2026-07-18T0409Z-intel
One pipeline fire, in full · intel run of 2026-07-18 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-07-18/2026-07-18T0409Z-intel.md.
Run telemetry
- Items returned
- 1
- Duration
- 9m 42s
- Tool calls
- 8 WebFetch4 WebSearch20 bridge
- Cited sources
- 0 of 12 in slice
- Items returned
- 2
- Duration
- 15m 50s
- Tool calls
- 24 WebFetch20 WebSearch12 bridge
- Cited sources
- 1 of 19 in slice
- Items returned
- 4
- Duration
- 12m 25s
- Tool calls
- 30 WebFetch11 WebSearch3 bridge
- Cited sources
- 3 of 22 in slice
- Items returned
- 4
- Duration
- 14m 40s
- Tool calls
- 16 WebFetch16 WebSearch9 bridge
- Cited sources
- 1 of 8 in slice
Verification
Deep dive
2026-07-18/sonicwall-sma1000-uta0533-exploitation-kill-chain
Entries published (this run)
- Abbott confirms a Cancer Diagnostics cyber incident; ShinyHunters claims a vished Entra SSO account and 30M+ records incident notable
- Contagious Interview (DPRK) hides an OTTERCOOKIE-aligned payload in SVG-comment steganography inside fake coding-interview repos research notable
- TheGentlemen ransomware hits Portugal's Metro Mondego (Coimbra light-rail); operator confirms attack, notifies CNCS and CNPD incident notable
- CVE-2025-40948/-40947/-40949 — Siemens RUGGEDCOM ROX II: Unit 42 chains three OT-switch flaws to persistent root vulnerability notable
- SonicWall SMA 1000 zero-day exploitation (CVE-2026-15409/-15410): Volexity reconstructs UTA0533's full appliance-to-network kill chain threat high update
- CVE-2026-47865 — VMware Avi Load Balancer: unauthenticated control-plane authentication bypass (CVSS 9.8), no workaround vulnerability high
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
28 last_successful_fetch.
| Source | Change | From → To | Reason |
|---|---|---|---|
| unit42 | last_successful_fetch | 2026-07-16 → 2026-07-18 | fetched + used (Siemens RUGGEDCOM ROX II chain) |
| volexity | last_successful_fetch | 2026-07-13 → 2026-07-18 | fetched + used (SonicWall SMA 1000 UTA0533) |
| heise-sec | last_successful_fetch | 2026-07-13 → 2026-07-18 | fetched + used (VMware Avi Load Balancer discovery) |
| bleepingcomputer | last_successful_fetch | 2026-07-17 → 2026-07-18 | fetched + used (Abbott corroboration) |
| elastic-seclabs | last_successful_fetch | 2026-07-16 → 2026-07-18 | fetched + used (Contagious Interview OTTERCOOKIE) |
| advisories-ncsc-nl | last_successful_fetch | 2026-07-17 → 2026-07-18 | fetched (in-window CERT sweep) |
| ncsc-ch-security-hub | last_successful_fetch | 2026-07-17 → 2026-07-18 | fetched (CH national-CERT sweep) |
| cisa-kev | last_successful_fetch | 2026-07-17 → 2026-07-18 | fetched (KEV verification) |
| cisa-advisories | last_successful_fetch | 2026-07-17 → 2026-07-18 | fetched (advisory sweep) |
| cisa-directives | last_successful_fetch | 2026-07-13 → 2026-07-18 | fetched via jina fallback (no in-window directive) |
| bsi-de | last_successful_fetch | 2026-07-14 → 2026-07-18 | fetched (WID advisory sweep) |
| anssi-fr | last_successful_fetch | 2026-07-14 → 2026-07-18 | fetched (CERT-FR sweep) |
| cert-eu | last_successful_fetch | 2026-07-14 → 2026-07-18 | fetched (reachable, feed stale to 2026-06-10) |
| cert-pl | last_successful_fetch | 2026-07-14 → 2026-07-18 | fetched (news sweep) |
| ncsc-ch-focus | last_successful_fetch | 2026-07-14 → 2026-07-18 | fetched (CH Im Fokus) |
| ncsc-ch-incidents | last_successful_fetch | 2026-07-14 → 2026-07-18 | fetched (CH Aktuelle Vorfaelle) |
| enisa | last_successful_fetch | 2026-07-13 → 2026-07-18 | fetched (news sweep) |
| enisa-euvd | last_successful_fetch | 2026-07-14 → 2026-07-18 | fetched (EUVD CVE checks) |
| cert-at | last_successful_fetch | 2026-07-14 → 2026-07-18 | fetched via govcert.gv.at (no in-window item) |
