ctipilot.ch

2026-05-28-3e33200a

One pipeline fire, in full · intel run of 2026-05-28 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-28/2026-05-28-3e33200a.md.

Run telemetry

2026-05-28-3e33200a intel prompt v2.60
24m 59s duration 12 published 0 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
7
Duration
8m 47s
Tool calls
14 WebFetch8 WebSearch18 bridge
Cited sources
4 of 27 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
5
Duration
8m 16s
Tool calls
18 WebFetch10 WebSearch22 bridge
Cited sources
6 of 12 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
9m 02s
Tool calls
18 WebFetch5 WebSearch18 bridge
Cited sources
8 of 50 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
9m 20s
Tool calls
12 WebFetch9 WebSearch10 bridge
Cited sources
5 of 20 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.7 · t=6 e=1 a=4 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=2 e=0 a=1 #3 NEEDS_FIXES · Claude Opus 4.7 · t=2 e=1 a=2 #4 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=0 a=2

Deep dive

2026-05-28/nx-console-tanstack-daemon-tools-supply-chain-cascade-lands

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
databreaches-nethttps://www.databreaches.net/category/breach-incidents/webfetchbridge:url403 transport-403
bridge:url returned HTTP 403 (sixth consecutive run)
stories covered via BleepingComputer / The Record / SecurityWeek
sophos-xopshttps://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242bridge:feed503 transport-5xx
bridge:feed returned HTTP 503 (fifth consecutive run)
none — coverage gap
ic3-csahttps://www.ic3.gov/CSA/2026/260526.pdfwebfetchbridge:url403 transport-403
FBI IC3 PDF 403 to routine UA and bridge
FBI FLASH content carried via CyberScoop / The Record / Help Net Security; § 7 flag for reduced confidence

Bridge invocations (this run)

22 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).

18 ok4 empty feed
  • bridge:feed ×7
  • bridge:url ×4
  • bridge:ncsc-csh.recent ×1
  • bridge:ncsc-csh.post ×1
  • bridge:cisa-kev ×1
  • bridge:cert-eu.recent ×1
  • bridge:cert-fr.avis-recent ×1
  • bridge:cert-fr.actu-recent ×1

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 11 findings (truth=6, editorial=1, advisory=4) · Claude Opus 4.7 · 7m 45s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
deep-diveTanStack scope in § 5
TanStack Router npm package version was published with credential-stealing payload
Actual compromise: @tanstack/* npm packages (42 packages); resolved malicious dependency was @tanstack/zod-adapter@1.166.15Rewrote § 5 to name @tanstack/* (~42 packages) and @tanstack/zod-adapter@1.166.15 specifically fixed-clean
F4
hallucinated-fact
trending-vulnerabilitiesRoundcube technical detail
preg_replace() backslash-escape bypass via _user parameter
Neither vendor advisory nor NCSC.ch nor Heise carry those technical specificsDropped the technical sub-specifics; kept vendor / NCSC-CH description of pre-auth SQLi in virtuser_query plugin fixed-clean
F4
hallucinated-fact
active-threatsMOIS/LACMTA 700 GB figure
approximately 700 GB of emails, backups and other files
Specific 700 GB figure not present in Gambit / TechCrunch / The Record citationsChanged to 'a large volume of emails, backups and other files' fixed-clean
F3
claim-not-supported
active-threatsAFC Ajax 300k / 42k figure attribution
Ajax victim statement cited for 300,000 / 42,000 figures
Ajax statement says 300–400 individuals (email addresses), <20 stadium-banned. The 300k/42k figures come from BleepingComputer and The RecordRe-attributed inline citation to BleepingComputer and The Record fixed-clean
F4
hallucinated-fact
active-threatsGermany law — netzpolitik.org
Bitkom and civil-society groups (notably netzpolitik.org)
netzpolitik.org not in any cited source; onvista names BDI (Holger Lösch)Replaced Bitkom/netzpolitik framing with BDI + 'civil-society voices' fixed-clean
F12
surface-contradiction
active-threatsGermany law — staffing figure 350 vs 37
~350 new positions
Onvista/dpa: more than 350; t-online: 37 additional employees — material discrepancy not surfacedSurfaced in § 7 Contradictions; body explains the dpa-sourced framing and the t-online discrepancy fixed-clean
F4
hallucinated-fact
active-threatsFBI SRG aliases
Luna Moth, Chatty Spider, UNC3753, Storm-0252
All-four list overstates source backing; CyberScoop omits Luna Moth, The Record + Help Net Security omit Storm-0252Reframed as 'tracked variously across cited sources as ...' with Storm-0252 attributed specifically to CyberScoop fixed-clean
F4
hallucinated-fact
deep-diveDAEMON Tools footer date
Disc Soft Limited, 2026-05-05
Actual Disc Soft Limited page publication date is 2026-05-06Corrected footer date to 2026-05-06 (both occurrences) fixed-clean
F11
editorial-advisory
active-threatsGlassWorm TL;DR omits timing
TL;DR bullet does not include 2026-05-26T14:00 UTC
Advisory — compactness preferred; no changeno change (F11 alone doesn't block CLEAN) deferred
F11
editorial-advisory
researchMuddyWater / Industrial Cyber + Symantec date
Industrial Cyber 2026-05-26 + Symantec 2026-05-26
Verifier extract: Industrial Cyber 2026-05-13; Symantec 2026-05-12; both earlier than the brief claimedUpdated § 3 footer dates to 2026-05-12 (Symantec) and 2026-05-13 (Industrial Cyber); kept The Hacker News 2026-05-26 as in-window resurfacing; rewrote § 7 date- fixed-clean
F11
editorial-advisory
active-threatsCybersicherheitsstärkungsgesetz formal-name italics
italic German portmanteau
Composite legislative-shorthand not directly used by cited German sourcesno change — defensible compression; leaving as advisory residual deferred

