2026-W19-a5788b22
One pipeline fire, in full · weekly run of 2026-05-10 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-10/2026-W19-a5788b22.md.
Run telemetry
- Items returned
- 8
- Duration
- 7m 02s
- Tool calls
- 9 WebFetch22 WebSearch2 bridge
- Cited sources
- 15 of 23 in slice
- Items returned
- 8
- Duration
- 10m 48s
- Tool calls
- 16 WebFetch18 WebSearch3 bridge
- Cited sources
- 14 of 22 in slice
Verification
Deep dive
—
Entries published (this run)
- CVE-2026-0300 — Palo Alto PAN-OS Captive Portal unauthenticated root RCE; CL-STA-1132 active since 2026-04-09; no patch until 2026-05-13 synthesis high
- CVE-2026-6973 + CVE-2026-5787 — Ivanti EPMM on-prem pre-auth chain to admin RCE; 508 EU instances internet-exposed; named EU victims include the European Commission synthesis high
- CVE-2026-31431 "Copy Fail" + CVE-2026-43284 / CVE-2026-43500 "Dirty Frag" — Linux kernel LPE pair confirmed in complementary post-compromise campaigns synthesis high
- CVE-2026-42208 LiteLLM Proxy — pre-auth SQL injection exposing upstream LLM-provider API keys at the multi-tenant SaaS layer synthesis high
- CVE-2026-44128 et al. — SEPPmail Secure Email Gateway: six-CVE cluster on the Swiss public sector's dominant email-encryption appliance synthesis high
- Akira ransomware on Groupe 3R — 20 Swiss medical-imaging centres across seven cantons; second cyberattack on the same operator within twelve months synthesis high
- ShinyHunters / WorldLeaks — week-long cross-incident operator activity touching Inditex, Vimeo, ADT, and Instructure / Canvas synthesis notable
- Canvas / Instructure breach — five-day arc from first claim to seven Dutch universities executing emergency disconnects synthesis high
- CL-STA-1132 — PAN-OS CVE-2026-0300 exploitation cluster: disclosure-to-deadline-to-deadline-expiry inside the window synthesis notable
- cPanel / WHM — two emergency TSRs inside ten days: post-CVE-2026-41940 fleet now facing CVE-2026-29201/29202/29203 synthesis notable
- CVE-2026-26030 + CVE-2026-25592 — Microsoft Semantic Kernel Python and .NET SDKs: a class-of-bug for agentic-AI frameworks vulnerability notable
- CVE-2026-32202 — Windows Shell NTLM coercion; Akamai's PatchDiff-AI shows the residual zero-click path left by the CVE-2026-21510 patch vulnerability notable
- Healthcare (CH, NL) synthesis notable
- Education (NL, UK, DE) synthesis notable
- Public-sector administration and digital identity (FR, EU, FI, CH) synthesis notable
- Critical infrastructure water (PL) synthesis high
- Transport (NL/EU) synthesis notable
- Media and political (HU, DE) synthesis notable
- DigiCert support portal compromise — Salesforce-based support-chat social engineering yielded 60 fraudulent EV code-signing certificates incident notable
- Trellix source code repository breach — vendor confirmed, scope undisclosed, supply-chain integrity question open incident notable
- DAEMON Tools Lite supply-chain compromise — China-nexus QUIC RAT delivered via signed installers; ~12 selective government / scientific / manufacturing targets incident notable
- JDownloader official site compromised — Windows and Linux installers swapped for ~48 hours incident notable
- DENIC .de DNSSEC outage — 3.5 h registry-side trust failure traced to keytag 33834 collision and an alerting-layer fire-without-page incident notable
- German LG Berlin II ruling — Apobank liable for €218,000+ phishing loss; PSD2 IP-analytics obligation clarified incident notable
- Europol IOCTA 2026 annual-report notable
- Mandiant M-Trends 2026 annual-report notable
- Google Threat Intelligence Group — Europe data-leak landscape 2025 annual-report notable
- Dragos 2025 OT Cybersecurity Year in Review — Frontlines IR Edition annual-report notable
- Kaspersky Q1 2026 Exploits and Vulnerabilities Report annual-report notable
- ABW (Poland) 2025 Annual Report — APT28/APT29/UNC1151 tri-attribution on small-municipal water facilities annual-report notable
- CL-STA-1132 (PAN-OS CVE-2026-0300 exploitation cluster, likely state-sponsored) synthesis notable
- UAT-8302 (China-nexus, Talos; SE European government victims) synthesis notable
