (this run)
- "TrapDoor" cross-ecosystem supply-chain campaign validates stolen tokens before exfil and poisons AI-assistant config files threat high
- ACR Stealer distributed through counterfeit Claude AI download pages promoted by malicious search ads threat notable
- CVE-2026-9058 — Szafir SDK (KIR): signature-verification routine reports success on an untrusted certificate chain, enabling auth bypass in Polish e-government vulnerability high
- CVE-2026-5426 — Digital Knowledge KnowledgeDeliver LMS: pre-shared ASP.NET machineKey enables ViewState deserialization RCE, exploited as a zero-day vulnerability notable
- Google's threat-intel group maps a Chinese-language PhaaS ecosystem doing real-time OTP relay over RCS/iMessage research high
- TeamPCP / Mini Shai-Hulud — framework open-sourced, Microsoft PyPI SDK trojanised with a wiper stage, forged Sigstore badges threat notable update
- Lazarus "RemotePE": a three-stage memory-only RAT that unhooks EDR and blinds ETW threat high
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
No source-list edits recorded for this run.
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
| Source (uncovered) | URL tried | Method chain | Status / class | What the agent did instead |
|---|---|---|---|---|
| ncsc-ch-security-hub | https://security-hub.ncsc.admin.ch/#/dashboard | api → bridge:ncsc-csh.recent | 0 transport-tls SSL certificate verification failure on bridge ncsc-csh subcommand | none — NCSC.ch Security Hub not retrieved this run |
| databreaches-net | https://www.databreaches.net/ | bridge:url | 403 transport-403 fetch_source: upstream HTTP 403 | WebSearch fallback found no in-window items |
| inside-it-ch | https://www.inside-it.ch/ | bridge:url | 403 robots-blocked Cloudflare Managed Challenge (HTTP 403); no usable Wayback snapshot | WebSearch fallback; no CH-specific in-window article found |
| sophos-xops | https://www.sophos.com/en-us/blog | webfetch | 503 transport-5xx HTTP 503 (persistent across recent runs) | none — source unreachable this run |
Verification findings · all iterations
Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.
Iteration #1 NEEDS_FIXES · 3 findings (truth=3, editorial=0, advisory=0) · Claude Opus 4.7 · 3m 28s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | trending-vulnerabilities | CVE-2026-9058 — Szafir SDK (KIR) CERT Polska names ZUS ... and the e-Gate system at Centrum e-Zdrowia among affected deployments | ZUS/Centrum e-Zdrowia/e-Gate naming not on the cited CERT Polska page (came from researcher write-up) | Generalised the affected-systems phrasing in § 0 TL;DR and § 2 to 'any application consuming Szafir to accept qualified e-signatures — the typical Polish e-gove fixed-clean |
| F3 claim-not-supported | updates | UPDATE: TeamPCP / Mini Shai-Hulud [The Hacker News, 2026-05-23](.../mini-shai-hulud-pushes-malicious-antv.html) | THN @antv article publication date is 2026-05-19, not 2026-05-23 | Corrected the THN citation date to 2026-05-19 in both the § 4 inline citation and the footer fixed-clean |
| F14 quantifier-without-source | research | GTIG Chinese-language PhaaS ecosystem [SINGLE-SOURCE] a teardown of at least 13 ... PhaaS platforms | GTIG source says 'analyzed a dozen current PhaaS offerings' (~12); never '13'/'at least 13' | Changed '§ 3' wording to 'around a dozen current Chinese-language PhaaS offerings' (TL;DR did not carry a count) fixed-clean |
Iteration #2 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Sonnet 4.6 · 2m 50s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | active-threats | ACR Stealer distributed through counterfeit Claude AI download pages [SINGLE-SOU the loader stages a follow-on payload concealed inside a JPEG | SANS ISC 33018 says the JPEG 'doesn't appear to be malicious, nor could I find any obvious signs of embedded data ... but it's somehow related to this infection chain' — steganography/payload-concealm | Reworded to 'a JPEG image whose precise role the SANS ISC analyst could not characterise (no embedded data was identified)'; dropped the now-unsupported T1027.0 fixed-clean |
Iteration #3 CLEAN · 1 finding (truth=0, editorial=0, advisory=1) · Claude Opus 4.7 · 4m 08s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F11 editorial-advisory | verification-notes | Project Glasswing (§ 7 drop rationale) vanity metrics (10,000+ flaws, 90.6% TP, $100M) | Specific figures in the § 7 Glasswing drop rationale are not consistent across the fetched sources; item is dropped so figures are rationale, not asserted facts. Non-blocking. | Genericised the § 7 drop rationale to 'large headline counts, a high claimed true-positive rate and multi-million-dollar credit figures which the fetched source fixed-clean |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-05-26-ae9d0d4b · Claude Opus 4.7 · 7 entries published
- Items dropped (with reason):
- "Project Glasswing" / "Claude Mythos Preview" (S3) — dropped on the fake-news + vanity-metric + relevance bars (PD-4, PD-6, PD-11). The cited URLs resolve, but the item is built on vanity metrics (large headline vulnerability counts, a high claimed true-positive rate and multi-million-dollar credit figures — which the fetched sources do not even agree on) and an unverifiable model name, with no defender action for a Swiss/EU public-sector SOC beyond a single referenced WolfSSL certificate-forgery flaw that could not be independently corroborated this run and is therefore not surfaced as fact.
- Packagist 8-package supply-chain attack (S3) — duplicate; this was the deep dive in the 2026-05-24 brief (the cross-ecosystem
package.json-in-PHP-package postinstall strand). No material in-window delta. PD-8. - Oncology Institute / TriZetto Provider Solutions SEC 8-K (S4) — US nexus; the underlying Item 1.05 filing is dated 2026-05-22 (outside the 36 h window), and the item was already assessed and dropped in the 2026-05-24 and 2026-05-25 § 7. The third-party-breach (TPRM) lesson stands but carries no in-window CH/EU-relevant delta.