Iteration #2 NEEDS_FIXES · 3 findings (truth=2, editorial=0, advisory=1) · Claude Sonnet 4.6 · 4m 48s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
action-itemsRoundcube § 6 action item
Pre-auth SQLi via the login `_user` parameter
Iter-1 remediation cleaned § 2 body but left the same un-sourced detail in § 6 action itemReplaced with 'Pre-auth SQL injection in the virtuser_query plugin' to match vendor / NCSC.ch language fixed-clean
F14
quantifier-without-source
deep-dive§ 5 background paragraph
the first time a primary developer platform has been named as a downstream victim of this campaign class
Help Net Security and Nx postmortem (both fetched by verifier) report the GitHub breach factually without 'first time' framingRemoved the 'the first time...' clause; kept the GitHub + Grafana Labs naming as supported fact fixed-clean
F10
missed-angle-advisory
deep-diveAikido.dev TanStack reverse-engineering primaryAikido.dev published the primary reverse-engineering analysis; linked from Help Net Security outbound but uncited in the briefno change — F10 advisory; brief facts are independently supported by Nx postmortem + GHSA; adding an unfetched URL risks introducing a new defect deferred

Iteration #3 NEEDS_FIXES · 5 findings (truth=2, editorial=1, advisory=2) · Claude Opus 4.7 · 7m 36s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
active-threatsAFC Ajax — 'granted himself access' quoted phrase
granted himself access to the football club's computer systems several times
Ajax victim statement uses 'unlawfully gained access' / 'unauthorized actor accessed Ajax systems'; quoted phrase appears to be paraphrase of (403'd) Dutch police releaseRemoved the inline quote and 'Ajax's own statement confirmed' attribution; replaced with neutral paraphrase 'unauthorised actor who accessed Ajax systems and ex fixed-clean
F4
hallucinated-fact
active-threatsGermany Dobrindt quote 'act when a threat is concrete'
act when a threat is concrete
Quoted phrase not in any of the three cited German sources (Heise, t-online, onvista/dpa)Removed the quoted clause; replaced with Heise's active-cyber-defence framing ('active cyber defence targeting attacker command-and-control infrastructure rathe fixed-clean
F5
missing-citation
active-threatsFBI SRG — 38+ firms leak-site figure
published data from 38+ firms on its leak site
38+ figure not in any of the three cited aggregator sources; real but uncitedDropped the 38+ figure; CyberScoop attribution made explicit on the 100+ attacks figure fixed-clean
F11
editorial-advisory
trending-vulnerabilitiesSlican 'hardcoded' + deployment-context framing
hardcoded caller-ID / widely deployed in Polish government
Defensible implementation inference + editorial framing; no source escalation neededno change (F11) deferred
F11
editorial-advisory
active-threatsILIAS release date 2026-05-27 vs vendor blog 2026-05-26
shipped nine fixes on 2026-05-27
Possibly vendor-blog render artefact; NCSC-CH 12599 publish date 2026-05-27 consistent with briefno change (F11) deferred

