2026-05-27-0b6f12dd
One pipeline fire, in full · intel run of 2026-05-27 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-27/2026-05-27-0b6f12dd.md.
Run telemetry
- Items returned
- 6
- Duration
- 6m 43s
- Tool calls
- 22 WebFetch4 WebSearch18 bridge
- Cited sources
- 4 of 27 in slice
- Items returned
- 2
- Duration
- 8m 44s
- Tool calls
- 12 WebFetch14 WebSearch14 bridge
- Cited sources
- 3 of 42 in slice
- Items returned
- 5
- Duration
- 10m 53s
- Tool calls
- 14 WebFetch2 WebSearch16 bridge
- Cited sources
- 4 of 51 in slice
- Items returned
- 4
- Duration
- 10m 34s
- Tool calls
- 14 WebFetch13 WebSearch9 bridge
- Cited sources
- 4 of 13 in slice
Verification
1 entry dropped by verification this run (recorded in the verification & coverage notes).
Deep dive
2026-05-27/tycoon-2fa-after-the-march-2026-takedown-two-tier-aitm-opera
Entries published (this run)
- Lithuania's Centre of Registers loses ~600,000 state-register records to abused institutional credentials; foreign-state actor suspected incident high
- CVE-2026-9312 — GitHub Enterprise Server (< 3.22): unauthenticated SSRF via upload-endpoint path traversal exposes internal services and credentials vulnerability high
- CVE-2026-9642 — Delta Electronics DIAView SCADA: incomplete fix for prior unauthenticated remote database access (CVE-2025-62582) vulnerability notable
- ShinyHunters Salesforce campaign — Charter and 7-Eleven both confirm; 7-Eleven count put at ~185,000 affected incident high
- Nimbus Manticore (UNC1549 / Screening Serpens) — Check Point details MiniFast backdoor, Zoom-task hijacking and SEO-poisoning delivery threat notable update
- Tycoon 2FA after the March 2026 takedown: two-tier AiTM operator architecture and the OAuth device-code variant threat high
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
No source-list edits recorded for this run.
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
| Source (uncovered) | URL tried | Method chain | Status / class | What the agent did instead |
|---|---|---|---|---|
| databreaches-net | https://databreaches.net/category/breach-incidents/ | webfetch → bridge:url | 403 transport-403 bridge:url returned HTTP 403; no Wayback snapshot for listing page | none |
| inside-it-ch | https://www.inside-it.ch/ | webfetch → bridge:url | 403 transport-403 bridge:url returned HTTP 403 (rotation gap 5 runs) | none |
| sec-disclosures-edgar | https://www.sec.gov/Archives/edgar/data/1799191/000107997326000721/toi_8k.htm | webfetch → bridge:url | 403 transport-403 sec.gov/Archives 403 via WebFetch and bridge; full-text search bridge works, individual filing htm does not | relied on SecurityWeek summary; item dropped to § 7 as unverifiable primary |
Bridge invocations (this run)
4 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).
- bridge:url ×2
- api ×1
- bridge:cisa-kev ×1
Verification findings · all iterations
Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.