- ShinyHunters / WorldLeaks family (financial-data extortion, third-party-SaaS pivot) synthesis notable
- MuddyWater (Iran / MOIS) Chaos ransomware false-flag + Teams BEC synthesis notable
- APT28 / APT29 / UNC1151 (Polish water OT) synthesis notable
- Sandworm / GRU Unit 74455 — Bauman pipeline disclosure synthesis notable
- TeamPCP → PCPJack — cloud-worm successor evicting prior operator artefacts synthesis notable
- Akira ransomware — Swiss healthcare case confirmed; broader European playbook unchanged synthesis notable
- Qilin / Agenda RaaS — Die Linke confirms Q2 2026 German activity continuity synthesis notable
- The Gentlemen RaaS — Europe-skewed operation surged approximately 448% QoQ; 32% of Q1 2026 victims in Europe; FortiGate CVE-2024-55591 initial-access funnel synthesis notable
- Akira playbook quarterly context — Q1 2026 healthcare concentration; Qilin remains the dominant operator on German healthcare victims synthesis notable
- ENISA expands CVE Numbering Authority root — 4 new CNAs, 7 migrated from MITRE; ~90 European CNAs eligible for transfer policy notable
- CERT-FR CERTFR-2026-ACT-016 — agentic AI three-risk-class advisory; defender obligations explicit policy notable
- Polish NIS2 transposition + ABW recommendation to expand essential-entity coverage below headcount threshold policy notable
- German LG Berlin II — Apobank ruling sets PSD2 IP-analytics obligation as case law policy notable
- Europol shadow-IT — LIBE committee MEPs call for mandate-expansion pause; EDPS sanctioning toolkit identified as binary policy notable
- EU Cybersecurity Package 2026 — NIS2 amendment (COM(2026) 13) + Cybersecurity Act 2 enter EP preparatory phase; PQC obligation embedded policy notable
- Germany KRITIS-DachG in force — public administration first time in critical-infrastructure scope; registration deadline 17 July 2026 policy notable
- EDPB Coordinated Enforcement Framework 2026 — 25 DPAs target GDPR transparency obligations (Articles 12–14) policy notable
- NCSC Switzerland — formal BACS assessment on AI in vulnerability management; defenders warned against over-reliance on AI detection policy notable
- Poland NIS2 transposition in force 3 April 2026 — water-sector essential-entity status would now apply to the ABW-named facilities policy notable
- Looking ahead — 2026-W19 outlook notable
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
No source-list edits recorded for this run.
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
| Source (uncovered) | URL tried | Method chain | Status / class | What the agent did instead |
|---|---|---|---|---|
| cisa-kev covered via alternate · should NOT be in this list | https://www.cisa.gov/known-exploited-vulnerabilities-catalog | webfetch → bridge:cisa-kev | 403 transport-403 WebFetch returned HTTP 403 (transport-side; expected on this host) | bridge:cisa-kev confirmed catalog version 2026.05.08 unchanged; no new KEV entries 2026-05-09 / 10 |
| ncsc-ch-security-hub covered via alternate · should NOT be in this list | https://security-hub.ncsc.admin.ch/api/posts/12552/details | bridge:ncsc-csh.post | 403 transport-403 No post ID 12552+ exists — most recent confirmed post is 12551 (2026-05-08, SEPPmail) | post 12551 and earlier all in prior_coverage; NCSC-CH Im Fokus 2026-05-01 (AI in vulnerability management) fetched via webfetch directly |
| databreaches-net covered via alternate · should NOT be in this list | https://databreaches.net/ | webfetch → bridge:databreaches-net | 403 transport-403 Persistent 403 across direct and bridge UAs | secondary corroboration acceptable for in-window items |
| ico-uk covered via alternate · should NOT be in this list | https://ico.org.uk/action-weve-taken/ | webfetch → bridge:ico-uk | 200 spa-empty JS-rendered listing returns empty content | bridge subcommand returned the same SPA-empty body; no W19 enforcement decisions surfaced via WebSearch fallback |
