2026-06-25-da7fbd23
One pipeline fire, in full · intel run of 2026-06-25 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-06-25/2026-06-25-da7fbd23.md.
Run telemetry
- Items returned
- 9
- Duration
- 11m 09s
- Tool calls
- 12 WebFetch14 WebSearch18 bridge
- Cited sources
- 5 of 13 in slice
- Items returned
- 4
- Duration
- 8m 17s
- Tool calls
- 9 WebFetch13 WebSearch8 bridge
- Cited sources
- 4 of 9 in slice
- Items returned
- 5
- Duration
- 6m 58s
- Tool calls
- 16 WebFetch6 WebSearch6 bridge
- Cited sources
- 8 of 13 in slice
- Items returned
- 3
- Duration
- 9m 21s
- Tool calls
- 10 WebFetch10 WebSearch9 bridge
- Cited sources
- 4 of 9 in slice
Verification
2 entries dropped by verification this run (recorded in the verification & coverage notes).
Deep dive
2026-06-25/edgecution-abusing-the-chrome-edge-native-messaging-api-as-a
Entries published (this run)
- NCSC-CH: active Microsoft 365 "voicemail" phishing wave in Switzerland delivers infostealers and harvests M365 credentials threat high
- Operation Endgame dismantles the Amadey and StealC malware-as-a-service backbone threat high
- "Mistic" backdoor: signed-Defender DLL sideloading and in-memory tradecraft by access broker Woodgnat/KongTuke threat high
- CVE-2026-56447, CVE-2026-56446, CVE-2026-56425, CVE-2026-56424, CVE-2026-56423, CVE-2026-56422 — MISP 2.5.42: two site-admin RCE paths plus Azure-AD auth and broken-access-control hardening vulnerability high
- "Cordyceps" — the GitHub Actions pull_request_target pwn-request class is still widely exploitable at scale research high
- Klue/Icarus Salesforce OAuth breach — BeyondTrust and LastPass added to the named-victim list incident notable update
- Edgecution: abusing the Chrome/Edge Native Messaging API as a browser-sandbox-to-host bridge threat notable
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
No source-list edits recorded for this run.
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
| Source (uncovered) | URL tried | Method chain | Status / class | What the agent did instead |
|---|---|---|---|---|
| databreaches-net | https://databreaches.net/ | bridge:url → websearch | 403 transport-403 HTTP 403 on bridge fetch (third consecutive run) | WebSearch fallback; no in-window qualifying disclosures not already covered by primary sources |
Verification findings · all iterations
Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.
Iteration #1 NEEDS_FIXES · 8 findings (truth=6, editorial=1, advisory=1) · Claude Opus 4.8 · 3m 50s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | active-threats | Arista EOS tunnel-decapsulation — 'no CVE published' CVE-2026-7473 named by both sources; repo covered it 2026-06-10 | 'no CVE published' is false; CVE-2026-7473 is KEV-listed | Reframed as § 4 UPDATE naming CVE-2026-7473 (CVSS 6.9), KEV/exploited retained, new no-patch-for-4.x delta surfaced fixed-clean |
| F3 claim-not-supported | verification-notes | Arista exploitation reduced-confidence hedge KEV added 2026-06-09 | exploitation is KEV-confirmed; remove hedge | Removed the reduced-confidence hedge; status set exploited, cisa-kev fixed-clean |
| F3 claim-not-supported | active-threats | Operation Endgame StealC C2 directory-traversal exploit used by global law enforcement | operational exploitation belongs to LE, not Proofpoint/IBM | Reworded: researchers documented the flaw; an exploit built on it was used by law enforcement fixed-clean |
| F4 hallucinated-fact | trending-vulnerabilities | Cacti 1.2.31 multi-CVE GHSA-69gg covers only CVE-2026-39893 | over-attribution of 3 extra CVEs/LFI/40-vulns/EUVD to one GHSA | Item dropped to § 7 (also out-of-window: GHSA dated 06-19) dropped-item |
| F4 hallucinated-fact | trending-vulnerabilities | MISP 2.5.42 CVSS scores CVSS 8.7/9.3/9.4/7.1 unsourced | release notes carry no CVSS; only GHSA-834x gives CVE-2026-56447=9.3 | Removed unsourced CVSS; kept only 9.3 (CVE-2026-56447); generalised other-CVE descriptions to release-page wording fixed-clean |
| F4 hallucinated-fact | active-threats | Mistic BOF capability 'headline capability is in-memory execution of Beacon Object Files' | BOF not in readable cited sources | Removed BOF framing + BOF evidence quote; kept signed-Defender sideloading (CSO) + affiliate list (SecurityWeek) fixed-degraded |
