{
  "briefs": [
    {
      "entity": {
        "name": "Sheila Cherfilus-McCormick",
        "type": "Former U.S. Representative",
        "subtitle": "Former Democratic Congresswoman, Florida's 20th District · Resigned April 2026 · Federal fraud charges pending"
      },
      "stats_line": "42 news articles · 1 public-corruption case",
      "synthesis": [
        "Sheila Cherfilus-McCormick resigned from Congress on April 22, 2026, minutes before a scheduled House Ethics Committee hearing, following a federal indictment alleging she stole $5 million in COVID-19 FEMA disaster relief funds [articles, graft]. The resignation came after the Ethics Committee had already identified 18 campaign finance violations and was preparing to recommend her expulsion, making her departure a pre-emptive exit from a near-certain formal sanction [articles].",
        "The federal case, USA v. Sheila Cherfilus-McCormick (2026), resulted in the Department of Homeland Security suspending her from receiving federal contracts, grants, or other funds, a debarment action announced May 4, 2026 [graft, articles]. News coverage across Fox News, CBS News, and The Hill described the alleged conduct as 'outright fraud' and placed her resignation alongside those of Reps. Eric Swalwell and Tony Gonzales as part of a broader pattern of lawmakers resigning to avoid formal expulsion proceedings [articles].",
        "Despite resigning under indictment and facing debarment, Cherfilus-McCormick filed for re-election to reclaim her former seat, a move widely covered and criticized as she simultaneously denied wrongdoing [articles]. Her case has become a catalyst for bipartisan demands for House ethics process reform, with multiple lawmakers citing her exit, along with other recent resignations, as evidence that resignation functions as an escape hatch that circumvents accountability mechanisms [articles]."
      ],
      "source_breakdown": [
        {
          "source": "News outlets",
          "count": 42,
          "label": "Across Fox News, CBS News, The Hill; April-May 2026"
        },
        {
          "source": "Public corruption cases (Graft)",
          "count": 1,
          "label": "USA v. Sheila Cherfilus-McCormick, 2026; DHS debarment"
        }
      ],
      "timeline": [
        {
          "date": "2026-04-22",
          "event": "Cherfilus-McCormick resigns from Congress minutes before House Ethics hearing"
        },
        {
          "date": "2026-04-22",
          "event": "Ethics Committee had recommended punishment for 18 campaign finance violations"
        },
        {
          "date": "2026-04-23",
          "event": "Resignation cited as catalyst for House ethics reform demands alongside Swalwell and Gonzales exits"
        },
        {
          "date": "2026-04-25",
          "event": "Reports confirm she filed for re-election days before resigning"
        },
        {
          "date": "2026-05-04",
          "event": "DHS suspends Cherfilus-McCormick from federal contracts and grants following fraud charges"
        }
      ],
      "events": [
        {
          "date": "2026-04-22",
          "source": "articles",
          "label": "Resignation from Congress minutes before Ethics Committee hearing",
          "weight": 3
        },
        {
          "date": "2026-04-22",
          "source": "articles",
          "label": "House Ethics Committee: 18 campaign finance violations, expulsion recommended",
          "weight": 3
        },
        {
          "date": "2026-04-23",
          "source": "articles",
          "label": "Resignation pattern: Swalwell, Gonzales, Cherfilus-McCormick fuel ethics reform push",
          "weight": 2
        },
        {
          "date": "2026-04-25",
          "source": "articles",
          "label": "Filed for re-election days before resignation amid active investigations",
          "weight": 2
        },
        {
          "date": "2026-05-04",
          "source": "graft",
          "label": "Federal case USA v. Cherfilus-McCormick filed; $5M FEMA fraud charged",
          "weight": 3
        },
        {
          "date": "2026-05-04",
          "source": "articles",
          "label": "DHS debarment: cut off from federal contracts and grants post-indictment",
          "weight": 3
        }
      ],
      "convergences": [
        {
          "window_start": "2026-05-04",
          "window_end": "2026-05-04",
          "sources": [
            "articles",
            "graft"
          ],
          "summary": "Federal fraud charge filing and DHS debarment action reported simultaneously on May 4, 2026"