| enisa-euvd covered via alternate · should NOT be in this list | https://euvd.enisa.europa.eu/ | webfetch → bridge:enisa-euvd | 200 spa-empty SPA — content empty to WebFetch (persistent gap) | bridge subcommand attempted; SPA-empty persistent; no new in-window exploited-vulnerability policy items beyond prior coverage |
| group-ib covered via alternate · should NOT be in this list | https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/ | webfetch | 403 transport-403 Group-IB blog 403 — host not on bridge allowlist | The Gentlemen content recovered via Check Point Research DFIR + BleepingComputer corroboration |
| autoriteitpersoonsgegevens-nl covered via alternate · should NOT be in this list | https://www.autoriteitpersoonsgegevens.nl/en | webfetch | 503 transport-5xx Dutch DPA returned HTTP 503; host not on bridge allowlist | Dutch DPA W19 activity surfaced via Computer Weekly / Techzine / DutchNews secondary reporting |
| coe-cybercrime | https://www.coe.int/en/web/cybercrime/octopus-conference-2026 | webfetch | 403 transport-403 Council of Europe Cybercrime portal 403; host not on bridge allowlist | no in-window CoE Cybercrime item required for the brief |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-W19-a5788b22 · weekly · Claude Opus 4.7 · 53 entries published
This is the first weekly summary in the series. briefs/weekly/ was empty at run start; window_days = 7 per default. Window: 2026-05-04 → 2026-05-10 (ISO week 2026-W19). Five daily briefs in window (2026-05-06 through 2026-05-10) were read in full; the gap between Monday 2026-05-04 and Wednesday 2026-05-06 reflects daily-routine start cadence rather than a coverage failure.
Items still flagged [SINGLE-SOURCE]-equivalent in this run:
- SEPPmail CVE cluster (CVE-2026-44128 et al.) — primary advisory is NCSC-CH post 12551 (national-CERT carve-out applies) plus SEPPmail vendor release notes; no third-party security-researcher write-up located in window. Logged in daily 2026-05-09 § 7 as
[SINGLE-SOURCE-NATIONAL-CERT carve-out + vendor]. - MuddyWater Chaos ransomware false-flag campaign — single source Deep Instinct (daily 2026-05-08). Included given confirmed Iran-nexus TTP and European targeting; treated with standard single-source caution.
- Amazon SES BEC technique — single source Kaspersky Securelist 2026-05-04 (daily 2026-05-08). Included as first coverage with age noted.
- xrdp CVE-2025-68670 — single source Kaspersky Securelist 2026-05-08 (daily 2026-05-09). Vendor (xrdp project) GitHub commit and release 0.10.5 confirm the patch but not the vulnerability analysis.
- Polish water OT named-facility list (Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, Sierakowo) — facility names appear only in the ABW 2025 Annual Report. The two-source requirement is met at the level of the core story (ABW annual report + SecurityAffairs coverage), but the specific facility names derive from a single document.
- CERT-FR CERTFR-2026-ACT-016 (agentic AI advisory) — single-source national-CERT carve-out applies.
- Bauman / GRU Department No. 4 investigation — six co-publishing outlets (The Insider, The Guardian, Le Monde, Der Spiegel, VSquare, Frontstory) constitute multi-source verification at the source-document level; the leaked-documents corpus itself is a single dataset, so cross-publisher reading of the same documents is the corroboration standard applied. Note: the specific APT28-to-2016-Bundestag and APT28-to-2017-Macron-campaign attributions surfaced in § 7 trace to the Guardian / Le Monde / Der Spiegel reporting; Meduza (the most accessible English mirror) corroborates the Sandworm / Unit 74455 / Kyivstar / NotPetya / Ukraine-power-grid attributions but does not itself name the Bundestag / Macron specifics. Readers verifying these latter two should consult the German / French primary outlets.
Items dropped from this week's roll-up that may resurface:
- CallPhantom Android subscription-fraud cluster (28 apps, 7.3 M downloads; ESET 2026-05-07; daily 2026-05-10 § 7) — dropped under PD-11 (less is more) as off-audience consumer-mobile fraud rather than enterprise / public-sector defender content. If a CH/EU regulator opens an enforcement action against the 28-app cluster, this resurfaces.
