ctipilot.ch

2026-07-14T1210Z-intel

One pipeline fire, in full · intel run of 2026-07-14 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-07-14/2026-07-14T1210Z-intel.md.

Run telemetry

2026-07-14T1210Z-intel intel prompt v3.24 publish ok
35m 21s duration 3 published 1 updates
Claude Opus 4.8 (claude-opus-4-8) main agent
S1 Claude Sonnet 5 (claude-sonnet-5)
Items returned
2
Duration
13m 48s
Tool calls
not reported
Cited sources
3 of 17 in slice
S2 Claude Sonnet 5 (claude-sonnet-5)
Items returned
1
Duration
12m 55s
Tool calls
not reported
Cited sources
2 of 24 in slice
S3 Claude Sonnet 5 (claude-sonnet-5)
Items returned
2
Duration
11m 28s
Tool calls
not reported
Cited sources
2 of 15 in slice
S4 Claude Sonnet 5 (claude-sonnet-5)
Items returned
3
Duration
14m 18s
Tool calls
not reported
Cited sources
3 of 8 in slice

Verification

unconfirmed CLEAN · waived: single CLEAN at iteration cap (5): iteration 5 (Opus) returned CLEAN following f #1 NEEDS_FIXES · Claude Opus 4.8 · t=2 e=0 a=1 #2 NEEDS_FIXES · Sonnet 5 · t=0 e=1 a=0 #3 NEEDS_FIXES · Claude Opus 4.8 · t=1 e=0 a=0 #4 NEEDS_FIXES · Sonnet 5 · t=1 e=0 a=0 #5 CLEAN · Claude Opus 4.8 · t=0 e=0 a=0

Deep dive

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

No coverage gaps in this run · every source the brief needed returned usable content via its documented recipe.

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 3 findings (truth=2, editorial=0, advisory=1) · Claude Opus 4.8 · —

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
Body claimed exploitation needs 'no memory-corruption primitive, no admin privileges, and no physical access'; ESET states only 'no complicated exploitation primitives' — writing to the EFI System ParDropped the 'no admin privileges / no physical access' claim, kept 'no complex exploitation primitive', and added that ESP writes are a privileged local operati
F4
hallucinated-fact
'ESET reports no observed in-the-wild exploitation' over-attributed a statement ESET never made; only the IOC-withholding half is source-supported. Low harm (conservative direction).De-attributed to a passive 'no in-the-wild exploitation has been reported' in the body and summary, and re-cited the IOC-withholding to ESET's verbatim wording
F11
editorial-advisory
Workflow-internal terms ('S1 sub-agent', 'the strict vulnerability gate', 'on both S1 and S2') leaked into the reader-facing run-record notes.Rewrote those clauses in plain reader-facing language ('the breaking-vulnerabilities research this run', 'out of scope as an out-of-band item', 'across the rese

Iteration #2 NEEDS_FIXES · 1 finding (truth=0, editorial=1, advisory=0) · Claude Sonnet 5 · —

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F9
surface-contradiction
Confirmed all three iteration-1 remediations hold under independent re-fetch. New finding: the entry was flagged single-source on Wiz, but an independent same-day SafeDep post (safedep.io) covers the Added SafeDep as a corroborating source and upgraded the entry from single-source to multi-source (credibility B2 to B1); added a body sentence and a sourcing-n

Iteration #3 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Opus 4.8 · —

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F14
?
Confirmed the iteration-2 SafeDep multi-source upgrade is correct and all iteration-1 fixes hold. One new low-harm finding: the Defender-takeaway phrase 'the third distinct 2026 wave of pull_request_tSoftened to 'a recurring 2026 pattern of pull_request_target pwn-request abuse feeding npm-ecosystem backdoors' — the unsourced ordinal removed, the sourced rec

Iteration #4 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Sonnet 5 · —

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F17
?
Confirmed the iteration-3 ordinal fix holds and re-verified all iteration 1-3 remediations cold. One new low-severity mapping-support finding: this update entry mapped techniques[] T1505.003 (Web ShelRemoved T1505.003, leaving techniques: [T1190] — non-empty and fully supported by the entry's own body (confirmed active exploitation of the pre-auth auth bypas

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-07-14T1210Z-intel · Claude Opus 4.8 · window 24 h · 3 entries published

Intel run 2026-07-14T1210Z

Intraday run, about 8 hours after the previous one (2026-07-14T0409Z). The coverage window spans the last 24 hours (the standard floor); most of it was already swept by earlier runs today and yesterday, so only genuinely new signal since the morning fire is published. Research covered breaking vulnerabilities, the Swiss/European home-region and sector picture, threat-research labs and incident disclosures; no closed-source material was present this window. Coverage focus: Switzerland and Europe, Swiss/European critical infrastructure and government at the centre.

