2026-05-28-3e33200a
One pipeline fire, in full · intel run of 2026-05-28 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-28/2026-05-28-3e33200a.md.
Run telemetry
- Items returned
- 7
- Duration
- 8m 47s
- Tool calls
- 14 WebFetch8 WebSearch18 bridge
- Cited sources
- 4 of 27 in slice
- Items returned
- 5
- Duration
- 8m 16s
- Tool calls
- 18 WebFetch10 WebSearch22 bridge
- Cited sources
- 6 of 12 in slice
- Items returned
- 6
- Duration
- 9m 02s
- Tool calls
- 18 WebFetch5 WebSearch18 bridge
- Cited sources
- 8 of 50 in slice
- Items returned
- 4
- Duration
- 9m 20s
- Tool calls
- 12 WebFetch9 WebSearch10 bridge
- Cited sources
- 5 of 20 in slice
Verification
Deep dive
2026-05-28/nx-console-tanstack-daemon-tools-supply-chain-cascade-lands
Entries published (this run)
- ILIAS LMS — nine fixes shipped 2026-05-27, two critical access-control gaps (CVSS 9.8 + 9.3), NCSC.ch flags SOAP interface as primary unauthenticated attack surface threat high
- Germany's federal cabinet approves the Cybersicherheitsstärkungsgesetz — BKA, BSI and Federal Police gain authority to redirect traffic and disable attacker infrastructure threat notable
- CrowdStrike, Google and Shadowserver simultaneously sever all four C2 channels of the GlassWorm developer-targeting botnet (not to be confused with the Nx Console / TanStack GitHub-publish chain in § 5) — Russia-attributed, active since early 2025 threat high
- Dutch National Police arrest 35-year-old over AFC Ajax fan-data breach — misconfigured API access-control and shared keys exposed 300,000+ accounts and 42,000 season-ticket records incident high
- FBI FLASH CSA 260526 — Silent Ransom Group sends operatives physically into US law-firm offices to insert USB exfiltration devices when remote social engineering fails threat notable
- Iran MOIS attributed to LACMTA destructive breach via "Ababil of Minab" hacktivist front — 700 GB exfiltrated, backups and VMs deliberately destroyed threat notable
- CVE-2026-48842 — Roundcube Webmail pre-authentication SQL injection in virtuser_query plugin (CVSS 8.1) vulnerability high
- CVE-2026-35087 / CVE-2026-35089 / CVE-2026-35090 — Slican PBX telephony exchanges, triple pre-authentication admin bypass (CERT Polska) vulnerability high
- MuddyWater / Seedworm — Symantec and Carbon Black document new DLL-side-loading pair via signed Fortemedia and SentinelOne binaries, ChromElevator for Chromium App-Bound Encryption bypass, Node.js orchestration research notable
- Microsoft Defender Experts — AI-chatbot search-poisoning extends SEO-poisoning lure; GPU-utility lookalikes drop ScreenConnect, then process-hollowed miners under signed Microsoft binary research notable
- SANS ISC — Akira ransomware kill chain reconstructed entirely from SSLVPN syslog and Windows EVTX, no EDR research notable
- Nx Console / TanStack / DAEMON Tools supply-chain cascade lands three CISA KEV entries vulnerability high
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
No source-list edits recorded for this run.
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
| Source (uncovered) | URL tried | Method chain | Status / class | What the agent did instead |
|---|---|---|---|---|
| databreaches-net | https://www.databreaches.net/category/breach-incidents/ | webfetch → bridge:url | 403 transport-403 bridge:url returned HTTP 403 (sixth consecutive run) | stories covered via BleepingComputer / The Record / SecurityWeek |
| sophos-xops | https://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242 | bridge:feed | 503 transport-5xx bridge:feed returned HTTP 503 (fifth consecutive run) | none — coverage gap |
| ic3-csa | https://www.ic3.gov/CSA/2026/260526.pdf | webfetch → bridge:url | 403 transport-403 FBI IC3 PDF 403 to routine UA and bridge | FBI FLASH content carried via CyberScoop / The Record / Help Net Security; § 7 flag for reduced confidence |
Bridge invocations (this run)
22 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).
