2026-05-30-aca445cc
One pipeline fire, in full · intel run of 2026-05-30 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-30/2026-05-30-aca445cc.md.
Run telemetry
- Items returned
- 5
- Duration
- 8m 38s
- Tool calls
- 8 WebFetch18 WebSearch9 bridge
- Cited sources
- 5 of 5 in slice
- Items returned
- 5
- Duration
- 8m 04s
- Tool calls
- 14 WebFetch10 WebSearch9 bridge
- Cited sources
- 6 of 6 in slice
- Items returned
- 8
- Duration
- 10m 14s
- Tool calls
- 12 WebFetch8 WebSearch10 bridge
- Cited sources
- 8 of 7 in slice
- Items returned
- 4
- Duration
- 12m 02s
- Tool calls
- 18 WebFetch16 WebSearch11 bridge
- Cited sources
- 4 of 6 in slice
Verification
Deep dive
2026-05-30/cve-2026-0257-pan-os-globalprotect-pre-auth-vpn-authenticati
Entries published (this run)
- CNIL fines IQVIA Operations France €5M for health data warehouse security failures: no MFA, no log monitoring, no network segmentation incident notable
- Ghost Stadium PhaaS — 300+ FIFA domain clones, multi-language fake SSO, targeting UK/Germany/Portugal/Spain fan credentials before June 11 kickoff threat high
- GREYVIBE — newly documented Russia-nexus cluster deploys five parallel attack chains against Ukraine with AI-generated lures and two PowerShell RATs threat notable
- LLMShare malvertising campaign: attackers embed fake outage pages in ChatGPT share links and serve infostealer downloads via Google Ads threat notable
- CVE-2026-0257 — Palo Alto PAN-OS GlobalProtect: Pre-Auth Authentication Bypass via Certificate Reuse vulnerability critical
- CVE-2026-48710 "BadHost" — Starlette (FastAPI / vLLM / LiteLLM / MCP SDK): Pre-Auth Auth Bypass via Malformed Host Header vulnerability high
- ESET APT Activity Report Q4 2025–Q1 2026: Sandworm strikes NATO energy, Lazarus targets EU drone sector, UNC5221 pivots to Ivanti SPAWN toolset annual-report high
- Kimsuky (Velvet Chollima) deploys HTTPSpy RAT and Rust-based HelloDoor via VS Code Remote Tunnel and Cloudflare Quick Tunnel C2 research notable
- Sysdig TRT: first observed LLM-agent-driven post-exploitation — CVE-2026-39987 Marimo notebook RCE to database exfiltration in 4 pivots under one hour research notable
- ChatGPhish: Permiso Security documents ChatGPT Markdown renderer trusting third-party image URLs and links — used for IP exfiltration and phishing via legitimate chatgpt.com research notable
- Red Canary: detecting Entra Agent ID privilege escalation — credential injection into agent blueprints enables lateral movement across the entire tenant research notable
- Nightmare Eclipse / Chaotic Eclipse — Microsoft's Digital Crimes Unit threatens criminal action; GreenPlasma and MiniPlasma (cldflt.sys SYSTEM escalation) remain unpatched; researcher announces July 14 drop vulnerability notable
- Ivanti Secure Access Client — NCSC.ch adds CVE-2026-8992 (local privilege escalation, CVSS 7.8) to May advisory vulnerability notable update
- CVE-2026-0257: PAN-OS GlobalProtect Pre-Auth VPN Authentication Bypass vulnerability notable
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
No source-list edits recorded for this run.
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
| Source (uncovered) | URL tried | Method chain | Status / class | What the agent did instead |
|---|---|---|---|---|
| inside-it-ch | https://www.inside-it.ch/ | webfetch → bridge:url | 403 transport-403 Cloudflare Managed Challenge HTTP 403 | none |
| sophos-xops | https://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242 | bridge:feed → bridge:feed(alternate) | 503 transport-5xx upstream HTTP 503 | none |
| databreaches-net | https://www.databreaches.net/ | webfetch → bridge:url | 403 transport-403 HTTP 403 persistent (run 5+ consecutive); bridge:url also returned 403 | none |
Verification findings · all iterations
Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.
