2026-W20-71c96b25
One pipeline fire, in full · weekly run of 2026-05-17 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-17/2026-W20-71c96b25.md.
Run telemetry
- Items returned
- 11
- Duration
- 11m 33s
- Tool calls
- 14 WebFetch18 WebSearch2 bridge
- Cited sources
- 15 of 20 in slice
- Items returned
- 8
- Duration
- 5m 27s
- Tool calls
- 18 WebFetch14 WebSearch12 bridge
- Cited sources
- 12 of 17 in slice
Verification
Deep dive
—
Entries published (this run)
- Microsoft Exchange CVE-2026-42897 — actively-exploited OWA stored-XSS, no permanent patch, Pwn2Own three-bug chain compounds the picture synthesis high
- Cisco Catalyst SD-WAN CVE-2026-20182 — UAT-8616 active, CISA Emergency Directive ED-26-03, 10+ companion-CVE clusters synthesis high
- PAN-OS CVE-2026-0300 — wave 2 confirmed delayed to 2026-05-28; eight build streams remain on mitigation-only for a further 11 days synthesis high
- Windows BitLocker "YellowKey" + CTFMON "GreenPlasma" — public PoC, no patch, TPM-only BitLocker bypassed synthesis high
- Dirty Frag (CVE-2026-43284 xfrm-ESP + CVE-2026-43500 RxRPC) — Microsoft confirmed ITW, RxRPC distro patches still propagating synthesis high
- TeamPCP / Mini Shai-Hulud npm supply-chain worm — wave 4 + framework source leak synthesis high
- Canvas / Instructure extortion — ransom paid, US House investigation, second-intrusion vulnerability re-exploited synthesis notable
- Microsoft Exchange CVE-2026-42897 OWA-XSS — same-week compounding with the DEVCORE Pwn2Own chain synthesis notable
- PAN-OS CVE-2026-0300 — staged-patch arc spanning W19 and W20 synthesis notable
- CVE-2026-44277 / CVE-2026-26083 — Fortinet FortiAuthenticator and FortiSandbox unauthenticated RCE vulnerability notable
- CVE-2026-34263 — SAP Commerce Cloud pre-auth RCE; CVE-2026-34260 — SAP S/4HANA Enterprise Search SQL injection vulnerability notable
- CVE-2026-44088 — CERT-PL SzafirHost JAR zip-polyglot bypass in Poland's qualified e-signature browser helper vulnerability notable
- CVE-2026-6722 — PHP SOAP UAF in SOAP_GLOBAL(ref_map) (with companions CVE-2026-7261 / CVE-2026-7262) vulnerability notable
- Windows BitLocker "YellowKey" and CTFMON "GreenPlasma" — public PoC, no patch vulnerability notable
- CVE-2026-46300 — Linux kernel xfrm ESP-in-TCP LPE ("Fragnesia"), PoC public vulnerability notable
- Healthcare synthesis high
- Public administration and government synthesis notable
- Manufacturing synthesis notable
- Hospitality synthesis notable
- AI tooling SaaS and developer toolchain synthesis notable
- WordPress retail / e-commerce synthesis notable
- Foxconn — Nitrogen ransomware confirmed against North-American manufacturing sites incident notable
- BWH Hotels — 181-day unauthorised access to guest-reservation web application incident notable
- Clinical Diagnostics / NMDL — Dutch IGJ formal NEN 7510 non-conformity ruling incident notable
- West Pharmaceutical Services — SEC Form 8-K Item 1.05 incident notable
- Škoda Auto Deutschland — online-shop breach exposes customer PII and password hashes incident notable
- South Staffordshire Water — ICO £963,900 fine incident notable
- node-ipc npm package — backdoored via expired-domain account takeover incident notable
- BKA Dream Market arrest — "Speedstepper" detained in Germany after seven years at large incident notable
- Sophos 2026 State of Identity Security — 71% of orgs breached via identity, 41% root-caused to non-human-identity mismanagement, Switzerland records highest incidence annual-report notable
- Verizon DBIR 2026 (19th annual edition) annual-report notable
- Check Point April 2026 ransomware analysis — Qilin leads at 15%, Germany at 5% of global victims annual-report notable
- Datadog Security Labs — Shai-Hulud framework static analysis annual-report notable
- SentinelOne — Living Off the Pipeline: CI/CD subversion taxonomy annual-report notable
- GTIG AI Threat Tracker (May 2026) — first AI-generated zero-day exploit ITW annual-report notable
- FrostyNeighbor / Ghostwriter (UNC1151) — ESET analysis corroborated, Poland / Lithuania / Ukraine in EU scope synthesis notable
- TeamPCP / Mini Shai-Hulud (ShinyHunters / WorldLeaks adjacent) — wave 4 + framework leak + IDE persistence synthesis notable