| ncsc-uk | last_successful_fetch | 2026-07-13 → 2026-07-18 | fetched (reports/advisories sweep) |
| cisa-news | last_successful_fetch | 2026-07-12 → 2026-07-18 | fetched (news sweep) |
| cisco-psirt | last_successful_fetch | 2026-07-12 → 2026-07-18 | fetched (PSIRT RSS) |
| cnil-fr | last_successful_fetch | 2026-07-13 → 2026-07-18 | fetched (Drupal listing, no in-window enforcement) |
| edpb | last_successful_fetch | 2026-07-12 → 2026-07-18 | fetched (one policy item, dropped as non-actionable) |
| databreaches-net | last_successful_fetch | 2026-07-17 → 2026-07-18 | fetched (RSS clean, no qualifying in-window item) |
| sec-disclosures-edgar | last_successful_fetch | 2026-07-13 → 2026-07-18 | fetched (Item 1.05 + 8.01 sweep; Coca-Cola/Fairlife 8.01 found via news pivot) |
| ico-uk | last_successful_fetch | 2026-07-13 → 2026-07-18 | fetched (enforcement sitemap, none in-window) |
| ransomware-live | last_successful_fetch | 2026-07-13 → 2026-07-18 | fetched (leak-site claims sweep) |
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
No coverage gaps in this run · every source the brief needed returned usable content via its documented recipe.
Bridge invocations (this run)
4 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).
- cisa-kev ×1
- ncsc-csh recent ×1
- cisa csaf-recent / cisa page ×1
- cisa page (jina fallback) ×1
Verification findings · all iterations
Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.
Iteration #1 NEEDS_FIXES · 3 findings (truth=2, editorial=0, advisory=1) · Claude Opus 4.8 · 8m 21s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | — | Body said the vishing was 'a call to a help-desk operator'; the cited BleepingComputer article says only 'a vishing attack targeting several Abbott employees' and does not specify a help-desk role. | Changed the body to 'a vishing (voice-phishing) attack targeting several Abbott employees', matching the cited source. (The Triage line's help-desk-assisted-MFA | |
| F4 hallucinated-fact | — | Summary said 'network-adjacent attacker'; Broadcom scores CVE-2026-47865 AV:N (fully network/remote), so '-adjacent' understated reachability. | Changed to 'unauthenticated remote attacker'. | |
| F11 editorial-advisory | — | Advisory (non-blocking): classification reliability was A while the lead source is Unit 42 (Admiralty B), inconsistent with the structurally identical SonicWall entry rated B. | Changed Siemens classification reliability A → B for consistency; credibility 1 retained (Unit 42 + Siemens ProductCERT corroborate). |
Iteration #2 NEEDS_FIXES · 5 findings (truth=3, editorial=2, advisory=1) · Claude Sonnet 5 · 9m 18s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | — | evidence[] quote read 'The trojanized repositories...' where Elastic's text is 'These trojanized repositories...' — a one-word substitution breaking the verbatim-substring rule. | Restored the exact Elastic wording 'These trojanized repositories at the time of writing have zero detections and are not flagged by any AV vendors' in the evid | |
| F4 hallucinated-fact | — | Run-record notes header read 'Published (7 = 6 new + 1 update)', contradicting entries_published: 6 and the 6-item list beneath it (5 net-new + 1 update = 6). | Corrected the header to 'Published (6 = 5 new + 1 update)'. | |
| F5 missing-citation | — | The credential-access/lateral-movement paragraph carried no inline citation and the 'reaching domain controllers' clause traced to Rapid7, not the entry's lead source Volexity. | Attributed the internal-network pivot to Rapid7 (verbatim quote, inline-cited), and the LDAP capture to Volexity; removed the flat 'reaching domain controllers' | |