- bridge:feed ×7
- bridge:url ×4
- bridge:ncsc-csh.recent ×1
- bridge:ncsc-csh.post ×1
- bridge:cisa-kev ×1
- bridge:cert-eu.recent ×1
- bridge:cert-fr.avis-recent ×1
- bridge:cert-fr.actu-recent ×1
Verification findings · all iterations
Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.
Iteration #1 NEEDS_FIXES · 11 findings (truth=6, editorial=1, advisory=4) · Claude Opus 4.7 · 7m 45s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | deep-dive | TanStack scope in § 5 TanStack Router npm package version was published with credential-stealing payload | Actual compromise: @tanstack/* npm packages (42 packages); resolved malicious dependency was @tanstack/zod-adapter@1.166.15 | Rewrote § 5 to name @tanstack/* (~42 packages) and @tanstack/zod-adapter@1.166.15 specifically fixed-clean |
| F4 hallucinated-fact | trending-vulnerabilities | Roundcube technical detail preg_replace() backslash-escape bypass via _user parameter | Neither vendor advisory nor NCSC.ch nor Heise carry those technical specifics | Dropped the technical sub-specifics; kept vendor / NCSC-CH description of pre-auth SQLi in virtuser_query plugin fixed-clean |
| F4 hallucinated-fact | active-threats | MOIS/LACMTA 700 GB figure approximately 700 GB of emails, backups and other files | Specific 700 GB figure not present in Gambit / TechCrunch / The Record citations | Changed to 'a large volume of emails, backups and other files' fixed-clean |
| F3 claim-not-supported | active-threats | AFC Ajax 300k / 42k figure attribution Ajax victim statement cited for 300,000 / 42,000 figures | Ajax statement says 300–400 individuals (email addresses), <20 stadium-banned. The 300k/42k figures come from BleepingComputer and The Record | Re-attributed inline citation to BleepingComputer and The Record fixed-clean |
| F4 hallucinated-fact | active-threats | Germany law — netzpolitik.org Bitkom and civil-society groups (notably netzpolitik.org) | netzpolitik.org not in any cited source; onvista names BDI (Holger Lösch) | Replaced Bitkom/netzpolitik framing with BDI + 'civil-society voices' fixed-clean |
| F12 surface-contradiction | active-threats | Germany law — staffing figure 350 vs 37 ~350 new positions | Onvista/dpa: more than 350; t-online: 37 additional employees — material discrepancy not surfaced | Surfaced in § 7 Contradictions; body explains the dpa-sourced framing and the t-online discrepancy fixed-clean |
| F4 hallucinated-fact | active-threats | FBI SRG aliases Luna Moth, Chatty Spider, UNC3753, Storm-0252 | All-four list overstates source backing; CyberScoop omits Luna Moth, The Record + Help Net Security omit Storm-0252 | Reframed as 'tracked variously across cited sources as ...' with Storm-0252 attributed specifically to CyberScoop fixed-clean |
| F4 hallucinated-fact | deep-dive | DAEMON Tools footer date Disc Soft Limited, 2026-05-05 | Actual Disc Soft Limited page publication date is 2026-05-06 | Corrected footer date to 2026-05-06 (both occurrences) fixed-clean |
| F11 editorial-advisory | active-threats | GlassWorm TL;DR omits timing TL;DR bullet does not include 2026-05-26T14:00 UTC | Advisory — compactness preferred; no change | no change (F11 alone doesn't block CLEAN) deferred |
| F11 editorial-advisory | research | MuddyWater / Industrial Cyber + Symantec date Industrial Cyber 2026-05-26 + Symantec 2026-05-26 | Verifier extract: Industrial Cyber 2026-05-13; Symantec 2026-05-12; both earlier than the brief claimed | Updated § 3 footer dates to 2026-05-12 (Symantec) and 2026-05-13 (Industrial Cyber); kept The Hacker News 2026-05-26 as in-window resurfacing; rewrote § 7 date- fixed-clean |
| F11 editorial-advisory | active-threats | Cybersicherheitsstärkungsgesetz formal-name italics italic German portmanteau | Composite legislative-shorthand not directly used by cited German sources | no change — defensible compression; leaving as advisory residual deferred |
Iteration #2 NEEDS_FIXES · 3 findings (truth=2, editorial=0, advisory=1) · Claude Sonnet 4.6 · 4m 48s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | action-items | Roundcube § 6 action item Pre-auth SQLi via the login `_user` parameter | Iter-1 remediation cleaned § 2 body but left the same un-sourced detail in § 6 action item | Replaced with 'Pre-auth SQL injection in the virtuser_query plugin' to match vendor / NCSC.ch language fixed-clean |
