ctipilot.ch

2026-05-27-0b6f12dd

One pipeline fire, in full · intel run of 2026-05-27 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-27/2026-05-27-0b6f12dd.md.

Run telemetry

2026-05-27-0b6f12dd intel prompt v2.60
26m 35s duration 6 published 1 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
6m 43s
Tool calls
22 WebFetch4 WebSearch18 bridge
Cited sources
4 of 27 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
2
Duration
8m 44s
Tool calls
12 WebFetch14 WebSearch14 bridge
Cited sources
3 of 42 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
5
Duration
10m 53s
Tool calls
14 WebFetch2 WebSearch16 bridge
Cited sources
4 of 51 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
10m 34s
Tool calls
14 WebFetch13 WebSearch9 bridge
Cited sources
4 of 13 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.7 · t=2 e=0 a=2 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=0 e=1 a=0 #3 NEEDS_FIXES · Claude Opus 4.7 · t=1 e=1 a=0 #4 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=1 a=1 #5 NEEDS_FIXES · Claude Opus 4.7 · t=2 e=0 a=0

1 entry dropped by verification this run (recorded in the verification & coverage notes).

Deep dive

2026-05-27/tycoon-2fa-after-the-march-2026-takedown-two-tier-aitm-opera

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
databreaches-nethttps://databreaches.net/category/breach-incidents/webfetchbridge:url403 transport-403
bridge:url returned HTTP 403; no Wayback snapshot for listing page
none
inside-it-chhttps://www.inside-it.ch/webfetchbridge:url403 transport-403
bridge:url returned HTTP 403 (rotation gap 5 runs)
none
sec-disclosures-edgarhttps://www.sec.gov/Archives/edgar/data/1799191/000107997326000721/toi_8k.htmwebfetchbridge:url403 transport-403
sec.gov/Archives 403 via WebFetch and bridge; full-text search bridge works, individual filing htm does not
relied on SecurityWeek summary; item dropped to § 7 as unverifiable primary

Bridge invocations (this run)

4 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).

2 ok2 empty feed
  • bridge:url ×2
  • api ×1
  • bridge:cisa-kev ×1

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 4 findings (truth=2, editorial=0, advisory=2) · Claude Opus 4.7 · 3m 50s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
citation-does-not-support-claim
updatesUPDATE: Mini Shai-Hulud (TeamPCP) — CERT-FR ...CERTFR-2026-ACT-023 is a weekly bulletin with package list + recommendations; does not confirm a French victimReframed TL;DR bullet, H3 and body to bulletin/package-scope/source-code-leak framing; removed victim-confirmation claim; corrected § 7 PD-5 note fixed-clean
F1
broken-url
updatesUPDATE: Nimbus Manticore (UNC1549) ...URL serves an unrelated Laravel-Lang article (wrong slug/ID); SSL.com cert claim itself true via Check PointDropped the Security Affairs source; re-attributed the SSL.com cert claim to Check Point primary (already cited); Check Point + THN remain fixed-clean
F11
advisory-date
active-threatsLithuania Centre of Registers
LRT date
LRT additional source actual date 2026-05-22, brief said 2026-05-26Corrected LRT date to 2026-05-22 fixed-clean
F11
advisory-count
deep-diveTycoon 2FA deep dive
six Entra ID / four Workspace detections
Detection-rule count not exactly reconcilable from fetched Elastic bodySoftened to multiple Entra ID and Google Workspace detections fixed-clean

Iteration #2 NEEDS_FIXES · 1 finding (truth=0, editorial=1, advisory=0) · Claude Sonnet 4.6 · 3m 35s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F10
missed-angle
updatesUPDATE: Mini Shai-Hulud (TeamPCP) + § 6 Action Item
CERTFR-2026-ACT-023 package list
@tanstack/* and @squawk/* compromised packages listed in the bulletin were absent from the brief package scope and action itemAdded @tanstack/* (Apr-May 2026), @squawk/* (all versions), and fuller version detail (@mistralai 2.2.x/PyPI 2.4.6, guardrails-ai 0.10.1, lightning 2.6.2/2.6.3) fixed-clean