| F9 surface-contradiction | — | Volexity's own conclusion — 'the threat actor was less successful moving laterally or gaining access to other systems' — was not surfaced against the entry's 'appliance-to-domain' framing; the two IR | Retitled 'appliance-to-domain' → 'appliance-to-network', and added Volexity's less-successful-lateral-movement conclusion (verbatim, inline-cited) to surface th | |
| F8 needs-more-research | — | Advisory: 'the operator uploads a script' was ambiguous where Unit 42 attributes the upload to 'the attacker'. | Changed 'the operator uploads' to 'the attacker uploads', matching Unit 42. |
Iteration #3 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Opus 4.8 · 7m 25s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | — | The ShadowByt3$/LabCentral-portal detail (publicly available reference documentation only) was inline-cited to MedTech Dive, which does not carry it; it is supported verbatim by BleepingComputer, alre | Re-pointed the LabCentral clause to BleepingComputer with BleepingComputer's own wording ('houses publicly available technical product reference documents and d |
Iteration #4 NEEDS_FIXES · 6 findings (truth=5, editorial=1, advisory=0) · Claude Sonnet 5 · 9m 36s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | — | cves[] carried only 4 of the 7 VMSA-2026-0005 CVEs while the body names all seven — CVE-2026-47866/-47869/-47870 lacked structured records (docs/pipeline.md one-record-per-CVE). | Added structured cves[] records for CVE-2026-47866 (authz bypass, 8.3, post-auth), CVE-2026-47869 (RCE, 8.7, admin-required), CVE-2026-47870 (priv-esc, 7.1, pos | |
| F4 hallucinated-fact | — | tags carried 'espionage' but no cited source characterizes UTA0533's motive (the run record's own note states UTA0533 carries no nexus). | Removed the 'espionage' tag. | |
| F4 hallucinated-fact | — | tags carried 'ai-abuse' but Elastic only mentions AI as folders the file-stealer avoids, not actor abuse of AI. | Removed the 'ai-abuse' tag. | |
| F4 hallucinated-fact | — | The Siemens SSA-081142 evidence quote dropped 'on the underlying operating system' and added a period not in the source — not a contiguous verbatim substring. | Extended the quote to the full verbatim sentence '...execute arbitrary commands with root privileges on the underlying operating system.' (confirmed by fetching | |
| F4 hallucinated-fact | — | event_date used the underlying attack date (2026-07-06); docs/pipeline.md defines event_date as the primary-source publication date. | Changed event_date to 2026-07-17 (the Campeão das Províncias primary publication date); the 6 July attack date remains stated in the body. | |
| F17 ? | — | classification.reliability was B; the primary source is Abbott's own first-party statement about its own incident (Admiralty A, per store precedent). credibility 3 correct. | Changed reliability B → A; credibility 3 retained (the actor's scope/method remains an uncorroborated claim). |
Iteration #5 NEEDS_FIXES cap-breach · 2 findings (truth=2, editorial=0, advisory=0) · Claude Opus 4.8 · 7m 04s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F4 hallucinated-fact | — | CVE-2026-47865's cves[] affected field listed 32.1.1, but the Broadcom Response Matrix shows 32.1.1 is affected only by the six companion CVEs, not the 9.8 auth bypass. | Removed 32.1.1 from CVE-2026-47865's affected string (now 22.1.1–22.1.7, 30.1.1–30.2.6, 31.1.1–31.2.2); the other six records keep 32.1.1. The summary's overall | |