Iteration #? NEEDS_FIXES · 5 findings (truth=0, editorial=0, advisory=0) · Claude Opus 4.8 · 4m 36s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | active-threats | LLMShare malvertising campaign (§ 1) | Neither cited source (Push Security, BleepingComputer) names the LLMShare Windows payload 'Beagle'. BleepingComputer confirms 'Beagle' appears only in a related-article link about a different campaign | — |
| F4 hallucinated-fact | active-threats | Ghost Stadium PhaaS (§ 1) | 2026 FIFA World Cup final is 19 July 2026; brief said 'July 14 final'. July 14 is the Nightmare Eclipse Patch-Tuesday date. Fixed: 'July 19 final'. | — |
| F3 claim-not-supported | prior-coverage-update | UPDATE: Nightmare Eclipse (§ 4) | MSRC CVE-2026-45585 link was attached to the MiniPlasma/cldflt.sys claim; CVE-2026-45585 is YellowKey (BitLocker bypass), not MiniPlasma (no CVE). Fixed: removed the misanchored MSRC link from MiniPla | — |
| F11 editorial-advisory | trending-vulnerabilities | CVE-2026-48710 BadHost (§ 2) | CWE-444 not in any cited source; X41 D-Sec primary uses CWE-436. Fixed: changed to CWE-436. | — |
| F11 ioc-violation | immediate-action-callout / trending-vulnerabilities / deep-dive | CVE-2026-0257 PAN-OS GlobalProtect (§ 0 callout, § 2, § 5) | HARD-RULE VIOLATION: literal attacker MAC address appeared 3x including inside a detection rule; defanged attacker domain openew[.]app in §1. Both violate CLAUDE.md no-IOC invariant. Fixed: MAC rephra | — |
Iteration #? NEEDS_FIXES · 1 finding (truth=0, editorial=0, advisory=0) · Claude Sonnet 4.6 · 5m 14s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | active-threats | CNIL IQVIA €5M fine (§ 1) | GDPR Art. 21 (right to object) cited for control failure (1) but does not appear in either cited source (CNIL primary or PPC.land). The actual violation (1) is operating outside the CNIL authorization | — |
Iteration #? NEEDS_FIXES · 2 findings (truth=0, editorial=0, advisory=0) · Claude Opus 4.8 · 3m 25s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | research | ESET APT Activity Report §3 (TL;DR + body) | Implant name 'PhiliKit' attributed to UNC5221's SPAWN toolset appears in neither ESET primary nor Infosecurity secondary. ESET primary says only 'a new implant we assess to be part of UNC5221's SPAWN | — |
| F4 hallucinated-fact | trending-vulnerabilities / deep-dive | CVE-2026-0257 MAC descriptor (§2 body, §5 detection) | After iter-1 IOC scrub, replacement text 'all-zeroes-pattern' / 'all-zero' mischaracterises the actual MAC (aa:bb:cc:dd:ee:ff is a repeating-hex pattern, not all-zeros). §5 line 122 already had the co | — |
Iteration #? NEEDS_FIXES · 1 finding (truth=0, editorial=0, advisory=0) · Claude Sonnet 4.6 · 6m 05s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | research | ChatGPhish §3 — OpenAI bug report response | Brief said OpenAI marked the report 'as a duplicate'; Permiso primary says responses were 'Not Reproducible' then 'Not Applicable' — no 'duplicate' language. Fixed: 'then as not applicable, without re | — |
Iteration #? NEEDS_FIXES cap-breach · 1 finding (truth=0, editorial=0, advisory=0) · Claude Opus 4.8 · 2m 09s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F14 quantifier-without-source | active-threats | Ghost Stadium PhaaS §1 (TL;DR + heading + body) | '11 languages' figure not in IC3 PSA260527 or BleepingComputer. Likely from Group-IB source not cited. Fixed at cap: softened to 'multiple languages' / 'multi-language'. | — |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-05-30-aca445cc · Claude Sonnet 4.6 · 14 entries published
Items dropped:
- Dutch Asocks botnet takedown (S3) — duplicate; covered in brief 2026-05-29 as
item:dutch-police-ncsc-dismantle-asocks-residential-proxy-botnet. - Silent Ransom Group / Luna Moth in-person IT impersonation (S3, S4) — duplicate; covered in brief 2026-05-28 as
item:fbi-flash-csa-260526-silent-ransom-group-sends-operatives-ph. - Akira ransomware claims GS Yuasa Lithium Power (S4) — dropped; single source (ransomware.live aggregator only), no victim disclosure, no HIGH-reliability journalistic corroboration. Per fake-news guard rule, dark-web listing claims require victim disclosure or HIGH-reliability journalism. Logged:
Akira/GS Yuasa Lithium Power — single-source leak-site claim, no confirmation. - Pay Tel Azure misconfiguration exposure (S4) — dropped; US-only incident, minimal operational relevance for CH/EU public-sector SOC; no regulatory action in window.
- CVE-2026-8992 from § 2 — dropped from trending vulnerabilities; does not clear any § 2 gate (no CISA KEV, no ENISA EUVD exploited=true, no vendor-confirmed ITW, local LPE only). Covered in § 4 UPDATE as NCSC.ch advisory delta.
