ctipilot.ch

2026-06-25-da7fbd23

One pipeline fire, in full · intel run of 2026-06-25 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-06-25/2026-06-25-da7fbd23.md.

Run telemetry

2026-06-25-da7fbd23 intel prompt v2.64
19m 44s duration 7 published 1 updates
Claude Opus 4.8 (claude-opus-4-8[1m]) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
9
Duration
11m 09s
Tool calls
12 WebFetch14 WebSearch18 bridge
Cited sources
5 of 13 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
8m 17s
Tool calls
9 WebFetch13 WebSearch8 bridge
Cited sources
4 of 9 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
5
Duration
6m 58s
Tool calls
16 WebFetch6 WebSearch6 bridge
Cited sources
8 of 13 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
3
Duration
9m 21s
Tool calls
10 WebFetch10 WebSearch9 bridge
Cited sources
4 of 9 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.8 (1M context) · t=6 e=1 a=1 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=1 a=1 #3 CLEAN · Claude Opus 4.8 (1M context) · t=0 e=0 a=2

2 entries dropped by verification this run (recorded in the verification & coverage notes).

Deep dive

2026-06-25/edgecution-abusing-the-chrome-edge-native-messaging-api-as-a

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
databreaches-nethttps://databreaches.net/bridge:urlwebsearch403 transport-403
HTTP 403 on bridge fetch (third consecutive run)
WebSearch fallback; no in-window qualifying disclosures not already covered by primary sources

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 8 findings (truth=6, editorial=1, advisory=1) · Claude Opus 4.8 · 3m 50s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
active-threatsArista EOS tunnel-decapsulation — 'no CVE published'
CVE-2026-7473 named by both sources; repo covered it 2026-06-10
'no CVE published' is false; CVE-2026-7473 is KEV-listedReframed as § 4 UPDATE naming CVE-2026-7473 (CVSS 6.9), KEV/exploited retained, new no-patch-for-4.x delta surfaced fixed-clean
F3
claim-not-supported
verification-notesArista exploitation reduced-confidence hedge
KEV added 2026-06-09
exploitation is KEV-confirmed; remove hedgeRemoved the reduced-confidence hedge; status set exploited, cisa-kev fixed-clean
F3
claim-not-supported
active-threatsOperation Endgame StealC C2 directory-traversal
exploit used by global law enforcement
operational exploitation belongs to LE, not Proofpoint/IBMReworded: researchers documented the flaw; an exploit built on it was used by law enforcement fixed-clean
F4
hallucinated-fact
trending-vulnerabilitiesCacti 1.2.31 multi-CVE
GHSA-69gg covers only CVE-2026-39893
over-attribution of 3 extra CVEs/LFI/40-vulns/EUVD to one GHSAItem dropped to § 7 (also out-of-window: GHSA dated 06-19) dropped-item
F4
hallucinated-fact
trending-vulnerabilitiesMISP 2.5.42 CVSS scores
CVSS 8.7/9.3/9.4/7.1 unsourced
release notes carry no CVSS; only GHSA-834x gives CVE-2026-56447=9.3Removed unsourced CVSS; kept only 9.3 (CVE-2026-56447); generalised other-CVE descriptions to release-page wording fixed-clean
F4
hallucinated-fact
active-threatsMistic BOF capability
'headline capability is in-memory execution of Beacon Object Files'
BOF not in readable cited sourcesRemoved BOF framing + BOF evidence quote; kept signed-Defender sideloading (CSO) + affiliate list (SecurityWeek) fixed-degraded
F7
drop
active-threatsArista EOS recycled 06-10 coverage
briefs/2026-06-10.md CVE-2026-7473
recycled prior coverage presented as freshReframed as § 4 UPDATE with the new no-patch delta fixed-clean
F11
editorial-advisory
deep-diveEdgecution CloudFront C2 quote
Zscaler SPA-unreadable quote
verbatim quote from SPA-unreadable pageSoftened to 'Zscaler reports'; rebound Evidence to a corroborated BleepingComputer quote fixed-clean