Iteration #4 NEEDS_FIXES cap-breach · 3 findings (truth=1, editorial=0, advisory=2) · Claude Sonnet 4.6 · 3m 13s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
tldrAFC Ajax TL;DR bullet
The suspect granted himself access to Ajax's systems several times via misconfigured API access-control and shared keys
iter-3 remediation updated § 1 body but did not propagate to TL;DR — TL;DR retained the unsupported quoted-style framing while body was neutralisedRewrote TL;DR bullet to match § 1 body's neutral phrasing; explicit BleepingComputer + The Record + Ajax statement attribution chain retained fixed-clean
F11
editorial-advisory
deep-diveNx Console 18 min vs 11 min postmortem characterisation
live on the Visual Studio Marketplace from 12:30 to 12:48 UTC
Verifier confirmed timestamps are correct; postmortem 11-min characterisation is a rounded figure; no change neededno change (F11) deferred
F11
editorial-advisory
trending-vulnerabilitiesSlican PBX framing
hardcoded / widely deployed in Polish government
Verifier confirmed CERT-PL supports the caller-ID characterisation; defensibleno change (F11) deferred

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-28-3e33200a · Claude Opus 4.7 · window 40 h · 12 entries published

  • Items dropped — vulnerabilities that did not clear § 2 inclusion gates.
    • CVE-2026-9256 / CVE-2026-42945 — NGINX double rewrite-module heap buffer overflow. S1 surfaced these as actively-exploited per NCSC-NL CSAF (NGINX meldt bekend te zijn met (pogingen tot) misbruik), but the freshest sources are dated 2026-05-22 (NGINX vendor advisory and oss-security mailing list) and 2026-05-18 (NCSC-NL) — both outside the 40-h recency window with no in-window corroborator surfaced. Dropped to § 7 rather than included as a stale exploitation note. Patch is still relevant — 1.31.1+ or 1.30.2+ — defenders running unpatched NGINX should not wait for a future brief to act.
    • CVE-2026-45659 — Microsoft SharePoint Server CWE-502 deserialization RCE (CVSS 8.8). S1 + S2 both surfaced; NCSC.ch flagged on 2026-05-26 in CSH 12594 (Microsoft MSRC; NCSC-CH post 12594; Help Net Security, 2026-05-26). Did not clear § 2 inclusion gates: post-auth (Site Member, PR:L), no CISA KEV, no ENISA EUVD exploited=true, no in-the-wild exploitation confirmed, CVSS 8.8 below the 9.0 EUVD-critical floor, and no public PoC reported. Defenders running on-prem SharePoint should still apply the May 2026 CU (SE 16.0.19725.20280 / SP2019 16.0.10417.20128 / SP2016 16.0.5552.1002) — the prior history of rapid weaponisation of SharePoint deserialization gadget chains supports priority patching even without current exploitation evidence.
    • CVE-2026-27771 — Gitea container-registry access-control failure (~30,000+ deployments). S1 + S3 both surfaced (NoScope, 2026-05-25; The Hacker News, 2026-05-27). Patched in Gitea v1.26.2 (released 2026-05-20). Did not clear § 2 gates — unauthenticated image-pull (data-exposure), not RCE; no KEV / EUVD-critical / confirmed in-the-wild exploitation. Forgejo (the fork used by Codeberg and many EU academic instances) confirmed affected. The four-year window of exposure means retrospective log review for unauthenticated /v2/<namespace>/<repo>/{manifests,blobs} GETs is warranted on any self-hosted Gitea / Forgejo instance running below 1.26.2; rotate any secrets embedded in container images that were stored as private.
    • Grandoreiro + BTMOB Android RAT (WatchGuard / ESET, 2026-05-26). Surfaced by S3. Banking-only sector (Portugal / Spain / Brazil / Europe consumer-banking customers); did not clear the daily-relevance bar for a Swiss/EU public-sector SOC audience. Mentioned here so the next run does not re-surface it as new.
    • Catalin Dragomir / Oregon OEM sentencing (TheRecord, 2026-05-27). Surfaced by S4. 2021 access-broker sentencing is procedurally significant but the underlying breach is years old and the operational signal — emergency-management network as access-broker target class — is generic; below the daily inclusion bar. Logged here for next-run dedup.
  • [SINGLE-SOURCE] items. § 3 SANS Internet Storm Center Akira kill-chain reconstruction — single primary publisher, but a high-reliability technical forensic primer; included per PD-5 carve-out (HIGH-reliability primary research source). No defender action flows from the item that needs a second confirmation.
