ctipilot.ch

2026-06-01-7f55e064

One pipeline fire, in full · intel run of 2026-06-01 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-06-01/2026-06-01-7f55e064.md.

Run telemetry

2026-06-01-7f55e064 intel prompt v2.60
23m 19s duration 4 published 0 updates
Claude Opus 4.8 (claude-opus-4-8) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
3
Duration
8m 31s
Tool calls
20 WebFetch10 WebSearch15 bridge
Cited sources
0 of 8 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
2
Duration
11m 30s
Tool calls
14 WebFetch22 WebSearch12 bridge
Cited sources
2 of 10 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
7m 52s
Tool calls
18 WebFetch5 WebSearch14 bridge
Cited sources
3 of 10 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
1
Duration
8m 09s
Tool calls
14 WebFetch18 WebSearch12 bridge
Cited sources
2 of 9 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.8 · t=4 e=0 a=2 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=3 e=0 a=3 #3 CLEAN · Claude Opus 4.8 · t=0 e=0 a=1

Deep dive

2026-06-01/italy-s-low-cost-commercial-spyware-economy-accessibility-ap

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
databreaches-nethttps://databreaches.net/bridge:urlbridge:waybackwebsearch0 transport-403
no usable Wayback snapshot >=5000 bytes in 180 days (24B stub); upstream 403
WebSearch fallback; no in-window items found
inside-it-chhttps://www.inside-it.ch/bridge:urlbridge:wayback403 transport-403
upstream HTTP 403; no usable Wayback snapshot (24B placeholder)
none — no in-window content recoverable
sophos-xopshttps://news.sophos.com/feed/bridge:url0
priority feed and alternate returned no output; prior 503
none — no in-window items confirmed

Bridge invocations (this run)

7 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).

6 ok1 item not found
  • bridge:url ×2
  • bridge:sec-edgar ×1
  • bridge:ico-uk ×1
  • bridge:ncsc-nl.csaf ×1
  • bridge:bsi-rss ×1
  • bridge:wayback ×1

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 6 findings (truth=4, editorial=0, advisory=2) · Claude Opus 4.8 · 2m 46s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
tldr-and-active-threatsnpm dependency-confusion — Microsoft package count
Microsoft (33 packages ...)
Microsoft body documents 45 packages (26+7+12), not 33 (stale slug/headline)TL;DR -> 45; body notes post titled for initial 33, body enumerates 45 across two waves fixed-clean
F3
claim-not-supported
active-threatsnpm — removal timing
All 33 packages were removed within hours
Microsoft source gives no removal timing; 'within hours' unsupportedreworded to 'offending repositories and accounts were taken down' (no timing) fixed-clean
F3
claim-not-supported
deep-diveItaly spyware — export controls
export controls are largely unenforced
EDRi does not say export controls unenforced; says internal-market rules let vendors operate freelyreworded to 'EU internal-market rules let these vendors operate across member states with little friction'; added EDRi EU-wide-ban call fixed-clean
F4
hallucinated-fact
deep-diveItaly spyware — 16 June 2026 EP debate
European Parliament scheduled to debate ... 16 June 2026 ... Commission of Inquiry ... proportionality rules
None of date/Commission-of-Inquiry/proportionality appear on cited EDRi page; likely 2025 event mis-datedremoved the sentence entirely; replaced with EDRi's actual EU-wide-ban call (cited) fixed-clean
F11
editorial-advisory
researchSmartApeSG — T1219 label
T1219 Remote Access Software
MITRE renamed T1219 to 'Remote Access Tools'relabelled to 'Remote Access Tools' fixed-clean
F11
editorial-advisory
active-threatsPostHog — Risky Biz negative attribution
has not disclosed the vector ... ([Risky Biz News])
Absence facts attributed to a silent source; citation placement implies affirmative reportingmoved Risky Biz cite to the corroboration it supports; non-disclosure stated as plain observation fixed-clean