| F14 quantifier-without-source | deep-dive | § 5 background paragraph the first time a primary developer platform has been named as a downstream victim of this campaign class | Help Net Security and Nx postmortem (both fetched by verifier) report the GitHub breach factually without 'first time' framing | Removed the 'the first time...' clause; kept the GitHub + Grafana Labs naming as supported fact fixed-clean |
| F10 missed-angle-advisory | deep-dive | Aikido.dev TanStack reverse-engineering primary | Aikido.dev published the primary reverse-engineering analysis; linked from Help Net Security outbound but uncited in the brief | no change — F10 advisory; brief facts are independently supported by Nx postmortem + GHSA; adding an unfetched URL risks introducing a new defect deferred |
Iteration #3 NEEDS_FIXES · 5 findings (truth=2, editorial=1, advisory=2) · Claude Opus 4.7 · 7m 36s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | active-threats | AFC Ajax — 'granted himself access' quoted phrase granted himself access to the football club's computer systems several times | Ajax victim statement uses 'unlawfully gained access' / 'unauthorized actor accessed Ajax systems'; quoted phrase appears to be paraphrase of (403'd) Dutch police release | Removed the inline quote and 'Ajax's own statement confirmed' attribution; replaced with neutral paraphrase 'unauthorised actor who accessed Ajax systems and ex fixed-clean |
| F4 hallucinated-fact | active-threats | Germany Dobrindt quote 'act when a threat is concrete' act when a threat is concrete | Quoted phrase not in any of the three cited German sources (Heise, t-online, onvista/dpa) | Removed the quoted clause; replaced with Heise's active-cyber-defence framing ('active cyber defence targeting attacker command-and-control infrastructure rathe fixed-clean |
| F5 missing-citation | active-threats | FBI SRG — 38+ firms leak-site figure published data from 38+ firms on its leak site | 38+ figure not in any of the three cited aggregator sources; real but uncited | Dropped the 38+ figure; CyberScoop attribution made explicit on the 100+ attacks figure fixed-clean |
| F11 editorial-advisory | trending-vulnerabilities | Slican 'hardcoded' + deployment-context framing hardcoded caller-ID / widely deployed in Polish government | Defensible implementation inference + editorial framing; no source escalation needed | no change (F11) deferred |
| F11 editorial-advisory | active-threats | ILIAS release date 2026-05-27 vs vendor blog 2026-05-26 shipped nine fixes on 2026-05-27 | Possibly vendor-blog render artefact; NCSC-CH 12599 publish date 2026-05-27 consistent with brief | no change (F11) deferred |
Iteration #4 NEEDS_FIXES cap-breach · 3 findings (truth=1, editorial=0, advisory=2) · Claude Sonnet 4.6 · 3m 13s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | tldr | AFC Ajax TL;DR bullet The suspect granted himself access to Ajax's systems several times via misconfigured API access-control and shared keys | iter-3 remediation updated § 1 body but did not propagate to TL;DR — TL;DR retained the unsupported quoted-style framing while body was neutralised | Rewrote TL;DR bullet to match § 1 body's neutral phrasing; explicit BleepingComputer + The Record + Ajax statement attribution chain retained fixed-clean |
| F11 editorial-advisory | deep-dive | Nx Console 18 min vs 11 min postmortem characterisation live on the Visual Studio Marketplace from 12:30 to 12:48 UTC | Verifier confirmed timestamps are correct; postmortem 11-min characterisation is a rounded figure; no change needed | no change (F11) deferred |
| F11 editorial-advisory | trending-vulnerabilities | Slican PBX framing hardcoded / widely deployed in Polish government | Verifier confirmed CERT-PL supports the caller-ID characterisation; defensible | no change (F11) deferred |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-05-28-3e33200a · Claude Opus 4.7 · window 40 h · 12 entries published
- Items dropped — vulnerabilities that did not clear § 2 inclusion gates.