  • Reduced confidence — only aggregator sources. § 1 FBI FLASH CSA 260526 (Silent Ransom Group physical-USB tactic) — the FBI IC3 primary PDF (https://www.ic3.gov/CSA/2026/260526.pdf) returned HTTP 403 to the routine UA and to the bridge fetcher; the three cited sources (CyberScoop, The Record, Help Net Security) are all news aggregators paraphrasing the same FBI advisory. The advisory itself is the substantive primary; operators should fetch the IC3 PDF directly from a desktop browser session to confirm the verbatim text before acting.
  • MuddyWater / Symantec primary-source date resolution. S1 reported the Symantec primary as 2026-05-22; S3 reported it as 2026-05-26. Phase 5.7 iteration 1 independently extracted the actual Symantec publication date as 2026-05-12 (and Industrial Cyber as 2026-05-13). § 3 has been re-dated to those values; The Hacker News (2026-05-26) is the in-window publication that pulled the story back to surface and is the reason the item appears in this brief at all. Under PD-7's "freshest source in window" reading the item remains in scope; readers should note the underlying Symantec research is two weeks old.
  • Contradictions across linked sources. Germany Cybersicherheitsstärkungsgesetz staffing figure — onvista (dpa) reports "more than 350 new positions" across BKA / BSI / Bundespolizei plus ~€50 million per year; t-online reports a notably smaller initial figure (37 additional employees). The brief carries the dpa-sourced ~350 framing because the onvista/dpa wire is more likely to reflect the cabinet's published bill text; the t-online figure may refer to one specific agency or a phased intake. Operators tracking the bill's progression should follow the Bundestag-stage publication for the authoritative position count.
  • Stalled or non-returning sub-agents. None — all four cti-research sub-agents returned within the 30-min hard cap (S1: 527 s; S2: 496 s; S3: 542 s; S4: 560 s).
  • Verification loop. Phase 5.7 ran four iterations (Opus → Sonnet → Opus → Sonnet, per the v2.47 model-rotation contract). Iteration 4 returned NEEDS_FIXES with one F3 (citation-does-not-support-claim) finding — the AFC Ajax TL;DR bullet retained the iter-3-flagged "granted himself access" framing after the § 1 body had been re-paraphrased. That TL;DR-vs-body inconsistency was remediated post-iter-4 (TL;DR rewritten to match the § 1 body's neutral phrasing). Per v2.50 early-exit (truth + editorial ≤ 2 AND no F1/F4), the brief publishes with verification_residual_count = 1 (the iter-4 F3 finding, since fixed in place — same disposition as a cap-breach reached at iter 4 rather than at iter 5). Two F11 advisories (Slican "hardcoded" / "widely deployed in Polish public sector" framing exceeds CERT-PL's direct language; ILIAS vendor blog list-page render date 2026-05-26 vs NCSC-CH 12599 publish stamp 2026-05-27) were deferred as defensible and non-load-bearing.
  • Coverage gaps: databreaches-net (HTTP 403, sixth consecutive run — covered via BleepingComputer / TheRecord / SecurityWeek; not a real gap this run); inside-it-ch (HTTP 403, fifth consecutive run — no exclusive in-window CH-tech story surfaced via alternates); sophos-xops (HTTP 503, fifth consecutive run — no Sophos research story surfaced elsewhere in window); anssi-fr (avis-recent newest item 2026-05-20 — outside window; actu-recent stale at October 2025); ncsc-uk (RSS items 2022–2025 only, no in-window content); cisa-news (no fresh in-window emergency directive); apple-security, oracle-cpu, chrome-releases (no in-window vendor publication); dfirreport, sekoia (RSS empty for window).
  • New candidate source surfaced — gambit-security. Israeli threat-intelligence firm with primary MOIS / Iran-linked research; the Ababil-of-Minab attribution report (2026-05-26) on the LACMTA breach is the discovery event. Surfaced by S4. Added to sources/sources.json as status: "candidate" per the one-candidate-per-run rule; promote after 3 successful contributing fetches.
  • NoScope, the discoverer of CVE-2026-27771 (Gitea private container exposure), also surfaced as a candidate source by S3 but is deferred per the one-candidate-per-run rule. Carried as a coverage-gap note for next-run consideration.
  • Hardcoded sinkhole IP avoided. CrowdStrike's post-takedown GlassWorm sinkhole at 164.92.88[.]210 is the operationally useful artefact for retrospective detection, but the brief avoids IPs per PD-3 (no IOCs). Operators acting on the GlassWorm § 1 item should obtain the sinkhole address directly from the CrowdStrike post and apply it in their network telemetry.