Iteration #1 NEEDS_FIXES · 4 findings (truth=2, editorial=0, advisory=2) · Claude Opus 4.7 · 3m 50s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 citation-does-not-support-claim | updates | UPDATE: Mini Shai-Hulud (TeamPCP) — CERT-FR ... | CERTFR-2026-ACT-023 is a weekly bulletin with package list + recommendations; does not confirm a French victim | Reframed TL;DR bullet, H3 and body to bulletin/package-scope/source-code-leak framing; removed victim-confirmation claim; corrected § 7 PD-5 note fixed-clean |
| F1 broken-url | updates | UPDATE: Nimbus Manticore (UNC1549) ... | URL serves an unrelated Laravel-Lang article (wrong slug/ID); SSL.com cert claim itself true via Check Point | Dropped the Security Affairs source; re-attributed the SSL.com cert claim to Check Point primary (already cited); Check Point + THN remain fixed-clean |
| F11 advisory-date | active-threats | Lithuania Centre of Registers LRT date | LRT additional source actual date 2026-05-22, brief said 2026-05-26 | Corrected LRT date to 2026-05-22 fixed-clean |
| F11 advisory-count | deep-dive | Tycoon 2FA deep dive six Entra ID / four Workspace detections | Detection-rule count not exactly reconcilable from fetched Elastic body | Softened to multiple Entra ID and Google Workspace detections fixed-clean |
Iteration #2 NEEDS_FIXES · 1 finding (truth=0, editorial=1, advisory=0) · Claude Sonnet 4.6 · 3m 35s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F10 missed-angle | updates | UPDATE: Mini Shai-Hulud (TeamPCP) + § 6 Action Item CERTFR-2026-ACT-023 package list | @tanstack/* and @squawk/* compromised packages listed in the bulletin were absent from the brief package scope and action item | Added @tanstack/* (Apr-May 2026), @squawk/* (all versions), and fuller version detail (@mistralai 2.2.x/PyPI 2.4.6, guardrails-ai 0.10.1, lightning 2.6.2/2.6.3) fixed-clean |
Iteration #3 NEEDS_FIXES · 2 findings (truth=1, editorial=1, advisory=0) · Claude Opus 4.7 · 3m 29s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F14 quantifier-without-source | deep-dive | Tycoon 2FA deep dive — Background "the first detailed detection-engineering treatment" | Elastic article makes no "first" claim; brief-authored superlative | Dropped "the first" — now "a detailed detection-engineering treatment" fixed-clean |
| F3 claim-not-supported | updates | 7-Eleven ShinyHunters UPDATE "franchise applicants" | Cited sources describe job/recruitment applicants, not franchise applicants; SSN/DL detail itself supported | Changed "franchise-applicant/franchise applicants" to "job-applicant/job-recruitment applicants" in TL;DR and § 4 fixed-clean |
Iteration #4 NEEDS_FIXES · 3 findings (truth=1, editorial=1, advisory=1) · Claude Sonnet 4.6 · 3m 11s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 citation-does-not-support-claim | tldr | TL;DR ShinyHunters bullet 7-Eleven SSN/DL claim cited to Charter BleepingComputer URL | SSN/DL claim attached to the Charter article URL (wrong article); 7-Eleven BleepingComputer lists different fields; SSN/DL supported only by CyberInsider | Re-cited Charter to its BleepingComputer URL and attributed the 7-Eleven SSN/DL claim to CyberInsider inline in TL;DR; § 4 now attributes BleepingComputer field fixed-clean |
| F9 claim-mischaracterises-source | updates | Mini Shai-Hulud CERT-FR UPDATE "it does not name a confirmed French victim" | CERTFR-2026-ACT-023 states ANSSI is aware of several French victims (unnamed); brief implied silence — reverses iter1 over-correction | Reframed § 4 + § 7 to state ANSSI is aware of several unnamed French victims currently affected fixed-clean |
| F11 unverifiable-spa-source | trending-vulnerabilities | CVE-2026-9312 GitHub Enterprise SSRF docs.github.com release-notes (JS SPA) | GHES release-notes + EUVD render via JS; not WebFetch-verifiable; GHSA-fwfp-h68w-2hcr is static HTML | Replaced release-notes SPA with GHSA-fwfp-h68w-2hcr as primary (static, verifiable); EUVD demoted to additional fixed-clean |
Iteration #5 NEEDS_FIXES cap-breach · 2 findings (truth=2, editorial=0, advisory=0) · Claude Opus 4.7 · 3m 37s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 citation-does-not-support-claim | updates | Mini Shai-Hulud (TeamPCP) UPDATE | Cap verifier fetched the URL and found a week-21 vulnerability roundup with no TeamPCP/Mini Shai-Hulud/package/victim content; three iterations read the URL three different ways | Dropped the entire Mini Shai-Hulud UPDATE (TL;DR bullet, § 4 block, § 6 action item, § 6 footer source) — campaign real but the cited delta unverifiable dropped-item |
