ctipilot.ch

2026-05-30-aca445cc

One pipeline fire, in full · intel run of 2026-05-30 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-30/2026-05-30-aca445cc.md.

Run telemetry

2026-05-30-aca445cc intel prompt v2.60
26m 27s duration 14 published 1 updates
Claude Sonnet 4.6 (claude-sonnet-4-6) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
5
Duration
8m 38s
Tool calls
8 WebFetch18 WebSearch9 bridge
Cited sources
5 of 5 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
5
Duration
8m 04s
Tool calls
14 WebFetch10 WebSearch9 bridge
Cited sources
6 of 6 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
8
Duration
10m 14s
Tool calls
12 WebFetch8 WebSearch10 bridge
Cited sources
8 of 7 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
12m 02s
Tool calls
18 WebFetch16 WebSearch11 bridge
Cited sources
4 of 6 in slice

Verification

#? NEEDS_FIXES · Claude Opus 4.8 · t=0 e=0 a=0 #? NEEDS_FIXES · Claude Sonnet 4.6 · t=0 e=0 a=0 #? NEEDS_FIXES · Claude Opus 4.8 · t=0 e=0 a=0 #? NEEDS_FIXES · Claude Sonnet 4.6 · t=0 e=0 a=0 #? NEEDS_FIXES · Claude Opus 4.8 · t=0 e=0 a=0

Deep dive

2026-05-30/cve-2026-0257-pan-os-globalprotect-pre-auth-vpn-authenticati

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
inside-it-chhttps://www.inside-it.ch/webfetchbridge:url403 transport-403
Cloudflare Managed Challenge HTTP 403
none
sophos-xopshttps://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242bridge:feedbridge:feed(alternate)503 transport-5xx
upstream HTTP 503
none
databreaches-nethttps://www.databreaches.net/webfetchbridge:url403 transport-403
HTTP 403 persistent (run 5+ consecutive); bridge:url also returned 403
none

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #? NEEDS_FIXES · 5 findings (truth=0, editorial=0, advisory=0) · Claude Opus 4.8 · 4m 36s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
active-threatsLLMShare malvertising campaign (§ 1)
Neither cited source (Push Security, BleepingComputer) names the LLMShare Windows payload 'Beagle'. BleepingComputer confirms 'Beagle' appears only in a related-article link about a different campaign
F4
hallucinated-fact
active-threatsGhost Stadium PhaaS (§ 1)
2026 FIFA World Cup final is 19 July 2026; brief said 'July 14 final'. July 14 is the Nightmare Eclipse Patch-Tuesday date. Fixed: 'July 19 final'.
F3
claim-not-supported
prior-coverage-updateUPDATE: Nightmare Eclipse (§ 4)
MSRC CVE-2026-45585 link was attached to the MiniPlasma/cldflt.sys claim; CVE-2026-45585 is YellowKey (BitLocker bypass), not MiniPlasma (no CVE). Fixed: removed the misanchored MSRC link from MiniPla
F11
editorial-advisory
trending-vulnerabilitiesCVE-2026-48710 BadHost (§ 2)
CWE-444 not in any cited source; X41 D-Sec primary uses CWE-436. Fixed: changed to CWE-436.
F11
ioc-violation
immediate-action-callout / trending-vulnerabilities / deep-diveCVE-2026-0257 PAN-OS GlobalProtect (§ 0 callout, § 2, § 5)
HARD-RULE VIOLATION: literal attacker MAC address appeared 3x including inside a detection rule; defanged attacker domain openew[.]app in §1. Both violate CLAUDE.md no-IOC invariant. Fixed: MAC rephra

Iteration #? NEEDS_FIXES · 1 finding (truth=0, editorial=0, advisory=0) · Claude Sonnet 4.6 · 5m 14s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
active-threatsCNIL IQVIA €5M fine (§ 1)
GDPR Art. 21 (right to object) cited for control failure (1) but does not appear in either cited source (CNIL primary or PPC.land). The actual violation (1) is operating outside the CNIL authorization