Verification & coverage notes

A quiet-but-non-empty window: two new entries and one update. No deep dive (no candidate decisively earned the long-form treatment) and no critical-priority item (nothing met the stop-and-act-now bar).

  • New (incident): AsyncAPI npm supply-chain compromise via GitHub Actions (M-RED-TEAM), 2026-07-14, in-window. An attacker abused a misconfigured pull-request-triggered GitHub Actions workflow in the asyncapi/generator project to steal the org's npm publish token and ship five backdoored @asyncapi package versions (over three million downloads a week) carrying a multi-stage IPFS implant. Anchored on Wiz's primary analysis and corroborated by an independent same-day SafeDep post on the identical incident (matching package/version set and commit timestamp), so the entry is multi-source. The two sources disagree on the payload's self-identifying string — Wiz's "M-RED-TEAM v6.4" versus SafeDep's "miasma-train-p1" — which is surfaced in the entry so hunting teams check both. Aikido Security also reported the compromise independently but is not cited because the publisher renamed the post and its client-rendered blog would not resolve to a live URL this run. All indicators (IP, contract addresses, dead-drop, payload paths) were deliberately kept out of the entry per the no-IOC rule; the entry describes the behaviour. One do-now action: inventory imports of the affected versions and rotate exposed credentials.
  • New (vulnerability): Forgotten pre-0.9 UEFI shim Secure Boot bypass, CVE-2026-8863 / CVE-2026-10797 (ESET Research + CERT/CC VU#616257, 2026-07-14, in-window). A signature-length validation mismatch plus MOK-deny-list and SBAT non-enforcement in 11 Microsoft-signed legacy shims lets an attacker bypass Secure Boot on any machine trusting the third-party UEFI CA, no admin or memory-corruption primitive required. Microsoft revoked all 11 via the 2026-06-09 dbx update; no in-the-wild exploitation has been reported. Published now because the full technical disclosure is today's news and the actionable control (verify dbx enrollment, audit EFI System Partitions for forked shims) is concrete for fleets whose firmware-level dbx lags OS patching. Considered for deep-dive treatment and kept as a standard vulnerability entry — patched five weeks ago and not exploited in the wild, so it did not clear the reserved deep-dive bar.
  • Update (incident): Progress ShareFile Storage Zone Controller — active exploitation confirmed (Shadowserver honeypots, relayed by BankInfoSecurity + The Register + the vendor status page, 2026-07-13). Filed as an update to the 2026-07-13 shutdown entry: the new developments are Shadowserver's confirmation of in-the-wild exploitation of CVE-2026-2699 beginning 2026-07-10 (moving it from PoC-public to actively exploited), the exposed-instance count collapsing from about 30,000 to roughly 1,000, and a named researcher's public (explicitly unconfirmed) Clop-involvement assessment. Delta only; the original entry's shutdown and compromise-check actions still stand, so this update carries no new action items (the brief's action list is a union — repeating them would duplicate).

Single-source / carve-outs:

  • AsyncAPI M-RED-TEAM — multi-source (Wiz primary + SafeDep corroborating, both same-day, both resolving; reliability B, credibility 1 on the corroborated core compromise). The two sources disagree only on the payload's self-ID string (M-RED-TEAM v6.4 vs miasma-train-p1), surfaced in the entry. Clop-attribution NOT asserted anywhere; both sources explicitly decline definitive attribution.
  • ESET UEFI shims — multi-source (ESET primary + CERT/CC coordinated note); credibility 1. CVSS left null (not stated by ESET).
  • ShareFile update — multi-source; the exploitation-confirmation fact traces to Shadowserver honeypot telemetry relayed by BankInfoSecurity and corroborated by The Register and the vendor status page (credibility 1). The Clop framing is one named analyst's public hypothesis (Recorded Future's Allan Liska, on Bluesky), not attribution — Progress has named no actor.