- TCLBANKER (Brazilian banking trojan) (Elastic Security Labs, daily 2026-05-07 / 2026-05-10) — Brazil-only geofenced targeting; no CH/EU defender takeaway materially different from generic "audit COM-driven Outlook automation".
- Cisco Unity Connection CVE-2026-20034 / 20035 (daily 2026-05-10) — patched; not on KEV; no in-the-wild exploitation reported; rarely internet-exposed. Did not clear weekly §3 inclusion gates.
- Laclinic-Montreux / Qilin dark-web aggregator listing (daily 2026-05-10) — no victim public statement, no independent corroboration; held under PD-6 (fake-news guard / leak-site claims require victim disclosure or HIGH-reliability journalism).
- Microsoft AiTM "Code of Conduct" phishing campaign (Microsoft Threat Intelligence, 2026-05-04; covered daily 2026-05-06) and Microsoft Edge cleartext passwords in process memory (SANS ISC Diary, 2026-05-04; covered daily 2026-05-06) — both
[SINGLE-SOURCE-OTHER]items from the start of the window; no material in-window development to surface them in the weekly. The Edge finding remains relevant to public-sector privileged-account hygiene but does not meet W-PD-1's three-question gate at the weekly level.
Contradictions / ambiguities flagged for the verifier's attention:
- Ivanti EPMM named-EU-victim attribution. The daily 2026-05-09 names European Commission, Dutch DPA, Netherlands Council for the Judiciary, and Finnish Valtori as confirmed victims of the May 2026 wave (CVE-2026-5787 / CVE-2026-6973), citing CERT-FR CERTFR-2026-AVI-0552 and NCSC-CH 12548 (daily 2026-05-09); W1 horizon research re-reading Help Net Security, 2026-05-08 concluded the four organisations were victims of the January 2026 chain (CVE-2026-1281 / CVE-2026-1340), not the May 2026 chain — Ivanti has disclosed only "a very limited number of customers" exploited via the May chain without naming specifics. The weekly carries the daily's attribution because the daily was source-verified at composition time, but flags this for verifier review with both sources noted; defenders' operational response — patch and rotate — is identical regardless of which chain caught which organisation, so the brief framing intentionally does not lock either way.
- Microsoft Semantic Kernel CVE-2026-25592 patched Python version. GitHub advisory GHSA-2ww3-72rp-wpp4 records 1.39.3 as the patched Python version; Microsoft research post and GHSA-xjw9-4gw8-4rqx (CVE-2026-26030) record 1.39.4. The brief recommends ≥ 1.39.4 as the single safe target since it supersedes 1.39.3 and closes both CVEs.
- Akira-as-actor attribution for Groupe 3R. Victim statement and Swiss-press reporting confirm the incident and 2026-04-30 attack date; the Akira-as-actor attribution comes from
ransomware.live(aggregator), not from the victim or an independent primary research lab. Logged with confidence HIGH on incident, MEDIUM on actor. - Ivanti EPMM exposure count. The "508 EU on-premises instances" figure originally surfaced via NCSC-NL scanning (daily 2026-05-09) and was reconfirmed by Shadowserver per BleepingComputer in the daily 2026-05-10 update with a global "~850" total. The two numbers are consistent (508 EU is the EU-specific count, ~850 is the global total).
Items included with reduced confidence:
- JDownloader Python-payload capability description. Primary developer-confirmed disclosure (PiunikaWeb, 2026-05-08) corroborated by CyberKendra, 2026-05-07; both are mid-tier publishers, and the more-specific Python-payload capability description has not been corroborated by a named research lab in this run. Supply-chain-compromise fact, time window, and forged-publisher signatures are developer- and multi-source-confirmed.