Iteration #? NEEDS_FIXES · 2 findings (truth=0, editorial=0, advisory=0) · Claude Opus 4.8 · 3m 25s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
researchESET APT Activity Report §3 (TL;DR + body)
Implant name 'PhiliKit' attributed to UNC5221's SPAWN toolset appears in neither ESET primary nor Infosecurity secondary. ESET primary says only 'a new implant we assess to be part of UNC5221's SPAWN
F4
hallucinated-fact
trending-vulnerabilities / deep-diveCVE-2026-0257 MAC descriptor (§2 body, §5 detection)
After iter-1 IOC scrub, replacement text 'all-zeroes-pattern' / 'all-zero' mischaracterises the actual MAC (aa:bb:cc:dd:ee:ff is a repeating-hex pattern, not all-zeros). §5 line 122 already had the co

Iteration #? NEEDS_FIXES · 1 finding (truth=0, editorial=0, advisory=0) · Claude Sonnet 4.6 · 6m 05s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
researchChatGPhish §3 — OpenAI bug report response
Brief said OpenAI marked the report 'as a duplicate'; Permiso primary says responses were 'Not Reproducible' then 'Not Applicable' — no 'duplicate' language. Fixed: 'then as not applicable, without re

Iteration #? NEEDS_FIXES cap-breach · 1 finding (truth=0, editorial=0, advisory=0) · Claude Opus 4.8 · 2m 09s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F14
quantifier-without-source
active-threatsGhost Stadium PhaaS §1 (TL;DR + heading + body)
'11 languages' figure not in IC3 PSA260527 or BleepingComputer. Likely from Group-IB source not cited. Fixed at cap: softened to 'multiple languages' / 'multi-language'.

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-30-aca445cc · Claude Sonnet 4.6 · 14 entries published

Items dropped:

  • Dutch Asocks botnet takedown (S3) — duplicate; covered in brief 2026-05-29 as item:dutch-police-ncsc-dismantle-asocks-residential-proxy-botnet.
  • Silent Ransom Group / Luna Moth in-person IT impersonation (S3, S4) — duplicate; covered in brief 2026-05-28 as item:fbi-flash-csa-260526-silent-ransom-group-sends-operatives-ph.
  • Akira ransomware claims GS Yuasa Lithium Power (S4) — dropped; single source (ransomware.live aggregator only), no victim disclosure, no HIGH-reliability journalistic corroboration. Per fake-news guard rule, dark-web listing claims require victim disclosure or HIGH-reliability journalism. Logged: Akira/GS Yuasa Lithium Power — single-source leak-site claim, no confirmation.
  • Pay Tel Azure misconfiguration exposure (S4) — dropped; US-only incident, minimal operational relevance for CH/EU public-sector SOC; no regulatory action in window.
  • CVE-2026-8992 from § 2 — dropped from trending vulnerabilities; does not clear any § 2 gate (no CISA KEV, no ENISA EUVD exploited=true, no vendor-confirmed ITW, local LPE only). Covered in § 4 UPDATE as NCSC.ch advisory delta.
  • CVE-2026-39987 — not listed in § 2; no CISA KEV, no vendor advisory confirming exploitation (observation by Sysdig only), Marimo is not sufficiently widely-deployed to trigger the pre-auth-RCE gate. Covered in § 3 research context.

Single-source items:

  • ENISA NIS360 2026 (§ 3) — ENISA is the primary disclosing authority for its own report; national-CERT carve-out applies. PD-5 satisfied.
  • CNIL IQVIA €5M fine (§ 1) — CNIL is the primary regulator; single-source acceptable under national-CERT carve-out. PD-5 satisfied.
  • Red Canary Entra Agent ID primer (§ 3) — marked [SINGLE-SOURCE] in body; Red Canary is a HIGH-reliability research publisher; no threat-actor involvement (detection-engineering article).
  • Ivanti SAC CVE-2026-8992 UPDATE (§ 4) — NCSC Switzerland updated advisory; NCSC.ch is primary disclosing authority for CH-jurisdiction advisories; carve-out applies.