- CVE-2026-9256 / CVE-2026-42945 — NGINX double rewrite-module heap buffer overflow. S1 surfaced these as actively-exploited per NCSC-NL CSAF (
NGINX meldt bekend te zijn met (pogingen tot) misbruik), but the freshest sources are dated 2026-05-22 (NGINX vendor advisory and oss-security mailing list) and 2026-05-18 (NCSC-NL) — both outside the 40-h recency window with no in-window corroborator surfaced. Dropped to § 7 rather than included as a stale exploitation note. Patch is still relevant — 1.31.1+ or 1.30.2+ — defenders running unpatched NGINX should not wait for a future brief to act. - CVE-2026-45659 — Microsoft SharePoint Server CWE-502 deserialization RCE (CVSS 8.8). S1 + S2 both surfaced; NCSC.ch flagged on 2026-05-26 in CSH 12594 (Microsoft MSRC; NCSC-CH post 12594; Help Net Security, 2026-05-26). Did not clear § 2 inclusion gates: post-auth (Site Member,
PR:L), no CISA KEV, no ENISA EUVDexploited=true, no in-the-wild exploitation confirmed, CVSS 8.8 below the 9.0 EUVD-critical floor, and no public PoC reported. Defenders running on-prem SharePoint should still apply the May 2026 CU (SE 16.0.19725.20280 / SP2019 16.0.10417.20128 / SP2016 16.0.5552.1002) — the prior history of rapid weaponisation of SharePoint deserialization gadget chains supports priority patching even without current exploitation evidence. - CVE-2026-27771 — Gitea container-registry access-control failure (~30,000+ deployments). S1 + S3 both surfaced (NoScope, 2026-05-25; The Hacker News, 2026-05-27). Patched in Gitea v1.26.2 (released 2026-05-20). Did not clear § 2 gates — unauthenticated image-pull (data-exposure), not RCE; no KEV / EUVD-critical / confirmed in-the-wild exploitation. Forgejo (the fork used by Codeberg and many EU academic instances) confirmed affected. The four-year window of exposure means retrospective log review for unauthenticated
/v2/<namespace>/<repo>/{manifests,blobs}GETs is warranted on any self-hosted Gitea / Forgejo instance running below 1.26.2; rotate any secrets embedded in container images that were stored as private. - Grandoreiro + BTMOB Android RAT (WatchGuard / ESET, 2026-05-26). Surfaced by S3. Banking-only sector (Portugal / Spain / Brazil / Europe consumer-banking customers); did not clear the daily-relevance bar for a Swiss/EU public-sector SOC audience. Mentioned here so the next run does not re-surface it as new.
- Catalin Dragomir / Oregon OEM sentencing (TheRecord, 2026-05-27). Surfaced by S4. 2021 access-broker sentencing is procedurally significant but the underlying breach is years old and the operational signal — emergency-management network as access-broker target class — is generic; below the daily inclusion bar. Logged here for next-run dedup.