| F4 hallucinated-fact | — | The evidence[] Rapid7 quote capitalized 'The threat actors...' where the source reads mid-sentence lowercase 'the threat actors...' ('With these harvested resources, the threat actors quickly shifted. | Corrected the evidence[] record to the lowercase contiguous substring 'the threat actors quickly shifted to lateral movement...'; the body quote already used th |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-07-18T0409Z-intel · Claude Opus 4.8 · window 26 h · 6 entries published
Verification & coverage notes
Verification. Five iterations (Opus/Sonnet/Opus/Sonnet/Opus rotation), every verdict NEEDS_FIXES but each finding minor and remediated — a benign whack-a-mole where each cold read on the alternate model surfaced a distinct low-severity defect the others missed: iter1 (Opus) — Abbott "help-desk operator" over-specification (F4) + VMware "network-adjacent" understatement (F4) + Siemens reliability A→B (F11); iter2 (Sonnet) — Contagious Interview evidence-quote word substitution (F4) + run-record arithmetic (F4) + SonicWall lateral-movement citation/Volexity-divergence (F5/F9) + Siemens "operator"→"attacker" (F8); iter3 (Opus) — Abbott LabCentral citation re-point MedTech Dive→BleepingComputer (F3); iter4 (Sonnet) — 3 missing VMware CVE records (F4) + unsupported espionage/ai-abuse tags (F4×2) + Siemens SSA quote truncation (F4) + Metro Mondego event_date→publication-date (F4) + Abbott reliability B→A (F17); iter5 (Opus) — VMware 47865 affected-version overreach (F4) + SonicWall Rapid7 evidence-quote capitalization (F4). All remediated. Published fail-open at the 5-iteration cap (Phase 5.7 decision rule 6): the final iteration returned NEEDS_FIXES with two residual truth findings, both remediated before commit — no broken URL (F1) and no unremediated hallucinated fact (F4) survived, and verification_residual_count records the final iteration's truth+editorial count of 2 per the contract. entries_dropped_by_verification: 0.
Window. Standard 26 h window (gap 24 h since the previous run 2026-07-17T0409Z-intel, publish_status ok). No scheduler outage; no closed-source intel drops (no S5). All four research sub-agents returned within cap (longest S2 at 950 s). Total run ~100 min (research+compose ~37 min; the five-iteration verifier loop added ~60 min) — well inside the ~3 h watchdog budget.
Published (6 = 5 new + 1 update).
vmware-avi-load-balancer-cve-2026-47865-auth-bypass(vuln, high) — VMSA-2026-0005: unauthenticated Avi Controller control-plane auth bypass (CVE-2026-47865, CVSS 9.8) + six companions; no workaround; reported by NATO NCSC. No confirmed exploitation — included on the pre-auth severity + no-workaround + NATO-provenance combination (out-of-band patch warranted), not a KEV/exploitation trigger.siemens-ruggedcom-rox-ii-unit42-three-cve-chain(vuln, notable) — Unit 42's in-window (2026-07-17) full chain analysis of three RUGGEDCOM ROX II OT-switch flaws (CVE-2025-40948/-40947/-40949) to persistent root; Siemens patched V2.17.1 (SSA advisories dated 2026-05-12, so the CVEs/patch predate the window — the in-window development is the Unit 42 technical analysis, carried under PD-11(d) substantive primary technical analysis + OT/CI nexus).sonicwall-sma1000-uta0533-exploitation-kill-chain(threat, high, deep-dive firewall-vpn-rce, update_of 2026-07-14) — Volexity attributes the actively-exploited SonicWall SMA 1000 zero-days to UTA0533 and reconstructs the full SSRF→root→implant→LDAP-theft→lateral-movement chain. Deep dive cleared criterion 1 (active ITW exploitation + non-trivial constituency exposure of remote-access gateways); deep_dives_today was 0. The delta over the 2026-07-14 vuln entry is the actor, the kill chain, and the assume-compromise/re-image guidance.contagious-interview-ottercookie-svg-steganography(research, notable) — Elastic's