ctipilot.ch

2026-07-18T0409Z-intel

One pipeline fire, in full · intel run of 2026-07-18 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-07-18/2026-07-18T0409Z-intel.md.

Run telemetry

2026-07-18T0409Z-intel intel prompt v3.24 publish ok
1h 39m duration 6 published 1 updates
Claude Opus 4.8 (claude-opus-4-8) main agent
S1 Claude Sonnet 5 (claude-sonnet-5)
Items returned
1
Duration
9m 42s
Tool calls
8 WebFetch4 WebSearch20 bridge
Cited sources
0 of 12 in slice
S2 Claude Sonnet 5 (claude-sonnet-5)
Items returned
2
Duration
15m 50s
Tool calls
24 WebFetch20 WebSearch12 bridge
Cited sources
1 of 19 in slice
S3 Claude Sonnet 5 (claude-sonnet-5)
Items returned
4
Duration
12m 25s
Tool calls
30 WebFetch11 WebSearch3 bridge
Cited sources
3 of 22 in slice
S4 Claude Sonnet 5 (claude-sonnet-5)
Items returned
4
Duration
14m 40s
Tool calls
16 WebFetch16 WebSearch9 bridge
Cited sources
1 of 8 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.8 · t=2 e=0 a=1 #2 NEEDS_FIXES · Sonnet 5 · t=3 e=2 a=1 #3 NEEDS_FIXES · Claude Opus 4.8 · t=1 e=0 a=0 #4 NEEDS_FIXES · Sonnet 5 · t=5 e=1 a=0 #5 NEEDS_FIXES · Claude Opus 4.8 · t=2 e=0 a=0

Deep dive

2026-07-18/sonicwall-sma1000-uta0533-exploitation-kill-chain

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

28 last_successful_fetch.

SourceChangeFrom → ToReason
unit42last_successful_fetch2026-07-16 → 2026-07-18fetched + used (Siemens RUGGEDCOM ROX II chain)
volexitylast_successful_fetch2026-07-13 → 2026-07-18fetched + used (SonicWall SMA 1000 UTA0533)
heise-seclast_successful_fetch2026-07-13 → 2026-07-18fetched + used (VMware Avi Load Balancer discovery)
bleepingcomputerlast_successful_fetch2026-07-17 → 2026-07-18fetched + used (Abbott corroboration)
elastic-seclabslast_successful_fetch2026-07-16 → 2026-07-18fetched + used (Contagious Interview OTTERCOOKIE)
advisories-ncsc-nllast_successful_fetch2026-07-17 → 2026-07-18fetched (in-window CERT sweep)
ncsc-ch-security-hublast_successful_fetch2026-07-17 → 2026-07-18fetched (CH national-CERT sweep)
cisa-kevlast_successful_fetch2026-07-17 → 2026-07-18fetched (KEV verification)
cisa-advisorieslast_successful_fetch2026-07-17 → 2026-07-18fetched (advisory sweep)
cisa-directiveslast_successful_fetch2026-07-13 → 2026-07-18fetched via jina fallback (no in-window directive)
bsi-delast_successful_fetch2026-07-14 → 2026-07-18fetched (WID advisory sweep)
anssi-frlast_successful_fetch2026-07-14 → 2026-07-18fetched (CERT-FR sweep)
cert-eulast_successful_fetch2026-07-14 → 2026-07-18fetched (reachable, feed stale to 2026-06-10)
cert-pllast_successful_fetch2026-07-14 → 2026-07-18fetched (news sweep)
ncsc-ch-focuslast_successful_fetch2026-07-14 → 2026-07-18fetched (CH Im Fokus)
ncsc-ch-incidentslast_successful_fetch2026-07-14 → 2026-07-18fetched (CH Aktuelle Vorfaelle)
enisalast_successful_fetch2026-07-13 → 2026-07-18fetched (news sweep)
enisa-euvdlast_successful_fetch2026-07-14 → 2026-07-18fetched (EUVD CVE checks)
cert-atlast_successful_fetch2026-07-14 → 2026-07-18fetched via govcert.gv.at (no in-window item)
ncsc-uklast_successful_fetch2026-07-13 → 2026-07-18fetched (reports/advisories sweep)
cisa-newslast_successful_fetch2026-07-12 → 2026-07-18fetched (news sweep)
cisco-psirtlast_successful_fetch2026-07-12 → 2026-07-18fetched (PSIRT RSS)
cnil-frlast_successful_fetch2026-07-13 → 2026-07-18fetched (Drupal listing, no in-window enforcement)
edpblast_successful_fetch2026-07-12 → 2026-07-18fetched (one policy item, dropped as non-actionable)
databreaches-netlast_successful_fetch2026-07-17 → 2026-07-18fetched (RSS clean, no qualifying in-window item)
sec-disclosures-edgarlast_successful_fetch2026-07-13 → 2026-07-18fetched (Item 1.05 + 8.01 sweep; Coca-Cola/Fairlife 8.01 found via news pivot)
ico-uklast_successful_fetch2026-07-13 → 2026-07-18fetched (enforcement sitemap, none in-window)
ransomware-livelast_successful_fetch2026-07-13 → 2026-07-18fetched (leak-site claims sweep)