- "The Gentlemen" RaaS — operations continue post-leak, decryptor published, FortiOS / Erlang SSH initial access CVEs confirmed synthesis notable
- Qilin / Agenda RaaS — April 2026 lead at 15% of global ransomware activity, Germany 5% of global victims synthesis notable
- Canvas / Instructure — ShinyHunters / WorldLeaks ransom-paid, US House investigation synthesis notable
- SEPPmail CVE-2026-44128 — CIRCL advisory confirms CVSS 9.3 unauthenticated Perl-eval RCE; no third-party PoC in window synthesis notable
- EU Digital Omnibus political agreement — AI Act high-risk Annex III compliance deadline extended to 2 December 2027 policy high
- EU CRA milestones — 11 June 2026 CAB notification, 11 September 2026 Article 14 reporting obligations policy notable
- DORA first oversight cycle — 19 designated CTPPs under Joint Examination Team activity policy notable
- EDPB Coordinated Enforcement Framework 2026 — 25 DPAs investigating GDPR Articles 12–14 transparency policy notable
- KRITIS-DachG — German registration deadline 17 July 2026 is now 61 days out policy notable
- ENISA CVE Numbering Authority Root — 4 new CNAs onboarded, identities undisclosed; 7 existing CNAs migrated from MITRE Root policy notable
- CISA Emergency Directive ED-26-03 — Cisco Catalyst SD-WAN policy notable
- BKA — Dream Market lead administrator "Speedstepper" arrested in Germany policy notable
- NIS2 transposition — status update; no Court of Justice referral announced this week policy notable
- Looking ahead — 2026-W20 outlook notable
Sources changed (this run)
Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.
No source-list edits recorded for this run.
Coverage gaps (this run)
Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)
No coverage gaps in this run · every source the brief needed returned usable content via its documented recipe.
Bridge invocations (this run)
2 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).
- bridge:cisa-kev ×1
- bridge:ncsc-ch-security-hub ×1
Verification findings · all iterations
Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.
Iteration #3 NEEDS_FIXES · 4 findings (truth=2, editorial=1, advisory=1) · Claude Sonnet 4.6 · 7m 10s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F3 claim-not-supported | long-running-campaigns | Secret Blizzard / Turla — The Record citation removed (iter-2 remediation not ap | Cited Dec-2024 article does not cover 2026 Kazuar botnet | — |
| F4 hallucinated-fact | sector-patterns | Sophos 'federal government' CH-sector claim still present | Source does not mention federal government for CH | — |
| F5 missing-citation | policy-regulatory-horizon | NIS2 '21 of 27' transposition count unsupported by cited EC page (last updated J | — | |
| F11 editorial-advisory | sector-patterns | Manufacturing weak cross-reference to W19 AI-tooling theme | — |
Iteration #4 NEEDS_FIXES · 4 findings (truth=3, editorial=0, advisory=1) · Claude Sonnet 4.6 · 6m 02s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F14 quantifier-without-source | policy-regulatory-horizon | NIS2 H3 heading '21 / 27' still present (iter-3 only fixed body) | — | |
| F14 quantifier-without-source | multi-day-campaigns | '172 packages / 403 versions' not directly stated in cited Wiz/Datadog sources | — | |
| F3 claim-not-supported | multi-day-campaigns | Seven Dutch universities named without source — NL Times not in footer | — | |
| F11 editorial-advisory | multi-day-campaigns | TL;DR/H3 '10+' vs body 'approximately 10' Cisco SD-WAN inconsistency (advisory o | — |
Iteration #5 NEEDS_FIXES cap-breach · 3 findings (truth=0, editorial=1, advisory=2) · Claude Opus 4.7 · 2m 50s
| F-code | Section | Item · URL/quote | Verifier summary | Remediation · outcome |
|---|---|---|---|---|
| F12 single-source-batch-advisory | annual-reports | F12 single-source-heading-marker drift on vendor-research items (Verizon DBIR, C | — | |
| F11 editorial-advisory | verification-notes | § 10 line on TeamPCP wave-4 count: was '172/403', updated to 'qualified per dail | — | |
| F11 editorial-advisory | verification-notes | § 10 verification-iterations narrative: was iter-1+iter-2 only; updated to full | — |
Verification & coverage notes
The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.