        }
      ],
      "adjacent_entities": [
        {
          "name": "House Ethics Committee",
          "type": "legislative body",
          "via": "expulsion recommendation and campaign finance violations"
        },
        {
          "name": "Department of Homeland Security",
          "type": "federal agency",
          "via": "debarment from federal contracts and grants"
        },
        {
          "name": "FEMA",
          "type": "federal agency",
          "via": "alleged $5M COVID-19 disaster relief fund theft"
        },
        {
          "name": "Eric Swalwell",
          "type": "politician",
          "via": "concurrent resignation amid misconduct allegations"
        },
        {
          "name": "Tony Gonzales",
          "type": "politician",
          "via": "concurrent resignation amid misconduct allegations"
        },
        {
          "name": "Cory Mills",
          "type": "politician",
          "via": "cited as next Florida lawmaker facing resignation pressure"
        }
      ],
      "references": [
        {
          "source": "graft",
          "title": "USA v. Sheila Cherfilus-McCormick",
          "date": "2026-05-04",
          "outlet": "DOJ / DHS",
          "href": "/graft/case/usa-v-sheila-cherfilus-mccormick-sheila-cherfilus-mccormick-2026"
        },
        {
          "source": "articles",
          "title": "Rep. Sheila Cherfilus-McCormick resigns from Congress ahead of ethics hearing",
          "date": "2026-04-22",
          "outlet": "CBS News",
          "href": "/article/159195"
        },
        {
          "source": "articles",
          "title": "Disgraced Dem cut off from doing business with government after alleged outright fraud uncovered",
          "date": "2026-05-04",
          "outlet": "Fox News",
          "href": "/article/218992"
        },
        {
          "source": "articles",
          "title": "Florida Dem filed for re-election days before resignation as House Ethics Committee ramped up pressure",
          "date": "2026-04-25",
          "outlet": "Fox News",
          "href": "/article/172398"
        },
        {
          "source": "articles",
          "title": "Resignation is the new escape hatch as lawmakers face expulsion",
          "date": "2026-04-23",
          "outlet": "Fox News",
          "href": "/article/162752"
        },
        {
          "source": "articles",
          "title": "House lawmakers clamoring for ethics reforms after wave of resignations",
          "date": "2026-04-23",
          "outlet": "The Hill",
          "href": "/article/163390"
        }
      ],
      "buyer_persona": "Congressional oversight researcher · Investigative journalist · Political risk analyst",
      "value_prop": "*Cortex compresses a multi-source federal fraud, ethics, and debarment timeline spanning indictment, resignation, and DHS action into a single 60-second brief that would otherwise require manually cross-referencing DOJ case records, Ethics Committee reports, and dozens of news articles.*",
      "id": "cherfilus-mccormick"
    },
    {
      "entity": {
        "name": "Boeing",
        "type": "Public corporation",
        "subtitle": "Aerospace & Defense · NYSE: BA · Commercial aviation, defense, space systems"
      },
      "stats_line": "51 news articles · 3 Federal Register actions · 2 ransomware leak-site mentions · 1 CISA advisory",
      "synthesis": [
        "Boeing's commercial recovery narrative is being shaped simultaneously by production milestones and geopolitical trade dynamics. CEO Kelly Ortberg confirmed on May 27, 2026 that the company met FAA requirements to raise 737 MAX output to 47 aircraft per month [articles], a regulatory compliance threshold that follows years of post-MAX crisis oversight. That same week, China officially confirmed a purchase of 200 Boeing jets, framed publicly as a political gesture tied to the Trump-Beijing summit [articles]; however, analysts note China is simultaneously accelerating domestic aviation development to reduce foreign dependence, raising questions about long-term delivery certainty [articles].",
        "Boeing faces ongoing legal and safety scrutiny that runs concurrent with the production ramp. A federal jury in Chicago ordered Boeing to pay $49.5 million to the family of a 737 MAX crash victim in May 2026 [articles], and the NTSB separately questioned Boeing officials over a 2025 deadly UPS cargo crash in Kentucky [articles]. The FAA issued two airworthiness directives covering Boeing airplanes in May and June 2026, and the Transportation Department published special conditions for electronic system security on Boeing 757-200 series aircraft [fedreg], indicating continued active regulatory engagement across both safety and cybersecurity domains.",