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

No coverage gaps in this run · every source the brief needed returned usable content via its documented recipe.

Bridge invocations (this run)

4 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).

4 ok
  • cisa-kev ×1
  • ncsc-csh recent ×1
  • cisa csaf-recent / cisa page ×1
  • cisa page (jina fallback) ×1

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 3 findings (truth=2, editorial=0, advisory=1) · Claude Opus 4.8 · 8m 21s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
Body said the vishing was 'a call to a help-desk operator'; the cited BleepingComputer article says only 'a vishing attack targeting several Abbott employees' and does not specify a help-desk role.Changed the body to 'a vishing (voice-phishing) attack targeting several Abbott employees', matching the cited source. (The Triage line's help-desk-assisted-MFA
F4
hallucinated-fact
Summary said 'network-adjacent attacker'; Broadcom scores CVE-2026-47865 AV:N (fully network/remote), so '-adjacent' understated reachability.Changed to 'unauthenticated remote attacker'.
F11
editorial-advisory
Advisory (non-blocking): classification reliability was A while the lead source is Unit 42 (Admiralty B), inconsistent with the structurally identical SonicWall entry rated B.Changed Siemens classification reliability A → B for consistency; credibility 1 retained (Unit 42 + Siemens ProductCERT corroborate).

Iteration #2 NEEDS_FIXES · 5 findings (truth=3, editorial=2, advisory=1) · Claude Sonnet 5 · 9m 18s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
evidence[] quote read 'The trojanized repositories...' where Elastic's text is 'These trojanized repositories...' — a one-word substitution breaking the verbatim-substring rule.Restored the exact Elastic wording 'These trojanized repositories at the time of writing have zero detections and are not flagged by any AV vendors' in the evid
F4
hallucinated-fact
Run-record notes header read 'Published (7 = 6 new + 1 update)', contradicting entries_published: 6 and the 6-item list beneath it (5 net-new + 1 update = 6).Corrected the header to 'Published (6 = 5 new + 1 update)'.
F5
missing-citation
The credential-access/lateral-movement paragraph carried no inline citation and the 'reaching domain controllers' clause traced to Rapid7, not the entry's lead source Volexity.Attributed the internal-network pivot to Rapid7 (verbatim quote, inline-cited), and the LDAP capture to Volexity; removed the flat 'reaching domain controllers'
F9
surface-contradiction
Volexity's own conclusion — 'the threat actor was less successful moving laterally or gaining access to other systems' — was not surfaced against the entry's 'appliance-to-domain' framing; the two IR Retitled 'appliance-to-domain' → 'appliance-to-network', and added Volexity's less-successful-lateral-movement conclusion (verbatim, inline-cited) to surface th
F8
needs-more-research
Advisory: 'the operator uploads a script' was ambiguous where Unit 42 attributes the upload to 'the attacker'.Changed 'the operator uploads' to 'the attacker uploads', matching Unit 42.

Iteration #3 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Opus 4.8 · 7m 25s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
The ShadowByt3$/LabCentral-portal detail (publicly available reference documentation only) was inline-cited to MedTech Dive, which does not carry it; it is supported verbatim by BleepingComputer, alreRe-pointed the LabCentral clause to BleepingComputer with BleepingComputer's own wording ('houses publicly available technical product reference documents and d