| F7 drop | active-threats | Arista EOS recycled 06-10 coverage briefs/2026-06-10.md CVE-2026-7473 | recycled prior coverage presented as fresh | Reframed as § 4 UPDATE with the new no-patch delta fixed-clean |
| F11 editorial-advisory | deep-dive | Edgecution CloudFront C2 quote Zscaler SPA-unreadable quote | verbatim quote from SPA-unreadable page | Softened to 'Zscaler reports'; rebound Evidence to a corroborated BleepingComputer quote fixed-clean |
Iteration #2 NEEDS_FIXES · 3 findings (truth=1, editorial=1, advisory=1) · Claude Sonnet 4.6 · 5m 17s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | active-threats | Mistic H3 heading 'in-memory BOF execution' heading phrase not in any cited source | iter-1 removed BOF from body but not heading | Heading changed to 'in-memory tradecraft' fixed-clean |
| F3 claim-not-supported | updates | Arista § 4 UPDATE citation dates Eclypsium 2026-06-16; SecurityWeek 2026-06-10 (not 06-23/06-24) | display dates wrong; sources actually out of window | Arista item dropped entirely (no in-window delta); moved to § 7 with rationale dropped-item |
| F11 editorial-advisory | tldr | Operation Endgame figures attributed to Microsoft 326/142/27M/EUR41M from BleepingComputer, not Microsoft | TL;DR citation implied Microsoft as figure source | TL;DR figures recited to BleepingComputer fixed-clean |
Iteration #3 CLEAN · 2 findings (truth=0, editorial=0, advisory=2) · Claude Opus 4.8 · 4m 35s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F11 editorial-advisory | deep-dive | Edgecution Evidence quote-source label two quotes labelled BleepingComputer are verbatim from the Zscaler primary | both publishers are listed Sources on the item; label-only | left as residual (F11 advisory; both are listed Sources) residual-at-cap |
| F11 editorial-advisory | updates | Klue 17-June disable date date under-confirmed by the specific THN page but consistent with prior coverage | non-blocking; uncontradicted | left as residual residual-at-cap |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-06-25-da7fbd23 · Claude Opus 4.8 (1M context) · 7 entries published
- Items dropped:
- DifyTap (Dify cross-tenant flaws, CVE-2026-41947 / -41948 / -41949 / -41950) — already evaluated and dropped to § 7 on 2026-06-23; the grounds still hold (all paths require an authenticated editor/tenant account, no in-the-wild exploitation), so it does not clear the § 2 inclusion bar despite a stronger primary (Zafran) now being available.
- OXLoader (Elastic Security Labs) — single-substantive-source and surfaced by two sub-agents with conflicting publication dates (19 vs 23 June) and conflicting technical descriptions (
.reloc-section shellcode staging + anti-VM checks vs. process-hollowing + clipper); dropped pending a single reconcilable account. - Mini-Shai-Hulud / Miasma / Hades PyPI worm wave (Socket Security) — the substantive primary is dated 8 June, outside the 36 h window (one sub-agent's 24 June date appears to be the date of a Schneier commentary follow-up, not the primary); the Shai-Hulud family has prior coverage, so this is held for a cleaner in-window development.
- DoJ seizure of Huione Group laundering infrastructure ($31B) — significant law-enforcement action but no patch/hunt/block/detect decision for a public-sector SOC; out of scope under less-is-more.
- GhostSender / Ghost-Sender (Exchange Online sender spoofing, InfoGuard / Abnormal) — strong CH relevance, but the substantive InfoGuard research is dated 9 June (outside the 36 h window) and the two sub-agents returned materially different mechanism descriptions (direct-to-EOP submission bypassing the external MX gateway vs. cross-tenant outbound-relay abuse); dropped rather than publish an unreconciled mechanism. The in-window CH email-threat signal is carried by the NCSC-CH Week 25 item in § 1.
- Cacti 1.2.31 (CVE-2026-39893 and the wider 1.2.31 cluster) — the only citable substantive source (Cacti GHSA-69gg-mjfm-jjpc) is dated 2026-06-19, outside the 36 h window, and covers only CVE-2026-39893; the additional CVEs and the 24-June ENISA EUVD indexing that would anchor it in-window are on a blocked-URL search page that cannot be cited inline. Dropped to avoid both an out-of-window item and over-attribution to a single advisory. Still worth patching: pre-auth SQLi (CVSS 9.8) reachable via default guest graph-viewing.