Verification & coverage notesrun record body
2026-W20-71c96b25 · weekly · Claude Opus 4.7 · 52 entries published
Coverage window: 2026-05-10 → 2026-05-17 (8 days, one calendar day overlap with the 2026-W19 weekly's coverage end on 2026-05-10). Previous weekly: briefs/weekly/2026-W19.md. gap_days = 7, window_days = max(7, gap_days + 1) = 8. Eight daily briefs were read in window (2026-05-10 through 2026-05-17). Standard week — no disclosure required, noted here for transparency.
Items still flagged [SINGLE-SOURCE]-equivalent in this run:
- GTIG UNC6671 "BlackFile" vishing → AiTM → rogue-MFA → programmatic SharePoint exfiltration — single source GTIG (daily 2026-05-16). Included given the operationally distinctive TTP set and the DLS-shutdown / probable-rebrand signal; treated with standard single-source caution.
- Unit 42 Gremlin Stealer evolved with .NET-resource XOR obfuscation, real-time crypto-clipper, WebSocket browser-process session-hijack — single source Unit 42 (daily 2026-05-16). Defender takeaway focuses on the WebSocket browser-process session-hijack class, which is more broadly attributable than the specific stealer.
- SentinelOne Living Off the Pipeline CI/CD subversion taxonomy — single source SentinelOne (daily 2026-05-16). Included as a synthesis reference rather than a campaign attribution; the three-case taxonomy is corroborated indirectly by the W20 Mini Shai-Hulud chain (§ 2).
- Sophos 2026 State of Identity Security — Switzerland highest identity-breach incidence finding — single source Sophos survey (daily 2026-05-15). The 17-country survey methodology is documented; Switzerland's specific ranking is a single-survey output and should not be over-weighted relative to longitudinal data.
- CVE-2026-45793 PHP Composer GitHub Actions CI token disclosure — single source (daily 2026-05-15). Patched in Composer 2.8.10; the disclosure mechanism (error-message leakage) is technically corroborated by the Composer GHSA but the broader exploitation context is single-source.
- West Pharmaceutical Services SEC 8-K — single source SEC filing (daily 2026-05-12). Standard victim-disclosure verification status; awaiting independent breach analysis.
- PAN-OS CVE-2026-0300 wave-2 schedule — Palo Alto PSIRT advisory is the only source. National-CERT carve-out applies; CERT-EU and other corroborating advisories typically lag the vendor PSIRT by 24–48 hours.
- Verizon DBIR 2026 headline figures — single source Verizon DBIR page; full PDF release pending 2026-05-19 webinar. Figures may shift on full-PDF reading.
- SEPPmail CVE-2026-44128 — two national CERTs (NCSC-CH + CIRCL) corroborate; status improved from W19 but remains
SINGLE-SOURCE-NATIONAL-CERTbecause no independent third-party PoC / root-cause analysis surfaced this week. - Kaspersky GReAT — Kimsuky Rust-based HelloDoor + TryCloudflare-tunnel C2 — single source Kaspersky (daily 2026-05-17). Standard single-source-OTHER caution.
- § 6 vendor-research items operating as single-source-equivalent for the weekly: Verizon DBIR 2026 page-summary (Verizon only — full PDF pending 2026-05-19 webinar); Check Point Research April 2026 ransomware analysis (Check Point only — vendor monthly threat report); GTIG AI Threat Tracker May 2026 (Google Cloud only — vendor threat-intel report); Datadog Security Labs Shai-Hulud framework analysis (Datadog only — vendor research). Per the daily prompt's annual-report carve-out, vendor-research roll-ups stand as primary sources; flagged here so the single-source posture is explicit on the page.
- § 3 CVE-2026-46300 (Fragnesia) — single primary source Wiz Research (Linux kernel security advisory). The Wiz post is the canonical research write-up; flagged here so the single-source posture is explicit.
Items dropped from this week's roll-up that may resurface:
- TrickMo "TrickMo C" Android banking trojan — TON-blockchain C2 (daily 2026-05-13) — dropped under W-PD-1: Android banking-trojan content is off-audience for a Swiss / EU public-sector SOC weekly. If a Swiss / EU public-sector entity discloses an incident traced to TrickMo C, resurfaces.
- NCSC-UK "10 questions to ask when using AI models to find vulnerabilities" (daily 2026-05-13) — covered briefly in the daily; the NCSC-UK guidance is policy-advisory rather than operationally novel. The W19 weekly already absorbed the CERT-FR CERTFR-2026-ACT-016 agentic-AI advisory and the parallel NCSC.ch BACS assessment; the NCSC-UK piece adds questions but no new defender-action items.