Iteration #4 NEEDS_FIXES · 6 findings (truth=5, editorial=1, advisory=0) · Claude Sonnet 5 · 9m 36s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
cves[] carried only 4 of the 7 VMSA-2026-0005 CVEs while the body names all seven — CVE-2026-47866/-47869/-47870 lacked structured records (docs/pipeline.md one-record-per-CVE).Added structured cves[] records for CVE-2026-47866 (authz bypass, 8.3, post-auth), CVE-2026-47869 (RCE, 8.7, admin-required), CVE-2026-47870 (priv-esc, 7.1, pos
F4
hallucinated-fact
tags carried 'espionage' but no cited source characterizes UTA0533's motive (the run record's own note states UTA0533 carries no nexus).Removed the 'espionage' tag.
F4
hallucinated-fact
tags carried 'ai-abuse' but Elastic only mentions AI as folders the file-stealer avoids, not actor abuse of AI.Removed the 'ai-abuse' tag.
F4
hallucinated-fact
The Siemens SSA-081142 evidence quote dropped 'on the underlying operating system' and added a period not in the source — not a contiguous verbatim substring.Extended the quote to the full verbatim sentence '...execute arbitrary commands with root privileges on the underlying operating system.' (confirmed by fetching
F4
hallucinated-fact
event_date used the underlying attack date (2026-07-06); docs/pipeline.md defines event_date as the primary-source publication date.Changed event_date to 2026-07-17 (the Campeão das Províncias primary publication date); the 6 July attack date remains stated in the body.
F17
?
classification.reliability was B; the primary source is Abbott's own first-party statement about its own incident (Admiralty A, per store precedent). credibility 3 correct.Changed reliability B → A; credibility 3 retained (the actor's scope/method remains an uncorroborated claim).

Iteration #5 NEEDS_FIXES cap-breach · 2 findings (truth=2, editorial=0, advisory=0) · Claude Opus 4.8 · 7m 04s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
CVE-2026-47865's cves[] affected field listed 32.1.1, but the Broadcom Response Matrix shows 32.1.1 is affected only by the six companion CVEs, not the 9.8 auth bypass.Removed 32.1.1 from CVE-2026-47865's affected string (now 22.1.1–22.1.7, 30.1.1–30.2.6, 31.1.1–31.2.2); the other six records keep 32.1.1. The summary's overall
F4
hallucinated-fact
The evidence[] Rapid7 quote capitalized 'The threat actors...' where the source reads mid-sentence lowercase 'the threat actors...' ('With these harvested resources, the threat actors quickly shifted.Corrected the evidence[] record to the lowercase contiguous substring 'the threat actors quickly shifted to lateral movement...'; the body quote already used th

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-07-18T0409Z-intel · Claude Opus 4.8 · window 26 h · 6 entries published

Verification & coverage notes

Verification. Five iterations (Opus/Sonnet/Opus/Sonnet/Opus rotation), every verdict NEEDS_FIXES but each finding minor and remediated — a benign whack-a-mole where each cold read on the alternate model surfaced a distinct low-severity defect the others missed: iter1 (Opus) — Abbott "help-desk operator" over-specification (F4) + VMware "network-adjacent" understatement (F4) + Siemens reliability A→B (F11); iter2 (Sonnet) — Contagious Interview evidence-quote word substitution (F4) + run-record arithmetic (F4) + SonicWall lateral-movement citation/Volexity-divergence (F5/F9) + Siemens "operator"→"attacker" (F8); iter3 (Opus) — Abbott LabCentral citation re-point MedTech Dive→BleepingComputer (F3); iter4 (Sonnet) — 3 missing VMware CVE records (F4) + unsupported espionage/ai-abuse tags (F4×2) + Siemens SSA quote truncation (F4) + Metro Mondego event_date→publication-date (F4) + Abbott reliability B→A (F17); iter5 (Opus) — VMware 47865 affected-version overreach (F4) + SonicWall Rapid7 evidence-quote capitalization (F4). All remediated. Published fail-open at the 5-iteration cap (Phase 5.7 decision rule 6): the final iteration returned NEEDS_FIXES with two residual truth findings, both remediated before commit — no broken URL (F1) and no unremediated hallucinated fact (F4) survived, and verification_residual_count records the final iteration's truth+editorial count of 2 per the contract. entries_dropped_by_verification: 0.

Window. Standard 26 h window (gap 24 h since the previous run 2026-07-17T0409Z-intel, publish_status ok). No scheduler outage; no closed-source intel drops (no S5). All four research sub-agents returned within cap (longest S2 at 950 s). Total run ~100 min (research+compose ~37 min; the five-iteration verifier loop added ~60 min) — well inside the ~3 h watchdog budget.

Published (6 = 5 new + 1 update).

