ctipilot.ch

2026-05-26-ae9d0d4b

One pipeline fire, in full · intel run of 2026-05-26 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-26/2026-05-26-ae9d0d4b.md.

Run telemetry

2026-05-26-ae9d0d4b intel prompt v2.60
31m 24s duration 7 published 1 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
9m 50s
Tool calls
9 WebFetch14 WebSearch12 bridge
Cited sources
6 of 13 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
1
Duration
11m 42s
Tool calls
9 WebFetch30 WebSearch8 bridge
Cited sources
1 of 15 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
7m 32s
Tool calls
0 WebFetch5 WebSearch22 bridge
Cited sources
5 of 10 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
2
Duration
11m 18s
Tool calls
16 WebFetch22 WebSearch9 bridge
Cited sources
2 of 9 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.7 · t=3 e=0 a=0 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=0 a=0 #3 CLEAN · Claude Opus 4.7 · t=0 e=0 a=1

Deep dive

2026-05-26/lazarus-remotepe-a-three-stage-memory-only-rat-that-unhooks

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
ncsc-ch-security-hubhttps://security-hub.ncsc.admin.ch/#/dashboardapibridge:ncsc-csh.recent0 transport-tls
SSL certificate verification failure on bridge ncsc-csh subcommand
none — NCSC.ch Security Hub not retrieved this run
databreaches-nethttps://www.databreaches.net/bridge:url403 transport-403
fetch_source: upstream HTTP 403
WebSearch fallback found no in-window items
inside-it-chhttps://www.inside-it.ch/bridge:url403 robots-blocked
Cloudflare Managed Challenge (HTTP 403); no usable Wayback snapshot
WebSearch fallback; no CH-specific in-window article found
sophos-xopshttps://www.sophos.com/en-us/blogwebfetch503 transport-5xx
HTTP 503 (persistent across recent runs)
none — source unreachable this run

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 3 findings (truth=3, editorial=0, advisory=0) · Claude Opus 4.7 · 3m 28s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
trending-vulnerabilitiesCVE-2026-9058 — Szafir SDK (KIR)
CERT Polska names ZUS ... and the e-Gate system at Centrum e-Zdrowia among affected deployments
ZUS/Centrum e-Zdrowia/e-Gate naming not on the cited CERT Polska page (came from researcher write-up)Generalised the affected-systems phrasing in § 0 TL;DR and § 2 to 'any application consuming Szafir to accept qualified e-signatures — the typical Polish e-gove fixed-clean
F3
claim-not-supported
updatesUPDATE: TeamPCP / Mini Shai-Hulud
[The Hacker News, 2026-05-23](.../mini-shai-hulud-pushes-malicious-antv.html)
THN @antv article publication date is 2026-05-19, not 2026-05-23Corrected the THN citation date to 2026-05-19 in both the § 4 inline citation and the footer fixed-clean
F14
quantifier-without-source
researchGTIG Chinese-language PhaaS ecosystem [SINGLE-SOURCE]
a teardown of at least 13 ... PhaaS platforms
GTIG source says 'analyzed a dozen current PhaaS offerings' (~12); never '13'/'at least 13'Changed '§ 3' wording to 'around a dozen current Chinese-language PhaaS offerings' (TL;DR did not carry a count) fixed-clean

Iteration #2 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Sonnet 4.6 · 2m 50s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
active-threatsACR Stealer distributed through counterfeit Claude AI download pages [SINGLE-SOU
the loader stages a follow-on payload concealed inside a JPEG
SANS ISC 33018 says the JPEG 'doesn't appear to be malicious, nor could I find any obvious signs of embedded data ... but it's somehow related to this infection chain' — steganography/payload-concealmReworded to 'a JPEG image whose precise role the SANS ISC analyst could not characterise (no embedded data was identified)'; dropped the now-unsupported T1027.0 fixed-clean

Iteration #3 CLEAN · 1 finding (truth=0, editorial=0, advisory=1) · Claude Opus 4.7 · 4m 08s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F11
editorial-advisory
verification-notesProject Glasswing (§ 7 drop rationale)
vanity metrics (10,000+ flaws, 90.6% TP, $100M)
Specific figures in the § 7 Glasswing drop rationale are not consistent across the fetched sources; item is dropped so figures are rationale, not asserted facts. Non-blocking.Genericised the § 7 drop rationale to 'large headline counts, a high claimed true-positive rate and multi-million-dollar credit figures which the fetched source fixed-clean

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-26-ae9d0d4b · Claude Opus 4.7 · 7 entries published