Iteration #3 NEEDS_FIXES · 2 findings (truth=1, editorial=1, advisory=0) · Claude Opus 4.7 · 3m 29s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F14
quantifier-without-source
deep-diveTycoon 2FA deep dive — Background
"the first detailed detection-engineering treatment"
Elastic article makes no "first" claim; brief-authored superlativeDropped "the first" — now "a detailed detection-engineering treatment" fixed-clean
F3
claim-not-supported
updates7-Eleven ShinyHunters UPDATE
"franchise applicants"
Cited sources describe job/recruitment applicants, not franchise applicants; SSN/DL detail itself supportedChanged "franchise-applicant/franchise applicants" to "job-applicant/job-recruitment applicants" in TL;DR and § 4 fixed-clean

Iteration #4 NEEDS_FIXES · 3 findings (truth=1, editorial=1, advisory=1) · Claude Sonnet 4.6 · 3m 11s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
citation-does-not-support-claim
tldrTL;DR ShinyHunters bullet
7-Eleven SSN/DL claim cited to Charter BleepingComputer URL
SSN/DL claim attached to the Charter article URL (wrong article); 7-Eleven BleepingComputer lists different fields; SSN/DL supported only by CyberInsiderRe-cited Charter to its BleepingComputer URL and attributed the 7-Eleven SSN/DL claim to CyberInsider inline in TL;DR; § 4 now attributes BleepingComputer field fixed-clean
F9
claim-mischaracterises-source
updatesMini Shai-Hulud CERT-FR UPDATE
"it does not name a confirmed French victim"
CERTFR-2026-ACT-023 states ANSSI is aware of several French victims (unnamed); brief implied silence — reverses iter1 over-correctionReframed § 4 + § 7 to state ANSSI is aware of several unnamed French victims currently affected fixed-clean
F11
unverifiable-spa-source
trending-vulnerabilitiesCVE-2026-9312 GitHub Enterprise SSRF
docs.github.com release-notes (JS SPA)
GHES release-notes + EUVD render via JS; not WebFetch-verifiable; GHSA-fwfp-h68w-2hcr is static HTMLReplaced release-notes SPA with GHSA-fwfp-h68w-2hcr as primary (static, verifiable); EUVD demoted to additional fixed-clean

Iteration #5 NEEDS_FIXES cap-breach · 2 findings (truth=2, editorial=0, advisory=0) · Claude Opus 4.7 · 3m 37s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
citation-does-not-support-claim
updatesMini Shai-Hulud (TeamPCP) UPDATECap verifier fetched the URL and found a week-21 vulnerability roundup with no TeamPCP/Mini Shai-Hulud/package/victim content; three iterations read the URL three different waysDropped the entire Mini Shai-Hulud UPDATE (TL;DR bullet, § 4 block, § 6 action item, § 6 footer source) — campaign real but the cited delta unverifiable dropped-item
F4
unsupported-fact
updatesMini Shai-Hulud — ANSSI aware of French victims
"ANSSI is aware of several French victims"
Claim unsupported by the cited CERT-FR URL per cap verifier; no alternate source fetchedRemoved with the dropped UPDATE dropped-item

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-27-0b6f12dd · Claude Opus 4.7 · 6 entries published