Iteration #2 NEEDS_FIXES · 6 findings (truth=3, editorial=0, advisory=3) · Claude Sonnet 4.6 · 4m 09s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
deep-diveSpyrtacus/SIO attribution cites Morpheus URL
Spyrtacus is actively developed by SIO S.p.A. (cites Morpheus page)
Morpheus page does not mention SIO/Spyrtacus; correct source is the separate Spyrtacus analysissplit the citation; Spyrtacus claim now cites the Spyrtacus URL + added DexGuard/InMemoryDexClassLoader detail; added Spyrtacus URL to footer fixed-clean
F4
hallucinated-fact
tldrTL;DR generalises Morpheus-only techniques to both tools
Morpheus and Spyrtacus abuse the Android Accessibility API, overlay permissions and ADB
Accessibility/overlay/ADB are Morpheus-only; Spyrtacus uses DexGuard/InMemoryDexClassLoaderTL;DR reworded: Accessibility/overlay/ADB attributed to Morpheus; Spyrtacus noted as DexGuard-based fixed-clean
F4
hallucinated-fact
deep-diveAISE/AISI named without citation
Italian intelligence contract (AISE/AISI) was terminated
No cited source names AISE/AISIchanged to 'contract with Italian intelligence agencies' fixed-clean
F11
editorial-advisory
active-threatsnpm stager size only ~13 KB
~13 KB
MS gives ~7 KB (28 May) and ~13 KB (29 May)reworded to '~7-13 KB across the two waves' fixed-clean
F11
editorial-advisory
active-threatsPostHog 'immediately rotated' imprecision
immediately rotated all AWS credentials
rotation at 01:18, 15 min after 01:03 disclosurereworded to 'rotated all AWS credentials within ~15 minutes' fixed-clean
F11
editorial-advisory
deep-diveSpyrtacus technical depth thin
Spyrtacus is actively developed by SIO S.p.A.
Spyrtacus analysis has DexGuard/InMemoryDexClassLoader depth not reflectedadded DexGuard + InMemoryDexClassLoader detail with correct citation fixed-clean

Iteration #3 CLEAN · 1 finding (truth=0, editorial=0, advisory=1) · Claude Opus 4.8 · 2m 04s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F11
editorial-advisory
deep-diveSpyrtacus citation date 2026-04-01 vs page-reported 9 April 2026
[Osservatorio Nessuno — Spyrtacus, 2026-04-01]
page reports 9 April 2026; slug carries no day; substantive claims fully supportedcorrected inline citation date to 2026-04-09 per verifier direct read fixed-clean

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-06-01-7f55e064 · Claude Opus 4.8 · 4 entries published

Items dropped (with reason):

  • PAN-OS GlobalProtect CVE-2026-0257 (proposed § 4 UPDATE — S1, S2): topic was the 2026-05-30 deep dive; proposed delta (Rapid7 ETR 2026-05-29; NCSC-NL advisory NCSC-2026-0172, 2026-05-30T10:52Z forecasting increased exploitation; an unverified GreyNoise webshell-via-secondary-zero-day claim) adds no material new development under PD-8 — no new actor, victim, CVE-in-chain, fresh patch, or law-enforcement action. Primary sources are out of the 36 h window. KEV-deadline framing excluded per PD-13 (US FCEB compliance date, not a threat fact).
  • Oracle May 2026 Critical Patch Update — E-Business Suite (CVE-2026-46817, -46818, -46819, -46820, -46821) (S1): out-of-window (Oracle CPU 2026-05-20; NCSC-NL advisory NCSC-2026-0170, 2026-05-29) and clears no § 2 inclusion gate — not CISA KEV, no ENISA-EUVD exploited=true, no public PoC, no observed in-the-wild exploitation at publication. Noted for operator awareness: three of the 12 EBS patches are unauthenticated/network-vector and Oracle Public Sector Financials International (12.2.3–12.2.15) is an affected product — CH/EU public-sector finance operators should apply the May 2026 CPU regardless of its absence from § 2.
  • Zimbra Collaboration Suite — BSI WID-SEC-2026-1735 (S1): single-source, out-of-window (2026-05-29), low-severity classes (XSS / information disclosure / security bypass), no exploitation; CVE identifiers could not be confirmed (BSI CSAF carried no numeric CVE fields and WebSearch surfaced unverified numbers) — excluded rather than cite unverified CVEs.
  • Tycoon 2FA AiTM — Elastic Security Labs (S3): out-of-window (2026-05-26) and the topic was already the 2026-05-27 deep dive (identity-infra).
  • Red Canary Intelligence Insights May 2026 (S3): out-of-window monthly retrospective (2026-05-26); the ACR Stealer fake-Claude-Code lure component was already covered 2026-05-26.