- Arista EOS tunnel-decapsulation flaw (CVE-2026-7473) — initially drafted as a § 4 UPDATE on the back of an apparently-fresh Eclypsium analysis, but verification established the Eclypsium article is dated 2026-06-16 and the SecurityWeek piece 2026-06-10 — both outside even the 72 h developing window, with no in-window delta. The CVE was already covered on 2026-06-10 (KEV-listed, Arista SA-0137 mitigation); there is no new development this run, so it is dropped rather than recycled. Operators on EOS 4.x should still treat SA-0137 mitigation as permanent (no code fix planned).
- Single-source (national-CERT carve-out): NCSC-CH Week 25 voicemail-phishing item (§ 1) rests on the NCSC-CH Wochenrückblick as primary disclosing authority for Switzerland (PD-5 carve-out).
- Recency edge: the MISP 2.5.42 item (§ 2, released 2026-06-22) sits just beyond the 36 h standard window but inside the 72 h developing window; retained for its direct relevance to the threat-intel platform CH/EU public-sector SOCs run.
- Contradiction: Operation Endgame scale figures differed across sub-agents — one reported 296 servers / 66 domains / 25.6M credentials; the brief uses 326 servers / 142 domains / ~27M credentials / EUR 41M, the figure independently corroborated by Microsoft, ESET and BleepingComputer (the latter quoted verbatim).
- Verification: iteration 1 (
cti-verification, Opus) returned NEEDS_FIXES (truth 6 / editorial 1 / advisory 1) — corrected a "no CVE published" error + dedup miss on the Arista flaw (CVE-2026-7473), narrowed MISP CVSS to the single GHSA-sourced score, dropped the over-attributed Cacti item, softened the Mistic capability framing, fixed the Operation Endgame directory-traversal attribution (researchers documented it; law enforcement used it), and rebound the Edgecution CloudFront quote. Iteration 2 (cti-verification-alt, Sonnet, with prior-iteration deltas) returned NEEDS_FIXES (truth 1 / editorial 1 / advisory 1) — removed a residual "in-memory BOF execution" phrase from the Mistic heading, and on finding the Arista sources are dated 06-16 / 06-10 (out of window) dropped the Arista item entirely rather than republish stale coverage. Iteration 3 (cti-verification, Opus, cold read) returned CLEAN (truth 0 / editorial 0; two non-blocking F11 advisories on quote-source labelling left as residual). - Tooling:
tools/source_health.pydid not finish within its time budget this run (full-source network probe); the committedstate/source_health.jsonis the prior snapshot. No impact on the brief. - Coverage gaps:
databreaches-net(HTTP 403 on the bridge for a third consecutive run — persistent transport block, not a dead source);cert-eu,cert-fr-avis,ncsc-ch-security-hub,ncsc-nl,cisa-kev,msrc(bridge-reachable but no net-new in-window items);mandiant-gtig,sophos-xops(feed fetch failures, exit code 1);inside-it-ch(Cloudflare-gated);ico-uk,cnil-fr(no in-window enforcement actions);broadcom-symantec,zscaler-threatlabz(SPA bodies unreadable from the bridge — content confirmed via corroborating publishers).
Unmatched action items (migrated)
- Audit GitHub Actions workflows for the Cordyceps pattern — flag every
pull_request_targettrigger that consumes${{ github.event.pull_request.* }}content; adoptactions/checkoutv7 or pin a safe configuration; scopeGITHUB_TOKENtocontents: read; rotate secrets in affected repos. (See § 3.) - Hunt for signed-Defender DLL sideloading (Mistic) — alert on
EndpointDlp.dllloaded from a user-writable path or with a non-Microsoft signature (Sysmon EID 7), and on PowerShell spawned by Teams/Office clients. (See § 1.) - Hunt for Native-Messaging bridging (Edgecution) —
msedge.exe→ native-messaging host → Python interpreter chains, andHKCU\...\Edge\NativeMessagingHosts\additions by non-installers; allow-list extensions and native-messaging hosts via Group Policy / WDAC. (See § 5.) - Reinforce M365 phishing controls (NCSC-CH wave) — flag ZIP attachments masquerading as voicemail audio, enforce phishing-resistant MFA via Conditional Access, and hunt inbox-rule / forwarding-rule creation shortly after sign-ins from new countries/ASNs. (See § 1.)
- Audit Salesforce connected-app OAuth tokens (Klue/Icarus) — review Event Log File
ApiTotalUsage/ApiAnomalyEventStorefor bulk REST reads in the June 11–17 window and minimise token scopes. (See § 4.)
Migrated from briefs/2026-06-25.md (v2).
← Operations dashboard · day page 2026-06-25 · run-record contract: docs/pipeline.md