  • Items dropped:
    • MuddyWater / Seedworm DLL side-loading campaign (Symantec / Broadcom Threat Hunter Team) — surfaced by two sub-agents, but the primary Symantec analysis is dated 2026-05-12 (one agent) / 2026-05-22 (the other); the only in-window source is a 2026-05-26 The Hacker News restatement with no fresh exploitation, victim or patch development. Out of window per PD-7 (primary older than the 36 h window, no fresh in-window delta, not a previously-covered item eligible for an UPDATE). High-relevance Iran-aligned espionage campaign (signed-binary DLL side-loading via fmapp.exe / sentinelmemoryscanner.exe, ChromElevator) noted for the record; will reconsider if a fresh national-CERT or victim development lands.
    • Five-year database-ransom census (ransomnews.com) — single-source from a small, independently unverified research organisation; corroboration was a Security Affairs restatement, not independent reproduction. Headline figures (46.3% of 65,907 exposed databases, 215+ billion records, BTC-wallet economics) are vanity-metric-style aggregates that PD-4 excludes; dropped as [SINGLE-SOURCE] / reduced-confidence. Underlying defender lesson (never expose MongoDB/MySQL/Elasticsearch to the internet unauthenticated) is already standard hardening.
    • The Oncology Institute SEC 8-K Item 1.05 (third-party vendor breach) — the SEC EDGAR filing URL returned HTTP 403 to the sub-agent, so the primary filing text could not be verified in-run; the only verifiable source was a single SecurityWeek article, and the TriZetto/Cognizant vendor attribution is SecurityWeek's timeline-based inference, not stated in the filing. Dropped as reduced-confidence / single verifiable source; US-only healthcare with indirect CH/EU relevance.
    • Mini Shai-Hulud (TeamPCP) § 4 UPDATE — dropped at the verification cap. The UPDATE's sole citation was CERT-FR's weekly bulletin CERTFR-2026-ACT-023, and across this run's verification loop three independent verifier reads of that exact URL contradicted each other: one read it as the campaign bulletin with no named victim, one quoted a French sentence stating ANSSI is aware of several French victims, and the iteration-5 (cap) verifier fetched it and reported it as a week-21 vulnerability roundup (Drupal/F5/Microsoft/Cisco/Linux-kernel) with no mention of TeamPCP, Mini Shai-Hulud, the named packages, the source-code leak, or French victims. Because the claimed delta (widened package scope, source-code leak, French-victim awareness) could not be reliably tied to the cited source and no alternate source was fetched for it, the entire UPDATE — its TL;DR bullet and § 6 action item included — was dropped rather than published on an unverifiable attribution (PD-1). The Mini Shai-Hulud / TeamPCP campaign itself remains real and was last covered 2026-05-26; only today's CERT-FR-sourced delta is withheld pending a verifiable source.
  • CVEs that did not clear a § 2 inclusion gate:
    • CVE-2026-45659 — Microsoft SharePoint Server 2016/2019/SE deserialization RCE (CVSS 8.8) — fails all § 2 gates: post-auth (minimum Site Member, PR:L), CVSS below 9.0, MSRC "Exploitation Less Likely", not CISA-KEV, no public PoC. Surfaced by three sub-agents and carries NCSC-CH (advisory 12594) and BSI (WID-SEC-2026-1652) same-day advisories on the out-of-band CVE addition. Operational note for Swiss/EU public-sector SOCs: the CVE was added to Microsoft's set out-of-band on 2026-05-26 after shipping in the May 2026 Patch Tuesday — ensure vulnerability-management tooling ingests the late CVE so already-patched farms are scored correctly.
    • CVE-2026-44895 — yoda-digital mcp-gitlab-server < 0.6.0 (no-auth SSE RPC endpoint, CVSS 4.0 = 9.2) — clears the EUVD CVSS 9.0–10.0 gate but is a niche npm MCP-server package with marginal deployment in the target audience; not promoted to § 2. Relevant only to teams running this specific MCP GitLab bridge bound to 0.0.0.0 with wildcard CORS — patch to 0.6.0 if in use.
  • Single-source items included: CVE-2026-9642 (Delta DIAView, Tenable Research TRA-2026-44 only) — marked [SINGLE-SOURCE] in § 2; included on Tenable's HIGH-reliability researcher standing.