Single-source items: SmartApeSG → NetSupport (§ 3) — SANS ISC handler diary (HIGH-reliability source, single-day forensic observation, no independent in-window corroboration of the identical chain); flagged inline.

Recency / reduced-confidence posture: The Italy commercial-spyware deep dive (§ 5) is retained under the PD-7 deep-dive analysis exception. Its in-window news hook (heise.de, 2026-05-31) was TollBit-gated (HTTP 402, body unavailable) and is therefore not cited; the deep dive rests on the EDRi investigation (2026-05-28) and Osservatorio Nessuno technical analyses (April 2026), all fetched this run. The npm campaigns (Microsoft, 2026-05-30) and the PostHog incident (2026-05-30) sit at the window edge and are retained as fresh, distinct developments.

Contradictions: none surfaced this run.

Sub-agents: all four returned within the 30 min cap (S1 511 s, S2 690 s, S3 472 s, S4 489 s); all ran Claude Sonnet 4.6.

Note on databreaches-net: rotation-priority source failed for a 5th consecutive run (HTTP 403, no usable Wayback snapshot). Per the source-lifecycle rule sustained 403 is transport blocking and does not demote; left active, carried forward below. Candidate for an alternate-URL strategy or replacement next run.

Coverage gaps: inside-it-ch (HTTP 403, no Wayback — 3rd consecutive failure); heise-sec (TollBit HTTP 402, article bodies gated); databreaches-net (HTTP 403, no Wayback — 5th consecutive failure); sophos-xops (feed silent / prior 503, rotation-priority unrecovered); dragos (SPA, no RSS / no in-window OT-ICS items); recordedfuture-insikt (feed returned no output); volexity (feed returned no output); sekoia (reached, last post 2026-04-23, no in-window items); cert-fr-actu, anssi-fr (feeds stale, no in-window advisories); cert-eu (no new advisory since 2026-006, 2026-05-06); sec-edgar (reached, 0 Item 1.05 cyber filings in window); ico-uk, cnil-fr, edpb (reached, no in-window enforcement actions).

Unmatched action items (migrated)

  • Scope-lock .npmrc and disable install scripts in CI/CD to close the dependency-confusion vector in § 1: route every internal @scope to the private registry explicitly, run npm install --ignore-scripts in pipelines, and grep lockfiles for implausible inflated versions (100.100.100, 99.99.99) on internal package names. Rotate any secrets exposed in the environment of a developer host or build agent that may have installed from the flagged aliases.
  • Review the IAM scope granted to PostHog's hosted infrastructure if you use its EU/US Cloud (§ 1): audit cross-account trust relationships to PostHog's AWS account and watch CloudTrail for unexpected key usage; self-hosters should confirm the ingestion endpoint is not unauthenticated-internet-reachable. The vector is undisclosed, so treat the integration boundary as your control point.
  • Add Accessibility/overlay/ADB governance to Android MDM (§ 5): alert on Accessibility-Service grants and SYSTEM_ALERT_WINDOW overlays from non-approved APKs, treat MTD-agent termination shortly after an APK install as high-confidence, disable ADB-over-network, and enforce Android Enterprise Fully Managed mode where the fleet handles sensitive material.
  • Hunt the browser→script ClickFix pattern (§ 3): alert on browser processes spawning wscript.exe/mshta.exe/cmd.exe, short-lived .vbs/.bat creates in C:\ProgramData\, and NetSupport persistence pointing at non-standard install paths.
  • Otherwise, monitor. No item in this run met the emergency-action bar; the actions above are change-window hardening, not page-the-on-call work.

Migrated from briefs/2026-06-01.md (v2).

← Operations dashboard · day page 2026-06-01 · run-record contract: docs/pipeline.md