Unmatched action items (migrated)

  • Inventory and patch ILIAS deployments to 9.20 / 10.8 / 11.1 today. Two critical access-control bugs (TileImageUploadHandler unauth file-write CVSS 9.8; MyStaff post-auth SQLi CVSS 9.3) plus seven further high-severity issues — see § 1. Interim mitigation per NCSC.ch: disable the SOAP interface (/webservice/soap/) on any deployment that does not require it for enterprise HR / SIS integration. Reference: ILIAS Security Blog, NCSC-CH 12599.
  • Inventory VS Code / Cursor / Windsurf extensions across the developer estate against an approved-extensions allowlist; pin Nx Console to ≥ 18.100.0 and rotate every CI/CD secret accessible from a host that ran Nx Console v18.95.0 between 2026-05-18 12:30 and 13:09 UTC. See § 5 for the full chain — TanStack → Nx Console → GitHub / Grafana. CISA KEV adds 2026-05-27 confirm active in-the-wild exploitation. Reference: Nx postmortem.
  • DAEMON Tools Lite — replace versions 12.5.0.2421–12.5.0.2434 with ≥ 12.6.0 on every host they were installed on. Trojanised builds signed by the legitimate vendor certificate during the 2026-04-08 → 2026-05-05 window — see § 5. Reference: Disc Soft Limited security notice.
  • Hunt for GlassWorm-class developer infections in the network — focus on the dev estate. Even after the C2 takedown the endpoints remain infected; rotate every credential and CI/CD secret accessible from a developer host that installed extensions from VS Code Marketplace or Open VSX between early 2025 and 2026-05-26. Detection concepts in § 1. Reference: CrowdStrike.
  • Reconcile local SSLVPN account directories against AD source-of-truth; enforce MFA on every SSLVPN account regardless of directory. SANS ISC's Akira walkthrough (see § 3) confirms deprovisioned-in-AD-but-retained-in-firewall accounts as the primary initial-access pathway for this class. Alert on >50 failed SSLVPN authentications from a single source per hour; set Windows Security log size ≥ 1 GB on every host so EID 4688 discovery-phase evidence does not roll off before incident response arrives.
  • Defenders running large hypervisor estates — separate the recovery plane from the production identity boundary. The MOIS / Ababil-of-Minab LACMTA pattern (see § 1) explicitly targets backup and VM-lifecycle APIs for destruction in parallel with exfiltration. Treat backup-orchestration admin access as a separate identity boundary with MFA on backup-job execution and a tested air-gapped restore path that does not depend on the same identity provider as production.

Migrated from briefs/2026-05-28.md (v2).

← Operations dashboard · day page 2026-05-28 · run-record contract: docs/pipeline.md