        "On the defense side, Boeing's export position is eroding in key allied markets. Canada selected Sweden's Saab GlobalEye over a competing Boeing option to reduce US supplier reliance [articles], and Italy canceled its Boeing Pegasus tanker order in favor of the Airbus A330 MRTT [articles]. A countervailing data point is Israel's receipt of its first KC-46 refueling aircraft from Boeing, enhancing long-range strike capability [articles]. These divergent procurement decisions reflect geopolitical realignment rather than purely capability-based competition.",
        "Two ransomware leak-site incidents within a week of each other in late May 2026 involved Boeing supply-chain adjacents. Akira claimed GS Yuasa Lithium Power, explicitly citing Boeing satellite project data, contracts, and drawings [underground]; separately, IncRansom claimed Spanish aerospace manufacturer Mecanizados y Montajes Aeronauticos, listing Boeing among its named clients alongside 100GB of exfiltrated data [underground]. Neither breach directly names Boeing's own systems, but both expose proprietary project and contractual data held by suppliers. The CISA advisory AA23-325A on LockBit 3.0 affiliates exploiting the Citrix Bleed vulnerability (CVE-2023-4966) [cisa] provides relevant threat-actor context for the supply-chain targeting pattern visible in these incidents."
      ],
      "source_breakdown": [
        {
          "source": "News outlets",
          "count": 51,
          "label": "Across multiple outlets including Bloomberg, CNBC, NPR, SCMP, CBS; late May 2026 window"
        },
        {
          "source": "Federal Register",
          "count": 3,
          "label": "FAA airworthiness directives and special cybersecurity conditions, May-June 2026"
        },
        {
          "source": "Ransomware leak sites",
          "count": 2,
          "label": "Akira and IncRansom claims against Boeing supply-chain firms, May 2026"
        },
        {
          "source": "CISA advisories",
          "count": 1,
          "label": "AA23-325A, LockBit 3.0 Citrix Bleed exploitation, Nov 2023"
        }
      ],
      "timeline": [
        {
          "date": "2026-05-13",
          "event": "FAA issues first airworthiness directive covering Boeing airplanes in May cycle"
        },
        {
          "date": "2026-05-14",
          "event": "Federal jury orders Boeing to pay $49.5M to 737 MAX crash victim family"
        },
        {
          "date": "2026-05-20",
          "event": "China confirms order for 200 Boeing jets, first major order in nearly a decade"
        },
        {
          "date": "2026-05-23",
          "event": "Italy cancels Boeing Pegasus tanker order, shifts to Airbus A330 MRTT"
        },
        {
          "date": "2026-05-27",
          "event": "CEO Ortberg confirms 737 MAX production meets FAA threshold of 47/month"
        },
        {
          "date": "2026-05-27",
          "event": "Israel receives first Boeing KC-46 refueling aircraft"
        },
        {
          "date": "2026-05-29",
          "event": "FAA issues second Boeing airworthiness directive; Akira claims Boeing-adjacent supplier GS Yuasa"
        },
        {
          "date": "2026-06-01",
          "event": "Transportation Department publishes special cybersecurity conditions for Boeing 757-200"
        }
      ],
      "events": [
        {
          "date": "2026-05-14",
          "source": "articles",
          "label": "Jury orders Boeing to pay $49.5M in 737 MAX crash verdict",
          "weight": 3
        },
        {
          "date": "2026-05-20",
          "source": "articles",
          "label": "China confirms 200-jet Boeing order, first in nearly a decade",
          "weight": 3
        },
        {
          "date": "2026-05-23",
          "source": "articles",
          "label": "Italy cancels Boeing Pegasus order, selects Airbus A330 MRTT",
          "weight": 2
        },
        {
          "date": "2026-05-23",
          "source": "underground",
          "label": "IncRansom claims Boeing supplier MYM Group, 100GB leaked",
          "weight": 2
        },
        {
          "date": "2026-05-27",
          "source": "articles",
          "label": "CEO confirms 737 MAX production meets FAA 47/month threshold",
          "weight": 3
        },
        {
          "date": "2026-05-27",