Iteration #2 NEEDS_FIXES · 3 findings (truth=1, editorial=1, advisory=1) · Claude Sonnet 4.6 · 5m 17s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
active-threatsMistic H3 heading 'in-memory BOF execution'
heading phrase not in any cited source
iter-1 removed BOF from body but not headingHeading changed to 'in-memory tradecraft' fixed-clean
F3
claim-not-supported
updatesArista § 4 UPDATE citation dates
Eclypsium 2026-06-16; SecurityWeek 2026-06-10 (not 06-23/06-24)
display dates wrong; sources actually out of windowArista item dropped entirely (no in-window delta); moved to § 7 with rationale dropped-item
F11
editorial-advisory
tldrOperation Endgame figures attributed to Microsoft
326/142/27M/EUR41M from BleepingComputer, not Microsoft
TL;DR citation implied Microsoft as figure sourceTL;DR figures recited to BleepingComputer fixed-clean

Iteration #3 CLEAN · 2 findings (truth=0, editorial=0, advisory=2) · Claude Opus 4.8 · 4m 35s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F11
editorial-advisory
deep-diveEdgecution Evidence quote-source label
two quotes labelled BleepingComputer are verbatim from the Zscaler primary
both publishers are listed Sources on the item; label-onlyleft as residual (F11 advisory; both are listed Sources) residual-at-cap
F11
editorial-advisory
updatesKlue 17-June disable date
date under-confirmed by the specific THN page but consistent with prior coverage
non-blocking; uncontradictedleft as residual residual-at-cap

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-06-25-da7fbd23 · Claude Opus 4.8 (1M context) · 7 entries published

  • Items dropped:
    • DifyTap (Dify cross-tenant flaws, CVE-2026-41947 / -41948 / -41949 / -41950) — already evaluated and dropped to § 7 on 2026-06-23; the grounds still hold (all paths require an authenticated editor/tenant account, no in-the-wild exploitation), so it does not clear the § 2 inclusion bar despite a stronger primary (Zafran) now being available.
    • OXLoader (Elastic Security Labs) — single-substantive-source and surfaced by two sub-agents with conflicting publication dates (19 vs 23 June) and conflicting technical descriptions (.reloc-section shellcode staging + anti-VM checks vs. process-hollowing + clipper); dropped pending a single reconcilable account.
    • Mini-Shai-Hulud / Miasma / Hades PyPI worm wave (Socket Security) — the substantive primary is dated 8 June, outside the 36 h window (one sub-agent's 24 June date appears to be the date of a Schneier commentary follow-up, not the primary); the Shai-Hulud family has prior coverage, so this is held for a cleaner in-window development.
    • DoJ seizure of Huione Group laundering infrastructure ($31B) — significant law-enforcement action but no patch/hunt/block/detect decision for a public-sector SOC; out of scope under less-is-more.
    • GhostSender / Ghost-Sender (Exchange Online sender spoofing, InfoGuard / Abnormal) — strong CH relevance, but the substantive InfoGuard research is dated 9 June (outside the 36 h window) and the two sub-agents returned materially different mechanism descriptions (direct-to-EOP submission bypassing the external MX gateway vs. cross-tenant outbound-relay abuse); dropped rather than publish an unreconciled mechanism. The in-window CH email-threat signal is carried by the NCSC-CH Week 25 item in § 1.
    • Cacti 1.2.31 (CVE-2026-39893 and the wider 1.2.31 cluster) — the only citable substantive source (Cacti GHSA-69gg-mjfm-jjpc) is dated 2026-06-19, outside the 36 h window, and covers only CVE-2026-39893; the additional CVEs and the 24-June ENISA EUVD indexing that would anchor it in-window are on a blocked-URL search page that cannot be cited inline. Dropped to avoid both an out-of-window item and over-attribution to a single advisory. Still worth patching: pre-auth SQLi (CVSS 9.8) reachable via default guest graph-viewing.
    • Arista EOS tunnel-decapsulation flaw (CVE-2026-7473) — initially drafted as a § 4 UPDATE on the back of an apparently-fresh Eclypsium analysis, but verification established the Eclypsium article is dated 2026-06-16 and the SecurityWeek piece 2026-06-10 — both outside even the 72 h developing window, with no in-window delta. The CVE was already covered on 2026-06-10 (KEV-listed, Arista SA-0137 mitigation); there is no new development this run, so it is dropped rather than recycled. Operators on EOS 4.x should still treat SA-0137 mitigation as permanent (no code fix planned).
  • Single-source (national-CERT carve-out): NCSC-CH Week 25 voicemail-phishing item (§ 1) rests on the NCSC-CH Wochenrückblick as primary disclosing authority for Switzerland (PD-5 carve-out).
  • Recency edge: the MISP 2.5.42 item (§ 2, released 2026-06-22) sits just beyond the 36 h standard window but inside the 72 h developing window; retained for its direct relevance to the threat-intel platform CH/EU public-sector SOCs run.
  • Contradiction: Operation Endgame scale figures differed across sub-agents — one reported 296 servers / 66 domains / 25.6M credentials; the brief uses 326 servers / 142 domains / ~27M credentials / EUR 41M, the figure independently corroborated by Microsoft, ESET and BleepingComputer (the latter quoted verbatim).
  • Verification: iteration 1 (cti-verification, Opus) returned NEEDS_FIXES (truth 6 / editorial 1 / advisory 1) — corrected a "no CVE published" error + dedup miss on the Arista flaw (CVE-2026-7473), narrowed MISP CVSS to the single GHSA-sourced score, dropped the over-attributed Cacti item, softened the Mistic capability framing, fixed the Operation Endgame directory-traversal attribution (researchers documented it; law enforcement used it), and rebound the Edgecution CloudFront quote. Iteration 2 (cti-verification-alt, Sonnet, with prior-iteration deltas) returned NEEDS_FIXES (truth 1 / editorial 1 / advisory 1) — removed a residual "in-memory BOF execution" phrase from the Mistic heading, and on finding the Arista sources are dated 06-16 / 06-10 (out of window) dropped the Arista item entirely rather than republish stale coverage. Iteration 3 (cti-verification, Opus, cold read) returned CLEAN (truth 0 / editorial 0; two non-blocking F11 advisories on quote-source labelling left as residual).
  • Tooling: tools/source_health.py did not finish within its time budget this run (full-source network probe); the committed state/source_health.json is the prior snapshot. No impact on the brief.
  • Coverage gaps: databreaches-net (HTTP 403 on the bridge for a third consecutive run — persistent transport block, not a dead source); cert-eu, cert-fr-avis, ncsc-ch-security-hub, ncsc-nl, cisa-kev, msrc (bridge-reachable but no net-new in-window items); mandiant-gtig, sophos-xops (feed fetch failures, exit code 1); inside-it-ch (Cloudflare-gated); ico-uk, cnil-fr (no in-window enforcement actions); broadcom-symantec, zscaler-threatlabz (SPA bodies unreadable from the bridge — content confirmed via corroborating publishers).