- CVE-2026-39987 — not listed in § 2; no CISA KEV, no vendor advisory confirming exploitation (observation by Sysdig only), Marimo is not sufficiently widely-deployed to trigger the pre-auth-RCE gate. Covered in § 3 research context.
Single-source items:
- ENISA NIS360 2026 (§ 3) — ENISA is the primary disclosing authority for its own report; national-CERT carve-out applies. PD-5 satisfied.
- CNIL IQVIA €5M fine (§ 1) — CNIL is the primary regulator; single-source acceptable under national-CERT carve-out. PD-5 satisfied.
- Red Canary Entra Agent ID primer (§ 3) — marked
[SINGLE-SOURCE]in body; Red Canary is a HIGH-reliability research publisher; no threat-actor involvement (detection-engineering article). - Ivanti SAC CVE-2026-8992 UPDATE (§ 4) — NCSC Switzerland updated advisory; NCSC.ch is primary disclosing authority for CH-jurisdiction advisories; carve-out applies.
Recency notes:
- Sysdig TRT Marimo intrusion primary source dated 2026-05-26 (52 hours before window start at ~2026-05-28 16:00 UTC); included on the basis of in-window THN amplification (2026-05-29) and operational novelty (first observed LLM-agent-driven intrusion). Flagged per PD-7 recency re-check.
Sub-agent telemetry:
- S1: Claude Sonnet 4.6, 518s, 5 items
- S2: Claude Sonnet 4.6, 484s, 5 items
- S3: Claude Sonnet 4.6, 614s, 8 items (2 deduped)
- S4: Claude Sonnet 4.6, ended_at=04:24:35Z vs started_at=04:12:33Z → 722s actual wall-clock; YAML duration_seconds=3927 is a sub-agent computation error — actual run time 12 min, within cap
Coverage gaps: inside-it-ch (Cloudflare 403 ×3); ncsc-ch-security-hub (bridged, no new in-window items beyond covered advisories); sophos-xops (HTTP 503 ×2 on both feed URLs, no fallback content); databreaches-net (persistent 403 ×5 runs); cert-fr-avis (no in-window advisory); cert-eu (no in-window advisory); sec-edgar-8k (0 hits in window); edpb (no in-window notices); ico-uk (no in-window enforcement in window).
Verification: Phase 5.7 complete — 5 iterations (cap reached). All findings remediated. Iter 1 (Opus): NEEDS_FIXES (truth: 2, advisory: 3) — IOC hard-rule violations (MAC + defanged domain), "Beagle" cross-campaign name, World Cup date, MSRC misanchor, CWE-444. Iter 2 (Sonnet): NEEDS_FIXES (truth: 1) — GDPR Art. 21 not in CNIL source; correct framing is Art. 66 French DPA scope violation. Iter 3 (Opus): NEEDS_FIXES (truth: 2, advisory: 4) — unsourced implant name removed; MAC descriptor corrected. Iter 4 (Sonnet): NEEDS_FIXES (truth: 1) — ChatGPhish "as a duplicate" → "as not applicable" per Permiso primary. Iter 5 (Opus, cap): NEEDS_FIXES (truth: 1) — "11 languages" quantifier unsourced; softened to "multiple languages". Final state: CLEAN_AFTER_REMEDIATION. verification_residual_count: 0.
Unmatched action items (migrated)
- Audit Entra Agent ID app roles before deploying AI agents in M365 — Establish a baseline of which agent identities hold
AgentIdentityBlueprint.AddRemoveCreds.All; alert on credential additions to blueprints by any non-provisioning identity (AuditLogs: "Update application – Certificates and secrets management"). Review agent-identity API scopes as part of your AI-workload onboarding process. Reference: Red Canary. - Hunt for VS Code Remote Tunnel (
code --tunnel) and Cloudflare Quick Tunnel (cloudflared.exe) on managed endpoints — Kimsuky and other actors are using these legitimate services to establish persistent C2 without fixable IP/domain blocks. Alert on VS Code CLI with--tunnelargument from non-developer endpoint profiles; alert oncloudflared.exenot in the approved software baseline. Reference: The Hacker News. - Update Marimo notebook to ≥ 0.23.0 and restrict internet-accessible notebook deployments — CVE-2026-39987 pre-auth RCE was exploited by an LLM-agent-driven actor to pivot to database exfiltration in under one hour. Also audit AWS CloudTrail for Secrets Manager
GetSecretValuecalls from notebook or unfamiliar IP space. Reference: Sysdig TRT.
Migrated from briefs/2026-05-30.md (v2).
← Operations dashboard · day page 2026-05-30 · run-record contract: docs/pipeline.md