- Microsoft MDASH multi-model agentic vulnerability discovery (daily 2026-05-13 research) — dropped under W-PD-1: this is interesting research-platform reporting but does not currently change defender obligations or surface a new operator pattern.
- GemStuffer — RubyGems weaponised as a one-way exfiltration channel (daily 2026-05-14 research) — held under reduced weight; the abuse pattern is novel but limited to UK local-authority ModernGov portals at this stage; if cross-EU GemStuffer expansion is documented in 2026-W21, resurfaces.
- CVE-2026-41940 FunnelKit (2026-05-17 § 1) — daily covered as "FunnelKit Funnel Builder for WooCommerce actively exploited as Magecart skimmer on 40,000+ WordPress stores — no CVE assigned"; included in § 4 sector pattern rather than § 1 to avoid leading with a non-CVE'd WooCommerce-plugin item against the inaction-=-incident bar of the strongest § 1 placements.
Contradictions / ambiguities flagged for the verifier's attention:
- Microsoft Exchange CVE-2026-42897 vs. DEVCORE Pwn2Own three-bug chain. The two findings are distinct vulnerability classes; Microsoft has not formally linked them at week-end. The weekly treats them as adjacent threats with potential composite-exploitation risk but explicitly does not claim a chained ITW exploitation has been observed. Verifier: confirm the framing is consistent across §§ 0, 1, 2, 3.
- CISA ED-26-03 deadline 2026-05-17 vs. KEV deadline alignment. ED-26-03 mandates US-FCEB action by 2026-05-17; the underlying KEV addition has a 2026-05-29 deadline for the CVE-2026-42897 Exchange flaw and 2026-05-17 for CVE-2026-20182. The two timelines are distinct: ED-26-03 is Cisco SD-WAN-specific.
- The Gentlemen RaaS — Bedrock Safeguard decryptor scope. Bedrock Safeguard's testing documented 35/35 files decrypted with their PoC; the operator has claimed to patch the binary, so the decryptor's continued effectiveness is bounded to pre-patch encrypted material. The weekly frames the decryptor as "best-case retrospective" capability accordingly.
- CVE-2026-43500 (Dirty Frag RxRPC) patch status. AlmaLinux 8 is documented as not affected (rxrpc module not built); other distros are propagating. Defenders should not generalise the AlmaLinux-8 not-affected status to other RHEL-derivatives.
Items included with reduced confidence:
- Verizon DBIR 2026 figures (page-summary level). Full PDF release pending; figures cited are from the public page summary and may be revised on full-PDF reading after the 2026-05-19 webinar.
- TeamPCP Mini Shai-Hulud wave-4 package count (qualified as "170+ packages / 400+ versions" per daily-brief tracking). The qualified figure derives from daily-brief tracking of the 2026-05-13 wave; the Wiz Blog and Datadog Security Labs writeups list named packages without an aggregate count, so exact totals are contingent on registry-side observations that may shift as additional malicious versions are identified.
- Qilin DLS 65 German victims total. Number is current as of 2026-05-16 per W1 horizon research; leak-site counts are operator-controlled data and should be treated as a lower bound.
Sub-agent telemetry (Phase 2):
- W1 (Long-horizon ongoing developments + annual / periodic reports) — returned: Claude Sonnet 4.6 (
claude-sonnet-4-6); started_at=2026-05-17T22:12:01Z, ended_at=2026-05-17T22:23:34Z, duration_seconds=693; webfetch_calls=14, websearch_calls=18, bridge_fetches=2. Returned 11 items: 7 status-updates on W19 "Looking Ahead" items (PAN-OS CVE-2026-0300, Canvas/Instructure, The Gentlemen RaaS, Dirty Frag distro propagation, CVE-2026-31431 Copy Fail, MOVEit Automation CVE-2026-4670, SEPPmail CVE-2026-44128), 2 campaign-status updates (Secret Blizzard / Turla Kazuar, FrostyNeighbor / Ghostwriter UNC1151, Mini Shai-Hulud, Qilin / Agenda), 2 annual / periodic reports (Sophos State of Identity Security 2026, Verizon DBIR 2026). W1 coverage gaps: bleepingcomputer (article URLs frequently 403 even via bridge — WebSearch corroboration used), inside-it-ch (Cloudflare Managed Challenge — no relevant in-window items via WebSearch fallback), Verizon DBIR full PDF (not released until 2026-05-19 webinar), independent third-party SEPPmail CVE-2026-44128 write-up (not found in window — CIRCL advisory strongest available corroboration). - W2 (Strategic & policy horizon) — returned: Claude Sonnet 4.6 (
claude-sonnet-4-6); started_at=2026-05-17T22:12:32Z, ended_at=2026-05-17T22:17:59Z, duration_seconds=327; webfetch_calls=18, websearch_calls=14, bridge_fetches=12. Returned 8 items: 3 net-new policy items (EU Digital Omnibus AI Act extension 2026-12-02, CRA milestones 11 June / 11 September 2026, DORA first oversight cycle with 19 designated CTPPs), 4 status updates (ENISA CNA Root 4 new CNAs onboarded, EDPB CEF 2026 25 DPAs investigating, KRITIS-DachG registration deadline 17 July 2026, NIS2 transposition status no Court of Justice referral), 1 CISA KEV addition (CVE-2026-42897 Exchange OWA-XSS KEV-added 2026-05-15 deadline 2026-05-29). W2 coverage gaps: CERT-FR RSS feed serving items only through September 2025 (feed appears stale / misconfigured; direct-URL fetches work), BAKOM / OFCOM (no cybersecurity-relevant CH telecom-regulator publication this week), FINMA (no new circular this week), Council of Europe Budapest Convention (no in-window cybercrime action), OFAC cyber (no in-window sanctions action).