  • vmware-avi-load-balancer-cve-2026-47865-auth-bypass (vuln, high) — VMSA-2026-0005: unauthenticated Avi Controller control-plane auth bypass (CVE-2026-47865, CVSS 9.8) + six companions; no workaround; reported by NATO NCSC. No confirmed exploitation — included on the pre-auth severity + no-workaround + NATO-provenance combination (out-of-band patch warranted), not a KEV/exploitation trigger.
  • siemens-ruggedcom-rox-ii-unit42-three-cve-chain (vuln, notable) — Unit 42's in-window (2026-07-17) full chain analysis of three RUGGEDCOM ROX II OT-switch flaws (CVE-2025-40948/-40947/-40949) to persistent root; Siemens patched V2.17.1 (SSA advisories dated 2026-05-12, so the CVEs/patch predate the window — the in-window development is the Unit 42 technical analysis, carried under PD-11(d) substantive primary technical analysis + OT/CI nexus).
  • sonicwall-sma1000-uta0533-exploitation-kill-chain (threat, high, deep-dive firewall-vpn-rce, update_of 2026-07-14) — Volexity attributes the actively-exploited SonicWall SMA 1000 zero-days to UTA0533 and reconstructs the full SSRF→root→implant→LDAP-theft→lateral-movement chain. Deep dive cleared criterion 1 (active ITW exploitation + non-trivial constituency exposure of remote-access gateways); deep_dives_today was 0. The delta over the 2026-07-14 vuln entry is the actor, the kill chain, and the assume-compromise/re-image guidance.
  • contagious-interview-ottercookie-svg-steganography (research, notable) — Elastic's new DPRK Contagious Interview instance hiding an OTTERCOOKIE-aligned payload in SVG-comment steganography; single-source (Elastic own-incident), carried at confidence medium.
  • abbott-exact-sciences-shinyhunters-entra-sso-vishing (incident, notable) — Abbott confirms a Cancer Diagnostics (Exact Sciences) incident; ShinyHunters claims vishing→Entra SSO→multi-SaaS export and 30M+ records (unverified). Included on healthcare additional-sector + same-actor (ShinyHunters/UNC6240) transferable-TTP nexus, framed around the method not the victim; actor's scope claim explicitly separated from Abbott's confirmation (credibility 3).
  • metro-mondego-thegentlemen-ransomware-portugal-transit (incident, notable) — clean EU + transport-sector item: Portuguese light-rail operator confirms a 6 July ransomware attack on internal systems (transport operation unaffected), notified CNCS/CNPD; TheGentlemen claimed. Victim-own-disclosure carve-out; transferable IT/OT-segmentation and notification-playbook lesson.

Dropped — duplicate coverage (dedup):

  • FortiSandbox CVE-2026-25089/-39808 KEV addition (S1) — the CVEs and campaign:fortisandbox-triple-active-exploitation are already covered; the 2026-07-16 KEV listing is the only delta and a KEV listing never opens an update entry (exploitation already confirmed and published ~2026-06-17). CVE-2026-39813 (probed, not KEV) and the separate FortiSandbox VNC exposure are noted below.

borderline-drop: FortiSandbox VNC exposure CVE-2026-59835 (NCSC-NL / Fortinet FG-IR-26-145) — CVSS 7.7 information-exposure (CWE-668) with no exploitation, no PoC, and requiring the scanning-VM VLAN to be reachable; a routine-patch-cycle item that does not clear the beyond-the-patch-cycle vulnerability bar. No FortiSandbox entry published this run to fold it into.

borderline-drop: n8n CVE-2026-59208 cross-issuer JWT identity-binding flaw (SOCRadar / n8n GHSA / The Hacker News) — narrow preconditions (Enterprise token-exchange feature with 2+ trusted issuers), no exploitation, no public PoC; the AI-pentest-agent (Strix) discovery angle is a research curiosity, not itself actionable intelligence for this constituency.

borderline-drop: Ernst & Young third-party ITSM support-ticket breach (BleepingComputer / CyberInsider) — out-of-nexus: no confirmed CH/EU victim data, no disclosed initial-access vector, no actor, no novel TTP; the ITSM-attachments-as-shadow-repository lesson is real but generic. Does not clear the strict out-of-nexus breach gate (global-significance alone, with no TTP/actor leg).

borderline-drop: Coca-Cola/Fairlife ransomware US production halt (SEC 8-K Item 8.01 / BleepingComputer) — out-of-nexus: food-and-beverage manufacturing (not a configured sector), US-only impact, no actor/vector/OT detail disclosed, filed under Item 8.01 (Coca-Cola has not deemed it material). The IT/OT-convergence production-halt lesson is well-worn (JBS/Colonial lineage). Worth a status-check if an Item 1.05 amendment or actor claim lands.