new DPRK Contagious Interview instance hiding an OTTERCOOKIE-aligned payload in SVG-comment steganography; single-source (Elastic own-incident), carried at confidence medium.abbott-exact-sciences-shinyhunters-entra-sso-vishing(incident, notable) — Abbott confirms a Cancer Diagnostics (Exact Sciences) incident; ShinyHunters claims vishing→Entra SSO→multi-SaaS export and 30M+ records (unverified). Included on healthcare additional-sector + same-actor (ShinyHunters/UNC6240) transferable-TTP nexus, framed around the method not the victim; actor's scope claim explicitly separated from Abbott's confirmation (credibility 3).metro-mondego-thegentlemen-ransomware-portugal-transit(incident, notable) — clean EU + transport-sector item: Portuguese light-rail operator confirms a 6 July ransomware attack on internal systems (transport operation unaffected), notified CNCS/CNPD; TheGentlemen claimed. Victim-own-disclosure carve-out; transferable IT/OT-segmentation and notification-playbook lesson.
Dropped — duplicate coverage (dedup):
- FortiSandbox CVE-2026-25089/-39808 KEV addition (S1) — the CVEs and
campaign:fortisandbox-triple-active-exploitationare already covered; the 2026-07-16 KEV listing is the only delta and a KEV listing never opens an update entry (exploitation already confirmed and published ~2026-06-17). CVE-2026-39813 (probed, not KEV) and the separate FortiSandbox VNC exposure are noted below.
borderline-drop: FortiSandbox VNC exposure CVE-2026-59835 (NCSC-NL / Fortinet FG-IR-26-145) — CVSS 7.7 information-exposure (CWE-668) with no exploitation, no PoC, and requiring the scanning-VM VLAN to be reachable; a routine-patch-cycle item that does not clear the beyond-the-patch-cycle vulnerability bar. No FortiSandbox entry published this run to fold it into.
borderline-drop: n8n CVE-2026-59208 cross-issuer JWT identity-binding flaw (SOCRadar / n8n GHSA / The Hacker News) — narrow preconditions (Enterprise token-exchange feature with 2+ trusted issuers), no exploitation, no public PoC; the AI-pentest-agent (Strix) discovery angle is a research curiosity, not itself actionable intelligence for this constituency.
borderline-drop: Ernst & Young third-party ITSM support-ticket breach (BleepingComputer / CyberInsider) — out-of-nexus: no confirmed CH/EU victim data, no disclosed initial-access vector, no actor, no novel TTP; the ITSM-attachments-as-shadow-repository lesson is real but generic. Does not clear the strict out-of-nexus breach gate (global-significance alone, with no TTP/actor leg).
borderline-drop: Coca-Cola/Fairlife ransomware US production halt (SEC 8-K Item 8.01 / BleepingComputer) — out-of-nexus: food-and-beverage manufacturing (not a configured sector), US-only impact, no actor/vector/OT detail disclosed, filed under Item 8.01 (Coca-Cola has not deemed it material). The IT/OT-convergence production-halt lesson is well-worn (JBS/Colonial lineage). Worth a status-check if an Item 1.05 amendment or actor claim lands.
Out-of-window / recency notes.
- Siemens RUGGEDCOM ROX II CVEs and the V2.17.1 patch were published by Siemens 2026-05-12 (outside the 26 h window); the entry survives on Unit 42's in-window full-chain technical analysis (2026-07-17), with
event_date: 2026-07-17and the May patch dates stated in the body so freshness is not misrepresented. - Metro Mondego attack occurred 2026-07-06 (outside the window); the in-window trigger is the operator's 2026-07-17 public disclosure.
event_date: 2026-07-06. - Germany KRITIS-Dachgesetz registration deadline (17 July 2026) investigated by S2 but dropped — all corroborating coverage predates the window (31 May–8 July); re-enters on fresh in-window reporting or the weekly.