          "source": "articles",
          "label": "Israel receives first KC-46 refueling aircraft from Boeing",
          "weight": 2
        },
        {
          "date": "2026-05-28",
          "source": "underground",
          "label": "Akira claims GS Yuasa, cites Boeing satellite project data",
          "weight": 2
        },
        {
          "date": "2026-05-29",
          "source": "fedreg",
          "label": "FAA publishes airworthiness directive for Boeing airplanes",
          "weight": 2
        },
        {
          "date": "2026-05-19",
          "source": "articles",
          "label": "NTSB questions Boeing officials over 2025 UPS cargo crash in Kentucky",
          "weight": 2
        },
        {
          "date": "2026-05-13",
          "source": "fedreg",
          "label": "FAA issues first May 2026 airworthiness directive for Boeing",
          "weight": 1
        },
        {
          "date": "2026-06-01",
          "source": "fedreg",
          "label": "FAA special conditions: cybersecurity on Boeing 757-200 series",
          "weight": 2
        }
      ],
      "convergences": [
        {
          "window_start": "2026-05-27",
          "window_end": "2026-05-29",
          "sources": [
            "articles",
            "fedreg",
            "underground"
          ],
          "summary": "CEO production milestone announcement, FAA airworthiness directive, and Akira ransomware claim against Boeing satellite supplier all fall within a 72-hour window"
        }
      ],
      "adjacent_entities": [
        {
          "name": "FAA",
          "type": "regulator",
          "via": "737 MAX production approval and airworthiness directives"
        },
        {
          "name": "China / CAAC",
          "type": "foreign government",
          "via": "200-jet purchase agreement, trade deal"
        },
        {
          "name": "Airbus",
          "type": "corporation",
          "via": "direct competitor displacing Boeing in Italy and Canada defense contracts"
        },
        {
          "name": "NTSB",
          "type": "regulator",
          "via": "UPS cargo crash investigation questioning Boeing officials"
        },
        {
          "name": "GS Yuasa Lithium Power",
          "type": "corporation",
          "via": "Akira ransomware claim citing Boeing satellite project data"
        },
        {
          "name": "Kelly Ortberg",
          "type": "individual",
          "via": "Boeing CEO, production and regulatory announcements"
        },
        {
          "name": "LockBit 3.0 / Akira",
          "type": "threat actor",
          "via": "ransomware supply-chain targeting of Boeing-linked firms"
        }
      ],
      "references": [
        {
          "source": "articles",
          "title": "Boeing CEO says company met requirements to increase 737 Max production to 47 jets per month",
          "date": "2026-05-27",
          "outlet": "CNBC Top",
          "href": "/article/326652"
        },
        {
          "source": "articles",
          "title": "China confirms order for 200 Boeing planes, calls aviation key area for U.S. cooperation",
          "date": "2026-05-20",
          "outlet": "CNBC Top",
          "href": "/article/292375"
        },
        {
          "source": "articles",
          "title": "Jury orders Boeing to pay $49.5 million to family of 737 MAX crash victim",
          "date": "2026-05-14",
          "outlet": "NPR News",
          "href": "/article/265940"
        },
        {
          "source": "fedreg",
          "title": "Special Conditions: Honeywell International Inc., Boeing Model 757-200 Series Airplanes; Electronic System Security Protection From Unauthorized External Access",
          "date": "2026-06-01",
          "outlet": "Transportation Department",
          "href": "/vector/fedreg/2026-10855"
        },
        {
          "source": "fedreg",
          "title": "Airworthiness Directives; The Boeing Company Airplanes",
          "date": "2026-05-29",
          "outlet": "Transportation Department",
          "href": "/vector/fedreg/2026-10803"
        },
        {
          "source": "underground",
          "title": "GS Yuasa Lithium Power - Akira ransomware claim citing Boeing satellite project data",
          "date": "2026-05-28",
          "outlet": "Akira leak site",
          "href": "/underground/group/akira"
        },
        {
          "source": "cisa",
          "title": "#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability",
          "date": "2023-11-21",
          "outlet": "CISA",