Out-of-window / recency notes.

  • Siemens RUGGEDCOM ROX II CVEs and the V2.17.1 patch were published by Siemens 2026-05-12 (outside the 26 h window); the entry survives on Unit 42's in-window full-chain technical analysis (2026-07-17), with event_date: 2026-07-17 and the May patch dates stated in the body so freshness is not misrepresented.
  • Metro Mondego attack occurred 2026-07-06 (outside the window); the in-window trigger is the operator's 2026-07-17 public disclosure. event_date: 2026-07-06.
  • Germany KRITIS-Dachgesetz registration deadline (17 July 2026) investigated by S2 but dropped — all corroborating coverage predates the window (31 May–8 July); re-enters on fresh in-window reporting or the weekly.

Single-source / carve-outs. Contagious Interview (Elastic) is single-source — a high-reliability lab reporting its own incident (its community Slack was targeted); confidence medium, sourcing_note states so. VMware Avi (Broadcom PSIRT + heise), Siemens ROX II (Unit 42 + Siemens ProductCERT), SonicWall (Volexity + Rapid7 + SonicWall PSIRT), Abbott (Abbott statement + BleepingComputer + MedTech Dive) and Metro Mondego (victim statement via Campeão + TugaTech) are multi-source. Abbott's actor/method/scope are the extortion actor's own unverified claim, held separate from Abbott's confirmation (credibility 3).

Attribution discipline. UTA0533 carries no geopolitical nexus (Volexity gives none). Contagious Interview / OTTERCOOKIE carry north-korea-nexus per Elastic's DPRK-aligned assessment. Abbott's ShinyHunters attribution is the actor's own leak-site claim, not Abbott's; the entry attributes the vishing/Entra/SaaS/record-count claims to ShinyHunters via BleepingComputer.

Deep dive: SonicWall SMA 1000 (UTA0533). Cleared criterion 1 (active in-the-wild exploitation + non-trivial constituency exposure — internet-facing remote-access gateways across EU public-sector/enterprise). Category firewall-vpn-rce; the last firewall-vpn-rce deep dive was 2026-07-10 (CitrixBleed 2), 8 days prior, outside the 7-day demotion window; criterion-1 items override demotion regardless. Only deep dive this run (deep_dives_today was 0).

Watchlist: not applicable — no product or supplier watchlist configured for this deployment (S1 products checked=0, S4 suppliers checked=0).

Operational note — jina reader credit exhausted. Both S1 and S4 (and the main-agent Phase 4 deep-read) reported the jina universal-reader key returning HTTP 402 (balance exhausted) with the anonymous free tier also 401. Auto-rotation/direct-fetch fallback succeeded in every observed case this run, so no coverage was lost, and the main-agent WILL-PUBLISH deep-read fell back to the url bridge transport (raw HTML → on-disk text extraction, kept out of main context). This is a standing operator action: the jina reader is the recovery path for anti-bot/WAF/JS-only hosts (and CISA/NCSC.ch-class fetches), so a depleted credit pool risks outright bridge-fetch failures on a future run — recommend replenishing/rotating the jina key.

Coverage gaps: cert-eu (feed stale, latest 2026-06-10, reachable); govcert-at / cert-at (RSS 404/stale, blog last 1 June — direct govcert.gv.at fetch confirmed nothing in-window); ncsc-uk (cookie-consent JS shell blocks WebFetch and the exhausted jina bridge — WebSearch cross-check found nothing new in-window); citizen-lab (empty archive listing — URL-path change suspected); sophos-news (301 redirect not re-followed, time budget); group-ib, kela-cyber, ibm-xforce, morphisec, resecurity, reliaquest, intel471, push-security, redcanary, dragos, nozomi-networks, sans-ics (S3 time budget — no in-window item confirmed or ruled out for the un-reached subset); inside-it.ch / netzwoche.ch (403/404 + exhausted jina fallback — WebSearch cross-check surfaced only pre-window CH items).

Essential-coverage: none missed — all essential-tier sources (NCSC-CH hub/focus/incidents, NCSC-NL, BSI WID, CERT-FR, CERT-EU, CERT-PL, CERT.at, ENISA/EUVD, CISA advisories/KEV/directives, NCSC-UK) were attempted this run.

← Operations dashboard · run-record contract: docs/pipeline.md