| F4 unsupported-fact | updates | Mini Shai-Hulud — ANSSI aware of French victims "ANSSI is aware of several French victims" | Claim unsupported by the cited CERT-FR URL per cap verifier; no alternate source fetched | Removed with the dropped UPDATE dropped-item |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-05-27-0b6f12dd · Claude Opus 4.7 · 6 entries published
- Items dropped:
- MuddyWater / Seedworm DLL side-loading campaign (Symantec / Broadcom Threat Hunter Team) — surfaced by two sub-agents, but the primary Symantec analysis is dated 2026-05-12 (one agent) / 2026-05-22 (the other); the only in-window source is a 2026-05-26 The Hacker News restatement with no fresh exploitation, victim or patch development. Out of window per PD-7 (primary older than the 36 h window, no fresh in-window delta, not a previously-covered item eligible for an UPDATE). High-relevance Iran-aligned espionage campaign (signed-binary DLL side-loading via
fmapp.exe/sentinelmemoryscanner.exe, ChromElevator) noted for the record; will reconsider if a fresh national-CERT or victim development lands. - Five-year database-ransom census (ransomnews.com) — single-source from a small, independently unverified research organisation; corroboration was a Security Affairs restatement, not independent reproduction. Headline figures (46.3% of 65,907 exposed databases, 215+ billion records, BTC-wallet economics) are vanity-metric-style aggregates that PD-4 excludes; dropped as
[SINGLE-SOURCE]/ reduced-confidence. Underlying defender lesson (never expose MongoDB/MySQL/Elasticsearch to the internet unauthenticated) is already standard hardening. - The Oncology Institute SEC 8-K Item 1.05 (third-party vendor breach) — the SEC EDGAR filing URL returned HTTP 403 to the sub-agent, so the primary filing text could not be verified in-run; the only verifiable source was a single SecurityWeek article, and the TriZetto/Cognizant vendor attribution is SecurityWeek's timeline-based inference, not stated in the filing. Dropped as reduced-confidence / single verifiable source; US-only healthcare with indirect CH/EU relevance.
- Mini Shai-Hulud (TeamPCP) § 4 UPDATE — dropped at the verification cap. The UPDATE's sole citation was CERT-FR's weekly bulletin CERTFR-2026-ACT-023, and across this run's verification loop three independent verifier reads of that exact URL contradicted each other: one read it as the campaign bulletin with no named victim, one quoted a French sentence stating ANSSI is aware of several French victims, and the iteration-5 (cap) verifier fetched it and reported it as a week-21 vulnerability roundup (Drupal/F5/Microsoft/Cisco/Linux-kernel) with no mention of TeamPCP, Mini Shai-Hulud, the named packages, the source-code leak, or French victims. Because the claimed delta (widened package scope, source-code leak, French-victim awareness) could not be reliably tied to the cited source and no alternate source was fetched for it, the entire UPDATE — its TL;DR bullet and § 6 action item included — was dropped rather than published on an unverifiable attribution (PD-1). The Mini Shai-Hulud / TeamPCP campaign itself remains real and was last covered 2026-05-26; only today's CERT-FR-sourced delta is withheld pending a verifiable source.
- MuddyWater / Seedworm DLL side-loading campaign (Symantec / Broadcom Threat Hunter Team) — surfaced by two sub-agents, but the primary Symantec analysis is dated 2026-05-12 (one agent) / 2026-05-22 (the other); the only in-window source is a 2026-05-26 The Hacker News restatement with no fresh exploitation, victim or patch development. Out of window per PD-7 (primary older than the 36 h window, no fresh in-window delta, not a previously-covered item eligible for an UPDATE). High-relevance Iran-aligned espionage campaign (signed-binary DLL side-loading via
- CVEs that did not clear a § 2 inclusion gate:
- CVE-2026-45659 — Microsoft SharePoint Server 2016/2019/SE deserialization RCE (CVSS 8.8) — fails all § 2 gates: post-auth (minimum Site Member,
PR:L), CVSS below 9.0, MSRC "Exploitation Less Likely", not CISA-KEV, no public PoC. Surfaced by three sub-agents and carries NCSC-CH (advisory 12594) and BSI (WID-SEC-2026-1652) same-day advisories on the out-of-band CVE addition. Operational note for Swiss/EU public-sector SOCs: the CVE was added to Microsoft's set out-of-band on 2026-05-26 after shipping in the May 2026 Patch Tuesday — ensure vulnerability-management tooling ingests the late CVE so already-patched farms are scored correctly. - CVE-2026-44895 — yoda-digital
mcp-gitlab-server< 0.6.0 (no-auth SSE RPC endpoint, CVSS 4.0 = 9.2) — clears the EUVD CVSS 9.0–10.0 gate but is a niche npm MCP-server package with marginal deployment in the target audience; not promoted to § 2. Relevant only to teams running this specific MCP GitLab bridge bound to0.0.0.0with wildcard CORS — patch to 0.6.0 if in use.