  • Items dropped (with reason):
    • "Project Glasswing" / "Claude Mythos Preview" (S3) — dropped on the fake-news + vanity-metric + relevance bars (PD-4, PD-6, PD-11). The cited URLs resolve, but the item is built on vanity metrics (large headline vulnerability counts, a high claimed true-positive rate and multi-million-dollar credit figures — which the fetched sources do not even agree on) and an unverifiable model name, with no defender action for a Swiss/EU public-sector SOC beyond a single referenced WolfSSL certificate-forgery flaw that could not be independently corroborated this run and is therefore not surfaced as fact.
    • Packagist 8-package supply-chain attack (S3) — duplicate; this was the deep dive in the 2026-05-24 brief (the cross-ecosystem package.json-in-PHP-package postinstall strand). No material in-window delta. PD-8.
    • Oncology Institute / TriZetto Provider Solutions SEC 8-K (S4) — US nexus; the underlying Item 1.05 filing is dated 2026-05-22 (outside the 36 h window), and the item was already assessed and dropped in the 2026-05-24 and 2026-05-25 § 7. The third-party-breach (TPRM) lesson stands but carries no in-window CH/EU-relevant delta.
    • Charter Communications / ShinyHunters (S4) — covered 2026-05-25; today's only change is that the 27 May deadline has not yet elapsed, no data has been released, and no SEC 8-K has been filed. "Deadline approaches, nothing released" is not material new development (PD-8); re-cover only on data release, an 8-K, or fresh attribution.
    • CVE-2026-9256 "nginx-poolslip" (S1) — a genuine, distinct second buffer-overflow in ngx_http_rewrite_module, confirmed on the official NGINX/F5 advisory listing (F5 article K000161377, separate from CVE-2026-42945). Dropped from § 2 as out-of-window (disclosed 2026-05-22, no in-window development) and below the inclusion gate: F5 rates it medium, default deployments without complex rewrite rules are not exploitable, and no in-the-wild exploitation is reported. Operationally useful nugget retained here: the patch for CVE-2026-42945 (NGINX Rift, covered 2026-05-17 — Open Source 1.31.0 / 1.30.1) does not remediate CVE-2026-9256; operators must upgrade to 1.31.1+ / 1.30.2+ (NGINX Plus R36 P5 / R32 P7).
  • Contradictions: NGINX CVE-2026-9256 severity — the official NGINX/F5 advisory rates it medium; the securityonline.info write-up characterises it as a critical zero-day with a demonstrated remote ASLR-bypass RCE PoC. The brief defers to the vendor severity and treats the RCE / ASLR-bypass characterisation as unconfirmed.
  • Single-source items (both HIGH-reliability primaries, flagged inline): § 3 GTIG Chinese-language PhaaS ecosystem (Google Threat Intelligence Group primary research); § 1 ACR Stealer fake-Claude malvertising (SANS Internet Storm Center diary).
  • Watch (unconfirmed, not reported as fact): DentaQuest (US dental-benefits administrator, Medicaid programmes) was listed by ShinyHunters on 2026-05-23 with the same 27 May deadline (S4) — a dark-web listing only, no victim confirmation; monitor for a victim statement or SEC 8-K.
  • Recency: standard 36 h window; gap to prior brief 24 h — no extended-window disclosure required. The CH/EU breaking-news window was genuinely thin: S2 swept NCSC.ch, BSI, CERT-FR, CERT-EU, NCSC-NL, ICO-UK, CNIL and EDPB and found no new in-window national-CERT advisories, named-victim incidents or regulator enforcement actions.
  • Source lifecycle: Socket (socket-dev-blog) was already a tracked candidate and contributed two primaries this run (TrapDoor, Packagist) — its last_successful_fetch was bumped to today. This run's one new candidate is fox-it-blog (Fox-IT International Blog, NCC Group) — the primary for the § 5 RemotePE teardown; it is a distinct property from the already-active ncc-research.
  • Verification: 3 iterations to CLEAN (iter 1 Opus → 3 truth findings remediated; iter 2 Sonnet → 1 truth finding remediated [ACR Stealer JPEG role corrected to match source]; iter 3 Opus → CLEAN, 1 non-blocking advisory applied). The verifier sub-agents' self-identification env vars were unset; models are recorded from the agent-type pinning (cti-verification = Opus, cti-verification-alt = Sonnet) and corroborated by iteration 3's runtime self-report (Opus 4.7).
  • Coverage gaps: ncsc-ch-security-hub (SSL/cert verification error on bridge — not retrieved this run); databreaches-net (HTTP 403, persistent); sophos-xops (HTTP 503, persistent); trendmicro-research (JS-rendered SPA, no in-window primary); inside-it-ch (Cloudflare challenge 403 on bridge, no Wayback fallback); cert-eu (latest advisory 2026-006 dated 2026-05-06, pre-window); anssi-fr (latest CERTFR-2026-AVI-0609 dated 2026-05-19, pre-window); ncsc-nl (latest NCSC-2026-0166 dated 2026-05-21, already covered); bsi-de (in-window items are updates to already-covered CVEs only); cnil-fr, edpb (no in-window enforcement actions); mandiant-gtig (legacy www.mandiant.com/resources/blog returns 404 — content now served at cloud.google.com/blog/topics/threat-intelligence/, fetched successfully).

Unmatched action items (migrated)

  • Move TOTP/SMS-MFA portals toward FIDO2/WebAuthn; bind MFA to the login session in the interim — real-time OTP relay (§ 3) defeats TOTP and SMS outright. Alert on OTPs consumed from a different ASN than the one they were issued to, and on contactless-wallet provisioning right after a credential submission from an unrecognised device (Google Threat Intelligence Group, 2026-05-25).
  • Harden the build pipeline against supply-chain poisoning — pin exact npm/PyPI/Cargo versions, verify lockfile hashes, prefer --ignore-scripts, and stop treating an npm Sigstore badge or displayed SLSA attestation as install-time proof of safety (§ 1 TrapDoor, § 4 TeamPCP). Add a check for zero-width Unicode (U+200B/U+200C/U+FEFF) in .cursorrules / CLAUDE.md to catch AI-assistant config poisoning (Socket, 2026-05-24).
  • Hunt the RemotePE behavioural surface and add AI-brand impersonation to malvertising monitoring — service-DLL allowlisting (watch for Iassvc.dll), EtwEventWrite patch detection, in-memory reflective-PE scanning (§ 5); and powershell.exe spawned from browser-download/archive-extraction paths for the fake-Claude ACR Stealer lure (§ 1) (Fox-IT, 2026-05-22).

Migrated from briefs/2026-05-26.md (v2).

← Operations dashboard · day page 2026-05-26 · run-record contract: docs/pipeline.md