- CVE-2026-9256 / CVE-2026-42945 — NGINX double rewrite-module heap buffer overflow. S1 surfaced these as actively-exploited per NCSC-NL CSAF (
[SINGLE-SOURCE]items. § 3 SANS Internet Storm Center Akira kill-chain reconstruction — single primary publisher, but a high-reliability technical forensic primer; included per PD-5 carve-out (HIGH-reliability primary research source). No defender action flows from the item that needs a second confirmation.
- Reduced confidence — only aggregator sources. § 1 FBI FLASH CSA 260526 (Silent Ransom Group physical-USB tactic) — the FBI IC3 primary PDF (
https://www.ic3.gov/CSA/2026/260526.pdf) returned HTTP 403 to the routine UA and to the bridge fetcher; the three cited sources (CyberScoop, The Record, Help Net Security) are all news aggregators paraphrasing the same FBI advisory. The advisory itself is the substantive primary; operators should fetch the IC3 PDF directly from a desktop browser session to confirm the verbatim text before acting.
- MuddyWater / Symantec primary-source date resolution. S1 reported the Symantec primary as 2026-05-22; S3 reported it as 2026-05-26. Phase 5.7 iteration 1 independently extracted the actual Symantec publication date as 2026-05-12 (and Industrial Cyber as 2026-05-13). § 3 has been re-dated to those values; The Hacker News (2026-05-26) is the in-window publication that pulled the story back to surface and is the reason the item appears in this brief at all. Under PD-7's "freshest source in window" reading the item remains in scope; readers should note the underlying Symantec research is two weeks old.
- Contradictions across linked sources. Germany Cybersicherheitsstärkungsgesetz staffing figure — onvista (dpa) reports "more than 350 new positions" across BKA / BSI / Bundespolizei plus ~€50 million per year; t-online reports a notably smaller initial figure (37 additional employees). The brief carries the dpa-sourced ~350 framing because the onvista/dpa wire is more likely to reflect the cabinet's published bill text; the t-online figure may refer to one specific agency or a phased intake. Operators tracking the bill's progression should follow the Bundestag-stage publication for the authoritative position count.
- Stalled or non-returning sub-agents. None — all four
cti-researchsub-agents returned within the 30-min hard cap (S1: 527 s; S2: 496 s; S3: 542 s; S4: 560 s).
- Verification loop. Phase 5.7 ran four iterations (Opus → Sonnet → Opus → Sonnet, per the v2.47 model-rotation contract). Iteration 4 returned NEEDS_FIXES with one F3 (citation-does-not-support-claim) finding — the AFC Ajax TL;DR bullet retained the iter-3-flagged "granted himself access" framing after the § 1 body had been re-paraphrased. That TL;DR-vs-body inconsistency was remediated post-iter-4 (TL;DR rewritten to match the § 1 body's neutral phrasing). Per v2.50 early-exit (
truth + editorial ≤ 2AND no F1/F4), the brief publishes withverification_residual_count = 1(the iter-4 F3 finding, since fixed in place — same disposition as a cap-breach reached at iter 4 rather than at iter 5). Two F11 advisories (Slican "hardcoded" / "widely deployed in Polish public sector" framing exceeds CERT-PL's direct language; ILIAS vendor blog list-page render date 2026-05-26 vs NCSC-CH 12599 publish stamp 2026-05-27) were deferred as defensible and non-load-bearing.
- Coverage gaps:
databreaches-net(HTTP 403, sixth consecutive run — covered via BleepingComputer / TheRecord / SecurityWeek; not a real gap this run);inside-it-ch(HTTP 403, fifth consecutive run — no exclusive in-window CH-tech story surfaced via alternates);sophos-xops(HTTP 503, fifth consecutive run — no Sophos research story surfaced elsewhere in window);anssi-fr(avis-recentnewest item 2026-05-20 — outside window;actu-recentstale at October 2025);ncsc-uk(RSS items 2022–2025 only, no in-window content);cisa-news(no fresh in-window emergency directive);apple-security,oracle-cpu,chrome-releases(no in-window vendor publication);dfirreport,sekoia(RSS empty for window).