  • Recency: standard 36 h window (24 h gap to 2026-05-26). The Nimbus Manticore § 4 UPDATE cites Check Point Research dated 2026-05-22; included as an UPDATE on previously-covered UNC1549 (2026-05-23) carrying material new technical detail and broad in-window (2026-05-26) amplification.
  • Contradictions / unresolved: sub-agents reported the Symantec Seedworm primary as 2026-05-12 (S3) vs 2026-05-22 (S1); unresolved, but the item was dropped on recency grounds regardless. Charter disputes ShinyHunters' 42M-record claim and asserts no sensitive PI/CPNI was taken — the brief reports both the actor claim and the victim's dispute rather than adjudicating. On 7-Eleven, the two cited sources differ on the exposed field set — BleepingComputer lists names, DOBs and contact/address data (no SSN / driver's licence), while CyberInsider additionally reports SSNs and driver's licence numbers; the brief reports both with attribution rather than asserting the high-sensitivity fields as settled.
  • Verification: the brief ran the full 5-iteration verification loop without reaching a CLEAN verdict (cap-breach safety valve), rotating Opus (iterations 1, 3, 5) and Sonnet (2, 4). Net effect across iterations: a wrong Security Affairs URL on the Nimbus Manticore item was removed and the cert claim re-anchored to Check Point; the missing @tanstack/@squawk packages were added (then the whole Mini Shai-Hulud item was later dropped, see below); an unsourced "first" superlative was removed from the Tycoon 2FA deep dive; the 7-Eleven field-set attribution was split between BleepingComputer and CyberInsider; and the CVE-2026-9312 citation was moved onto the static-HTML GHSA advisory. The iteration-5 (cap) verifier found the § 4 Mini Shai-Hulud UPDATE's sole CERT-FR citation unverifiable (three iterations read that URL three different ways), so that UPDATE was dropped. verification_residual_count = 2 records the iteration-5 truth findings, both resolved by dropping the affected item rather than left in the published brief.
  • Sub-agents: all four (S1–S4) returned within the wall-clock cap; no stalls.
  • New source candidate (this run): cyberinsider (cyberinsider.com — breach journalism, server-rendered, no 403) added as candidate; it contributed corroborating primaries to the Charter and 7-Eleven confirmations. Overflow candidates not added (one-per-run cap): security.com (Symantec/Broadcom Threat Hunter Team's current domain; the old symantec-enterprise-blogs.security.com URL 404s — worth a future source-URL update).
  • Coverage gaps: databreaches-net (bridge 403 for 7th consecutive run); inside-it-ch (bridge 403×5); sophos-xops (503); trendmicro-research (500); greynoise (no structured RSS feed); volexity (malformed RSS, no 2026 items surfaced); securityweek (feed 403, covered via article fetches); sec-edgar (archive 403 on individual filing pages — full-text search bridge works, filing htm does not); cnil-fr, edpb, ncsc-ie, safeonweb-be, ncsc-uk, cert-pl, jpcert — no in-window qualifying items found this run.

Unmatched action items (migrated)

  • Harden government register / cadastral API access — for CH/EU public-sector register operators: enforce MFA on institutional service accounts, anchor institutional access to known ASNs/IP ranges, apply per-institution query-rate limits, and alert on bulk-query bursts outside business hours. Drawn from the Lithuania Centre of Registers breach in § 1.
  • Close the Salesforce-Aura path — audit Experience Cloud guest-user object permissions, enable Secure Guest User Record Access, restrict SSN/government-ID fields to named users, and enforce phishing-resistant MFA (FIDO2/passkeys) on SaaS admin accounts. Drawn from the ShinyHunters update in § 4.
  • Deploy AiTM/device-code detection and policy — stand up the Microsoft Graph reconnaissance-burst hunt and cross-tier (two-ASN, same c_sid) correlation, enable Conditional Access Token Protection, and block the OAuth Device Code flow for users who do not need it. Do not treat Entra Identity Protection as sufficient coverage on its own. See § 5.

Migrated from briefs/2026-05-27.md (v2).

← Operations dashboard · day page 2026-05-27 · run-record contract: docs/pipeline.md