Recency notes:

  • Sysdig TRT Marimo intrusion primary source dated 2026-05-26 (52 hours before window start at ~2026-05-28 16:00 UTC); included on the basis of in-window THN amplification (2026-05-29) and operational novelty (first observed LLM-agent-driven intrusion). Flagged per PD-7 recency re-check.

Sub-agent telemetry:

  • S1: Claude Sonnet 4.6, 518s, 5 items
  • S2: Claude Sonnet 4.6, 484s, 5 items
  • S3: Claude Sonnet 4.6, 614s, 8 items (2 deduped)
  • S4: Claude Sonnet 4.6, ended_at=04:24:35Z vs started_at=04:12:33Z → 722s actual wall-clock; YAML duration_seconds=3927 is a sub-agent computation error — actual run time 12 min, within cap

Coverage gaps: inside-it-ch (Cloudflare 403 ×3); ncsc-ch-security-hub (bridged, no new in-window items beyond covered advisories); sophos-xops (HTTP 503 ×2 on both feed URLs, no fallback content); databreaches-net (persistent 403 ×5 runs); cert-fr-avis (no in-window advisory); cert-eu (no in-window advisory); sec-edgar-8k (0 hits in window); edpb (no in-window notices); ico-uk (no in-window enforcement in window).

Verification: Phase 5.7 complete — 5 iterations (cap reached). All findings remediated. Iter 1 (Opus): NEEDS_FIXES (truth: 2, advisory: 3) — IOC hard-rule violations (MAC + defanged domain), "Beagle" cross-campaign name, World Cup date, MSRC misanchor, CWE-444. Iter 2 (Sonnet): NEEDS_FIXES (truth: 1) — GDPR Art. 21 not in CNIL source; correct framing is Art. 66 French DPA scope violation. Iter 3 (Opus): NEEDS_FIXES (truth: 2, advisory: 4) — unsourced implant name removed; MAC descriptor corrected. Iter 4 (Sonnet): NEEDS_FIXES (truth: 1) — ChatGPhish "as a duplicate" → "as not applicable" per Permiso primary. Iter 5 (Opus, cap): NEEDS_FIXES (truth: 1) — "11 languages" quantifier unsourced; softened to "multiple languages". Final state: CLEAN_AFTER_REMEDIATION. verification_residual_count: 0.

Unmatched action items (migrated)

  • Audit Entra Agent ID app roles before deploying AI agents in M365 — Establish a baseline of which agent identities hold AgentIdentityBlueprint.AddRemoveCreds.All; alert on credential additions to blueprints by any non-provisioning identity (AuditLogs: "Update application – Certificates and secrets management"). Review agent-identity API scopes as part of your AI-workload onboarding process. Reference: Red Canary.
  • Hunt for VS Code Remote Tunnel (code --tunnel) and Cloudflare Quick Tunnel (cloudflared.exe) on managed endpoints — Kimsuky and other actors are using these legitimate services to establish persistent C2 without fixable IP/domain blocks. Alert on VS Code CLI with --tunnel argument from non-developer endpoint profiles; alert on cloudflared.exe not in the approved software baseline. Reference: The Hacker News.
  • Update Marimo notebook to ≥ 0.23.0 and restrict internet-accessible notebook deployments — CVE-2026-39987 pre-auth RCE was exploited by an LLM-agent-driven actor to pivot to database exfiltration in under one hour. Also audit AWS CloudTrail for Secrets Manager GetSecretValue calls from notebook or unfamiliar IP space. Reference: Sysdig TRT.

Migrated from briefs/2026-05-30.md (v2).

← Operations dashboard · day page 2026-05-30 · run-record contract: docs/pipeline.md