- CVE-2026-45659 — Microsoft SharePoint Server 2016/2019/SE deserialization RCE (CVSS 8.8) — fails all § 2 gates: post-auth (minimum Site Member,
- Single-source items included: CVE-2026-9642 (Delta DIAView, Tenable Research TRA-2026-44 only) — marked
[SINGLE-SOURCE]in § 2; included on Tenable's HIGH-reliability researcher standing. - Recency: standard 36 h window (24 h gap to 2026-05-26). The Nimbus Manticore § 4 UPDATE cites Check Point Research dated 2026-05-22; included as an UPDATE on previously-covered UNC1549 (2026-05-23) carrying material new technical detail and broad in-window (2026-05-26) amplification.
- Contradictions / unresolved: sub-agents reported the Symantec Seedworm primary as 2026-05-12 (S3) vs 2026-05-22 (S1); unresolved, but the item was dropped on recency grounds regardless. Charter disputes ShinyHunters' 42M-record claim and asserts no sensitive PI/CPNI was taken — the brief reports both the actor claim and the victim's dispute rather than adjudicating. On 7-Eleven, the two cited sources differ on the exposed field set — BleepingComputer lists names, DOBs and contact/address data (no SSN / driver's licence), while CyberInsider additionally reports SSNs and driver's licence numbers; the brief reports both with attribution rather than asserting the high-sensitivity fields as settled.
- Verification: the brief ran the full 5-iteration verification loop without reaching a CLEAN verdict (cap-breach safety valve), rotating Opus (iterations 1, 3, 5) and Sonnet (2, 4). Net effect across iterations: a wrong Security Affairs URL on the Nimbus Manticore item was removed and the cert claim re-anchored to Check Point; the missing
@tanstack/@squawkpackages were added (then the whole Mini Shai-Hulud item was later dropped, see below); an unsourced "first" superlative was removed from the Tycoon 2FA deep dive; the 7-Eleven field-set attribution was split between BleepingComputer and CyberInsider; and the CVE-2026-9312 citation was moved onto the static-HTML GHSA advisory. The iteration-5 (cap) verifier found the § 4 Mini Shai-Hulud UPDATE's sole CERT-FR citation unverifiable (three iterations read that URL three different ways), so that UPDATE was dropped.verification_residual_count = 2records the iteration-5 truth findings, both resolved by dropping the affected item rather than left in the published brief. - Sub-agents: all four (S1–S4) returned within the wall-clock cap; no stalls.
- New source candidate (this run):
cyberinsider(cyberinsider.com — breach journalism, server-rendered, no 403) added ascandidate; it contributed corroborating primaries to the Charter and 7-Eleven confirmations. Overflow candidates not added (one-per-run cap):security.com(Symantec/Broadcom Threat Hunter Team's current domain; the oldsymantec-enterprise-blogs.security.comURL 404s — worth a future source-URL update). - Coverage gaps: databreaches-net (bridge 403 for 7th consecutive run); inside-it-ch (bridge 403×5); sophos-xops (503); trendmicro-research (500); greynoise (no structured RSS feed); volexity (malformed RSS, no 2026 items surfaced); securityweek (feed 403, covered via article fetches); sec-edgar (archive 403 on individual filing pages — full-text search bridge works, filing htm does not); cnil-fr, edpb, ncsc-ie, safeonweb-be, ncsc-uk, cert-pl, jpcert — no in-window qualifying items found this run.
Unmatched action items (migrated)
- Harden government register / cadastral API access — for CH/EU public-sector register operators: enforce MFA on institutional service accounts, anchor institutional access to known ASNs/IP ranges, apply per-institution query-rate limits, and alert on bulk-query bursts outside business hours. Drawn from the Lithuania Centre of Registers breach in § 1.
- Close the Salesforce-Aura path — audit Experience Cloud guest-user object permissions, enable Secure Guest User Record Access, restrict SSN/government-ID fields to named users, and enforce phishing-resistant MFA (FIDO2/passkeys) on SaaS admin accounts. Drawn from the ShinyHunters update in § 4.
- Deploy AiTM/device-code detection and policy — stand up the Microsoft Graph reconnaissance-burst hunt and cross-tier (two-ASN, same
c_sid) correlation, enable Conditional Access Token Protection, and block the OAuth Device Code flow for users who do not need it. Do not treat Entra Identity Protection as sufficient coverage on its own. See § 5.
Migrated from briefs/2026-05-27.md (v2).
← Operations dashboard · day page 2026-05-27 · run-record contract: docs/pipeline.md