- New candidate source surfaced —
gambit-security. Israeli threat-intelligence firm with primary MOIS / Iran-linked research; the Ababil-of-Minab attribution report (2026-05-26) on the LACMTA breach is the discovery event. Surfaced by S4. Added tosources/sources.jsonasstatus: "candidate"per the one-candidate-per-run rule; promote after 3 successful contributing fetches.
- NoScope, the discoverer of CVE-2026-27771 (Gitea private container exposure), also surfaced as a candidate source by S3 but is deferred per the one-candidate-per-run rule. Carried as a coverage-gap note for next-run consideration.
- Hardcoded sinkhole IP avoided. CrowdStrike's post-takedown GlassWorm sinkhole at
164.92.88[.]210is the operationally useful artefact for retrospective detection, but the brief avoids IPs per PD-3 (no IOCs). Operators acting on the GlassWorm § 1 item should obtain the sinkhole address directly from the CrowdStrike post and apply it in their network telemetry.
Unmatched action items (migrated)
- Inventory and patch ILIAS deployments to 9.20 / 10.8 / 11.1 today. Two critical access-control bugs (
TileImageUploadHandlerunauth file-write CVSS 9.8; MyStaff post-auth SQLi CVSS 9.3) plus seven further high-severity issues — see § 1. Interim mitigation per NCSC.ch: disable the SOAP interface (/webservice/soap/) on any deployment that does not require it for enterprise HR / SIS integration. Reference: ILIAS Security Blog, NCSC-CH 12599. - Inventory VS Code / Cursor / Windsurf extensions across the developer estate against an approved-extensions allowlist; pin Nx Console to ≥ 18.100.0 and rotate every CI/CD secret accessible from a host that ran Nx Console v18.95.0 between 2026-05-18 12:30 and 13:09 UTC. See § 5 for the full chain — TanStack → Nx Console → GitHub / Grafana. CISA KEV adds 2026-05-27 confirm active in-the-wild exploitation. Reference: Nx postmortem.
- DAEMON Tools Lite — replace versions 12.5.0.2421–12.5.0.2434 with ≥ 12.6.0 on every host they were installed on. Trojanised builds signed by the legitimate vendor certificate during the 2026-04-08 → 2026-05-05 window — see § 5. Reference: Disc Soft Limited security notice.
- Hunt for GlassWorm-class developer infections in the network — focus on the dev estate. Even after the C2 takedown the endpoints remain infected; rotate every credential and CI/CD secret accessible from a developer host that installed extensions from VS Code Marketplace or Open VSX between early 2025 and 2026-05-26. Detection concepts in § 1. Reference: CrowdStrike.
- Reconcile local SSLVPN account directories against AD source-of-truth; enforce MFA on every SSLVPN account regardless of directory. SANS ISC's Akira walkthrough (see § 3) confirms
deprovisioned-in-AD-but-retained-in-firewallaccounts as the primary initial-access pathway for this class. Alert on >50 failed SSLVPN authentications from a single source per hour; set Windows Security log size ≥ 1 GB on every host so EID 4688 discovery-phase evidence does not roll off before incident response arrives. - Defenders running large hypervisor estates — separate the recovery plane from the production identity boundary. The MOIS / Ababil-of-Minab LACMTA pattern (see § 1) explicitly targets backup and VM-lifecycle APIs for destruction in parallel with exfiltration. Treat backup-orchestration admin access as a separate identity boundary with MFA on backup-job execution and a tested air-gapped restore path that does not depend on the same identity provider as production.
Migrated from briefs/2026-05-28.md (v2).
← Operations dashboard · day page 2026-05-28 · run-record contract: docs/pipeline.md