Borderline drops (recoverable audit trail):

  • borderline-drop: Siemens Opcenter X JWT algorithm-confusion authentication bypass (CVE-2026-56451, CVSS 10.0, Siemens ProductCERT SSA-096828, 2026-07-14) — a pre-auth full-admin-impersonation flaw in a manufacturing-execution-system platform, patched in V2604, but with no reported exploitation, no public proof-of-concept, no exposure-driven urgency, and a specialized product class that patches on the normal operational-technology change window. Serious on paper but correctly out of scope as an out-of-band item — a high-CVSS CVE the routine patch cadence already handles is not operational signal for this audience; manufacturing/energy operators receive it through the normal Siemens advisory flow. Single-source (vendor PSIRT).
  • borderline-drop: Swiss Army Kommando Cyber move off Microsoft 365 to the open-source OpenDesk suite by October 2026 over US CLOUD Act exposure (Republik/heise/SwissCybersecurity.net, 2026-07-09 to 07-13) — a direct hit on the core constituency and well-sourced, but a strategic digital-sovereignty/procurement decision with no near-term operational defender action. Held for the weekly strategic summary and flagged for that run, the same disposition the morning fire reached on this story.
  • borderline-drop: Cisco Talos Python package supply-chain attack-surface taxonomy ("The serpent's tongue", 2026-07-14) — a well-executed defensive reference cataloguing known Python supply-chain mechanisms (setup.py build hooks, .pth injection, entry-point hijacking) for an audience already fluent in them; single-source, no new campaign or novel primitive. Its useful pivot — file-integrity monitoring of .pth files created under site-packages outside a package-manager transaction — is body-level detection engineering, not a new story.
  • borderline-drop: D1R unconfirmed Synopsys → Bosch → ARM supply-chain extortion claim (Cybernews + a leak-site tracker reproducing D1R's own text, 2026-07-13) — an unconfirmed dark-web leak-site claim from a newly-surfaced actor with no track record; none of the three named companies has confirmed a breach, and the sourcing is a single chain plus the actor's own statement. Fails the leak-site corroboration bar; the one transferable point (enumerate a B2B vendor's registration portal, then pivot via a certificate-trusting client tool that skips interactive MFA) is a generic recon pattern that does not justify an unverified named-victim entry. Same disposition the morning fire reached.
  • borderline-drop: Lidl online-shop customer-data breach via a compromised IT service provider (DE/BE/NL, BleepingComputer + Help Net Security, 2026-07-13) — out-of-sector retail with no home-region critical-infrastructure or government nexus; limited personal data (no passwords or payment details), no named actor, and a repeat of the third-party-processor trust-boundary pattern already covered repeatedly this week. No transferable new tradecraft. Same disposition the morning fire reached.

Data-quality note: the breaking-vulnerabilities research this run chased a secondary-source claim that July 2026 Patch Tuesday had landed with a specific "most urgent" CVE, cross-checked it directly against Microsoft's structured advisory feed, found the secondary source had conflated a 2025-patched CVE with this month's release, and confirmed no July 2026 cumulative had posted as of the run — the item was dropped rather than published, and a later-in-day run should re-check once the cumulative posts. The same pass also dropped a JetBrains YouTrack CVE (CVE-2026-62422) as a re-catalogued duplicate of an already-public June disclosure (CVE-2026-50242).

  • Coverage gaps: cert-pl (article pages 403 the routine UA and the reader was balance-exhausted this run — recovered a July item via an EUVD cross-reference, assessed too niche, not carried); cert-eu (no numbered advisory since June — confirmed quiet, not a transport failure); the r.jina.ai reader returned HTTP 402 balance-exhausted across the research passes and during the main-agent deep read, forcing WebFetch/feed fallbacks (all content recovered, but the reader rung of the fetch ladder was unavailable — an operator top-up item); cert-at/govcert-at (recipe points at a static landing page with no dated feed — recipe needs updating to a dated listing); several standard-rotation research/regulator sources (dragos, nozomi-networks, citizen-lab, cloudflare-cf1, push-security, redcanary, intel471, edpb, cnil-fr, ico-uk, troyhunt) confirmed quiet in-window.
  • Watchlist: no product/supplier watchlist configured — product and supplier sweeps are structural no-ops this deployment (products checked=0, suppliers checked=0).
  • Essential-coverage: all essential sources attempted; no essential-source miss this run.

← Operations dashboard · run-record contract: docs/pipeline.md