Sub-agent self-identification: both W1 and W2 self-identified as Claude Sonnet 4.6 (canonical id claude-sonnet-4-6) — model id and friendly name aligned, no drift. The main agent (this Opus 4.7 invocation) is Claude Opus 4.7 with canonical id claude-opus-4-7.
Verification iterations: Phase 4.7 verifier ran with model rotation across five iterations.
- Iter 1 (
cti-verification, Opus) tripped Anthropic's cyber-content classifier and returned no verdict — a documented failure mode on dense-CTI weekly composition. - Iter 2 (
cti-verification-alt, Sonnet) returnedNEEDS_FIXEStruth=12 / editorial=4 / advisory=2; all findings remediated. - Iter 3 (
cti-verification-alt, Sonnet — re-spawned on Sonnet to avoid recurrence of iter-1 classifier-trip risk) returnedNEEDS_FIXEStruth=2 / editorial=1 / advisory=1; all truth + editorial findings remediated (two iter-2 remediations had been partially applied; iter-3 caught them). - Iter 4 (
cti-verification-alt, Sonnet) returnedNEEDS_FIXEStruth=3 / editorial=0 / advisory=1; all truth findings remediated. - Iter 5 (
cti-verification, Opus — cap iteration, classifier-trip risk re-paid; succeeded) returnedNEEDS_FIXEStruth=0 / editorial=1 / advisory=2 — content is CLEAN at the truth level; residual editorial-advisory items are this very § 10 self-report (now updated) and a batch F12 single-source-heading-marker advisory that § 10's single-source-flag table compensates for.
Cap reached at iter 5 per the prompt's Cap 5 iterations rule with publish-anyway fail-open safety valve. verification_residual_count = 1 (editorial only; F11 advisory excluded per v2.47 semantics). Iteration-by-iteration model + verdict + duration + per-finding records persisted in state/run_log.json.verification.iterations[].
Coverage gaps: bleepingcomputer (article URLs 403 even via bridge); inside-it-ch (Cloudflare Managed Challenge); cert-fr (RSS stale through Sep 2025 — direct URL fetches succeed); bakom-ofcom (no in-window publication); finma-ch (no new circular); coe-budapest (no in-window cybercrime action); ofac-cyber (no in-window action); verizon-dbir-2026-full (PDF not released until 2026-05-19); seppmail-cve-2026-44128-third-party (no third-party PoC / write-up in window); databreaches-net (403 persistent — bridge allowlisted but no W20 item via secondary discovery); prodaft (403 persistent); nccgroup (403 persistent); csirt-acn-it (403 persistent); ccn-cert-es (geo-blocked); ico-uk (JS SPA — South Staffordshire penalty already covered via the daily citation); cisa-news / cisa-kev / cisa-directives (bridge-fetched successfully — ED-26-03 + KEV CVE-2026-42897 / CVE-2026-20182 captured); ncsc-ch-security-hub (bridge-fetched successfully — post #12577 captured for CVE-2026-42897); enisa-euvd (SPA — no W20 item surfaced via WebFetch); advisories-ncsc-nl (Angular SPA — listing returns no advisory data; individual URLs work).
Migrated from briefs/weekly/2026-W20.md (v2).
← Operations dashboard · day page 2026-05-17 · run-record contract: docs/pipeline.md