Sub-agent telemetry (Phase 2):
- W1 (Long-horizon ongoing developments + annual reports) — returned: Claude Sonnet 4.6 (
claude-sonnet-4-6); started_at=2026-05-10T22:07:45Z, ended_at=2026-05-10T22:14:47Z, duration_seconds=422; webfetch_calls=9, websearch_calls=22, bridge_fetches=2. Returned 8 items; net-new horizon items integrated: "The Gentlemen" RaaS + Q1 2026 ransomware quarterly synthesis (§§ 6/7); Akamai's PatchDiff-AI incomplete-patch analysis for CVE-2026-32202 (§ 3); German Akira healthcare victims (§ 7). W1 fetch_failures: group-ib (403, mitigated via secondary sources); thehackernews on SystemBC C2 (503, mitigated via BleepingComputer / CPR). - W2 (Strategic & policy horizon) — returned: Claude Sonnet 4.6 (
claude-sonnet-4-6); started_at=2026-05-10T22:08:24Z, ended_at=2026-05-10T22:19:12Z, duration_seconds=648; webfetch_calls=16, websearch_calls=18, bridge_fetches=3. Returned 8 items; net-new policy-horizon items integrated: LIBE MEPs call for Europol mandate-expansion pause (§ 8); EU Cybersecurity Package 2026 — NIS2 amendment COM(2026) 13 + Cybersecurity Act 2 with PQC Article 7(2)(k) (§ 8); Germany KRITIS-DachG in force with 17 July 2026 registration deadline (§ 8); EDPB 2026 CEF coordinated enforcement on GDPR Articles 12–14 transparency (§ 8); NCSC Switzerland 1 May 2026 AI-in-vulnerability-management BACS assessment (§ 8); Poland NIS2 transposition in force 3 April 2026 with water-sector essential-entity context (§ 8). W2 fetch_failures: autoriteitpersoonsgegevens.nl (503, no bridge available); coe-cybercrime (403, no bridge); bills-parliament-uk (403, mitigated via WebSearch); ncsc-ch-security-hub post-12552+ (no post exists — confirmed 12551 is most recent).
Sub-agent self-identification: both W1 and W2 self-identified as Claude Sonnet 4.6 (canonical id claude-sonnet-4-6) — model id and friendly name are aligned, no drift. The 2026-05-10 daily noted four sub-agents self-identifying as Claude Sonnet 4.5 with id claude-sonnet-4-6 (drift); W1/W2 correct self-identification on this run is an improvement to record in state/run_log.json.
Verification iterations: 5 iterations, final verdict CLEAN. Phase 4.7 ran the cti-verification sub-agent loop with model rotation: iter 1 Opus (NEEDS_FIXES, truth 17 / editorial 6 / advisory 3), iter 2 Sonnet (NEEDS_FIXES, truth 7 / editorial 5 / advisory 2), iter 3 Opus (NEEDS_FIXES, truth 10 / editorial 1 / advisory 3), iter 4 Sonnet (NEEDS_FIXES, truth 2 / editorial 1 / advisory 2), iter 5 Opus (CLEAN, 0 / 0 / 0). The verifier-loop telemetry block in state/run_log.json.verification.iterations[] records per-iteration model, timestamps, and finding counts.
Coverage gaps: cisa-kev (no new KEV entries 2026-05-09 / 10, bridge-fetched cleanly); ncsc-ch-security-hub (most recent post 12551, 2026-05-08, no new posts in window; bridge mandated); ico-uk (JS SPA — persistent, no W19 enforcement decisions surfaced); databreaches-net (403 across UAs — persistent); csirt-acn-it (403 persistent, bridge allowlisted but no W19 item surfaced); ccn-cert-es (geo-blocked 451/403 — no W19 item; Inditex/AEPD enforcement not yet a formal decision); inside-it-ch (403 direct, bridge needed); prodaft (403 persistent); nccgroup (403 persistent); enisa-euvd (SPA — content empty to WebFetch); advisories-ncsc-nl (CSAF SPA — listing returns no advisory data); cisco-psirt-publication-listing (Angular SPA — individual advisory URLs work directly); cert.ssi.gouv.fr (RSS works, individual advisory detail pages need bridge); bleepingcomputer article-page (403 on direct WebFetch — discovery via listing OK); group-ib (403 persistent — secondary corroboration acceptable); thehackernews (intermittent 503 on individual articles, secondary corroboration acceptable); autoriteitpersoonsgegevens.nl (503 — no bridge allowlist); coe-cybercrime (403 — no bridge); bills.parliament.uk (403 — WebSearch fallback); cnil-fr / finma / govcert-ch / govcert-at / cert-at (quiet window, no W19 policy items surfaced); edpb (W19 plenary 11 May not yet produced decisions — returns next week).
Migrated from briefs/weekly/2026-W19.md (v2).
← Operations dashboard · day page 2026-05-10 · run-record contract: docs/pipeline.md