Unmatched action items (migrated)

  • Audit GitHub Actions workflows for the Cordyceps pattern — flag every pull_request_target trigger that consumes ${{ github.event.pull_request.* }} content; adopt actions/checkout v7 or pin a safe configuration; scope GITHUB_TOKEN to contents: read; rotate secrets in affected repos. (See § 3.)
  • Hunt for signed-Defender DLL sideloading (Mistic) — alert on EndpointDlp.dll loaded from a user-writable path or with a non-Microsoft signature (Sysmon EID 7), and on PowerShell spawned by Teams/Office clients. (See § 1.)
  • Hunt for Native-Messaging bridging (Edgecution)msedge.exe → native-messaging host → Python interpreter chains, and HKCU\...\Edge\NativeMessagingHosts\ additions by non-installers; allow-list extensions and native-messaging hosts via Group Policy / WDAC. (See § 5.)
  • Reinforce M365 phishing controls (NCSC-CH wave) — flag ZIP attachments masquerading as voicemail audio, enforce phishing-resistant MFA via Conditional Access, and hunt inbox-rule / forwarding-rule creation shortly after sign-ins from new countries/ASNs. (See § 1.)
  • Audit Salesforce connected-app OAuth tokens (Klue/Icarus) — review Event Log File ApiTotalUsage / ApiAnomalyEventStore for bulk REST reads in the June 11–17 window and minimise token scopes. (See § 4.)

Migrated from briefs/2026-06-25.md (v2).

← Operations dashboard · day page 2026-06-25 · run-record contract: docs/pipeline.md