- Charter Communications / ShinyHunters (S4) — covered 2026-05-25; today's only change is that the 27 May deadline has not yet elapsed, no data has been released, and no SEC 8-K has been filed. "Deadline approaches, nothing released" is not material new development (PD-8); re-cover only on data release, an 8-K, or fresh attribution.
- CVE-2026-9256 "nginx-poolslip" (S1) — a genuine, distinct second buffer-overflow in
ngx_http_rewrite_module, confirmed on the official NGINX/F5 advisory listing (F5 article K000161377, separate from CVE-2026-42945). Dropped from § 2 as out-of-window (disclosed 2026-05-22, no in-window development) and below the inclusion gate: F5 rates it medium, default deployments without complex rewrite rules are not exploitable, and no in-the-wild exploitation is reported. Operationally useful nugget retained here: the patch for CVE-2026-42945 (NGINX Rift, covered 2026-05-17 — Open Source 1.31.0 / 1.30.1) does not remediate CVE-2026-9256; operators must upgrade to 1.31.1+ / 1.30.2+ (NGINX Plus R36 P5 / R32 P7).
- Contradictions: NGINX CVE-2026-9256 severity — the official NGINX/F5 advisory rates it medium; the securityonline.info write-up characterises it as a critical zero-day with a demonstrated remote ASLR-bypass RCE PoC. The brief defers to the vendor severity and treats the RCE / ASLR-bypass characterisation as unconfirmed.
- Single-source items (both HIGH-reliability primaries, flagged inline): § 3 GTIG Chinese-language PhaaS ecosystem (Google Threat Intelligence Group primary research); § 1 ACR Stealer fake-Claude malvertising (SANS Internet Storm Center diary).
- Watch (unconfirmed, not reported as fact): DentaQuest (US dental-benefits administrator, Medicaid programmes) was listed by ShinyHunters on 2026-05-23 with the same 27 May deadline (S4) — a dark-web listing only, no victim confirmation; monitor for a victim statement or SEC 8-K.
- Recency: standard 36 h window; gap to prior brief 24 h — no extended-window disclosure required. The CH/EU breaking-news window was genuinely thin: S2 swept NCSC.ch, BSI, CERT-FR, CERT-EU, NCSC-NL, ICO-UK, CNIL and EDPB and found no new in-window national-CERT advisories, named-victim incidents or regulator enforcement actions.
- Source lifecycle: Socket (
socket-dev-blog) was already a tracked candidate and contributed two primaries this run (TrapDoor, Packagist) — itslast_successful_fetchwas bumped to today. This run's one new candidate isfox-it-blog(Fox-IT International Blog, NCC Group) — the primary for the § 5 RemotePE teardown; it is a distinct property from the already-activencc-research. - Verification: 3 iterations to CLEAN (iter 1 Opus → 3 truth findings remediated; iter 2 Sonnet → 1 truth finding remediated [ACR Stealer JPEG role corrected to match source]; iter 3 Opus → CLEAN, 1 non-blocking advisory applied). The verifier sub-agents' self-identification env vars were unset; models are recorded from the agent-type pinning (
cti-verification= Opus,cti-verification-alt= Sonnet) and corroborated by iteration 3's runtime self-report (Opus 4.7). - Coverage gaps: ncsc-ch-security-hub (SSL/cert verification error on bridge — not retrieved this run); databreaches-net (HTTP 403, persistent); sophos-xops (HTTP 503, persistent); trendmicro-research (JS-rendered SPA, no in-window primary); inside-it-ch (Cloudflare challenge 403 on bridge, no Wayback fallback); cert-eu (latest advisory 2026-006 dated 2026-05-06, pre-window); anssi-fr (latest CERTFR-2026-AVI-0609 dated 2026-05-19, pre-window); ncsc-nl (latest NCSC-2026-0166 dated 2026-05-21, already covered); bsi-de (in-window items are updates to already-covered CVEs only); cnil-fr, edpb (no in-window enforcement actions); mandiant-gtig (legacy www.mandiant.com/resources/blog returns 404 — content now served at cloud.google.com/blog/topics/threat-intelligence/, fetched successfully).
Unmatched action items (migrated)
- Move TOTP/SMS-MFA portals toward FIDO2/WebAuthn; bind MFA to the login session in the interim — real-time OTP relay (§ 3) defeats TOTP and SMS outright. Alert on OTPs consumed from a different ASN than the one they were issued to, and on contactless-wallet provisioning right after a credential submission from an unrecognised device (Google Threat Intelligence Group, 2026-05-25).
- Harden the build pipeline against supply-chain poisoning — pin exact npm/PyPI/Cargo versions, verify lockfile hashes, prefer
--ignore-scripts, and stop treating an npm Sigstore badge or displayed SLSA attestation as install-time proof of safety (§ 1 TrapDoor, § 4 TeamPCP). Add a check for zero-width Unicode (U+200B/U+200C/U+FEFF) in.cursorrules/CLAUDE.mdto catch AI-assistant config poisoning (Socket, 2026-05-24). - Hunt the RemotePE behavioural surface and add AI-brand impersonation to malvertising monitoring — service-DLL allowlisting (watch for
Iassvc.dll),EtwEventWritepatch detection, in-memory reflective-PE scanning (§ 5); andpowershell.exespawned from browser-download/archive-extraction paths for the fake-Claude ACR Stealer lure (§ 1) (Fox-IT, 2026-05-22).
Migrated from briefs/2026-05-26.md (v2).
← Operations dashboard · day page 2026-05-26 · run-record contract: docs/pipeline.md