Single-source / carve-outs. Contagious Interview (Elastic) is single-source — a high-reliability lab reporting its own incident (its community Slack was targeted); confidence medium, sourcing_note states so. VMware Avi (Broadcom PSIRT + heise), Siemens ROX II (Unit 42 + Siemens ProductCERT), SonicWall (Volexity + Rapid7 + SonicWall PSIRT), Abbott (Abbott statement + BleepingComputer + MedTech Dive) and Metro Mondego (victim statement via Campeão + TugaTech) are multi-source. Abbott's actor/method/scope are the extortion actor's own unverified claim, held separate from Abbott's confirmation (credibility 3).
Attribution discipline. UTA0533 carries no geopolitical nexus (Volexity gives none). Contagious Interview / OTTERCOOKIE carry north-korea-nexus per Elastic's DPRK-aligned assessment. Abbott's ShinyHunters attribution is the actor's own leak-site claim, not Abbott's; the entry attributes the vishing/Entra/SaaS/record-count claims to ShinyHunters via BleepingComputer.
Deep dive: SonicWall SMA 1000 (UTA0533). Cleared criterion 1 (active in-the-wild exploitation + non-trivial constituency exposure — internet-facing remote-access gateways across EU public-sector/enterprise). Category firewall-vpn-rce; the last firewall-vpn-rce deep dive was 2026-07-10 (CitrixBleed 2), 8 days prior, outside the 7-day demotion window; criterion-1 items override demotion regardless. Only deep dive this run (deep_dives_today was 0).
Watchlist: not applicable — no product or supplier watchlist configured for this deployment (S1 products checked=0, S4 suppliers checked=0).
Operational note — jina reader credit exhausted. Both S1 and S4 (and the main-agent Phase 4 deep-read) reported the jina universal-reader key returning HTTP 402 (balance exhausted) with the anonymous free tier also 401. Auto-rotation/direct-fetch fallback succeeded in every observed case this run, so no coverage was lost, and the main-agent WILL-PUBLISH deep-read fell back to the url bridge transport (raw HTML → on-disk text extraction, kept out of main context). This is a standing operator action: the jina reader is the recovery path for anti-bot/WAF/JS-only hosts (and CISA/NCSC.ch-class fetches), so a depleted credit pool risks outright bridge-fetch failures on a future run — recommend replenishing/rotating the jina key.
Coverage gaps: cert-eu (feed stale, latest 2026-06-10, reachable); govcert-at / cert-at (RSS 404/stale, blog last 1 June — direct govcert.gv.at fetch confirmed nothing in-window); ncsc-uk (cookie-consent JS shell blocks WebFetch and the exhausted jina bridge — WebSearch cross-check found nothing new in-window); citizen-lab (empty archive listing — URL-path change suspected); sophos-news (301 redirect not re-followed, time budget); group-ib, kela-cyber, ibm-xforce, morphisec, resecurity, reliaquest, intel471, push-security, redcanary, dragos, nozomi-networks, sans-ics (S3 time budget — no in-window item confirmed or ruled out for the un-reached subset); inside-it.ch / netzwoche.ch (403/404 + exhausted jina fallback — WebSearch cross-check surfaced only pre-window CH items).
Essential-coverage: none missed — all essential-tier sources (NCSC-CH hub/focus/incidents, NCSC-NL, BSI WID, CERT-FR, CERT-EU, CERT-PL, CERT.at, ENISA/EUVD, CISA advisories/KEV/directives, NCSC-UK) were attempted this run.
← Operations dashboard · run-record contract: docs/pipeline.md