          "href": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
        },
        {
          "source": "articles",
          "title": "Boeing went to China to sell planes. Beijing is buying something else",
          "date": "2026-05-22",
          "outlet": "SCMP China",
          "href": "/article/305390"
        },
        {
          "source": "articles",
          "title": "Canada to order military plane fleet from Sweden in shift from US suppliers",
          "date": "2026-05-27",
          "outlet": "The Guardian World",
          "href": "/article/326792"
        },
        {
          "source": "articles",
          "title": "NTSB questions Boeing, other aviation officials over deadly UPS plane crash in Kentucky",
          "date": "2026-05-19",
          "outlet": "CBS News",
          "href": "/article/290572"
        }
      ],
      "buyer_persona": "Fund analyst · Aerospace industry researcher · Defense procurement analyst · Aviation safety compliance officer",
      "value_prop": "*Cortex cross-references FAA directives, ransomware supply-chain claims, geopolitical procurement shifts, and live litigation data into a single Boeing risk picture that would otherwise require monitoring a dozen separate regulatory and threat-intelligence feeds.*",
      "id": "boeing",
      "market_reactions": {
        "ticker": "BA",
        "benchmark": "SPY",
        "window_label": "May 2026 (n=1 per event type — single-observation illustration of Phase F output)",
        "cumulative": {
          "period_start": "2026-04-30",
          "period_end": "2026-05-29",
          "stock_return_pct": 0.93,
          "benchmark_return_pct": 5.26,
          "abnormal_return_pct": -4.34
        },
        "events": [
          {
            "date": "2026-05-13",
            "source": "fedreg",
            "label": "FAA airworthiness directive",
            "abn_1d_pct": -4.59,
            "abn_5d_pct": -7.5
          },
          {
            "date": "2026-05-14",
            "source": "articles",
            "label": "$49.5M jury verdict (737 MAX)",
            "abn_1d_pct": -7.94,
            "abn_5d_pct": -3.46
          },
          {
            "date": "2026-05-19",
            "source": "articles",
            "label": "NTSB questions Boeing on UPS crash",
            "abn_1d_pct": 0.37,
            "abn_5d_pct": 2.04
          },
          {
            "date": "2026-05-20",
            "source": "articles",
            "label": "China 200-jet order confirmed",
            "abn_1d_pct": 0.91,
            "abn_5d_pct": 1.16
          },
          {
            "date": "2026-05-23",
            "source": "articles",
            "label": "Italy cancels Pegasus tanker",
            "abn_1d_pct": 1.76,
            "abn_5d_pct": null
          },
          {
            "date": "2026-05-27",
            "source": "articles",
            "label": "CEO confirms 47/mo production",
            "abn_1d_pct": 3.98,
            "abn_5d_pct": null
          },
          {
            "date": "2026-05-28",
            "source": "underground",
            "label": "Supplier ransomware claims Boeing data",
            "abn_1d_pct": 2.25,
            "abn_5d_pct": null
          }
        ],
        "interpretation": [
          "Regulatory events priced immediately and sharply. The FAA directive + jury verdict combo on 5/13–5/14 produced a -7.05% abnormal move in 3 days, BA's worst week of the month.",
          "Operational good news outweighed cyber supply-chain risk. The 5/27–5/29 convergence window included both the CEO production milestone (+3.98% abnormal) and the supplier ransomware breach (+2.25% abnormal). Market weighted the operational story higher.",
          "Foreign procurement losses had minimal market impact. Italy + Canada defense procurement losses produced ~+1-2% abnormal returns, suggesting markets had already priced this competitive dynamic."
        ]
      }
    },
    {
      "entity": {
        "name": "Qilin",
        "type": "Threat actor",
        "subtitle": "Ransomware group · Double extortion · Golang-based malware · Active since July 2022"
      },
      "stats_line": "1 news article · 2 underground profile hits · 45 known victims on leak site",
      "synthesis": [
        "Qilin is a ransomware group first observed in July 2022, operating a double-extortion model that demands payment both for a decryptor and for suppression of stolen data [underground]. The group's tooling is written in Golang and supports multiple encryption modes configurable by the operator, reflecting a technically capable affiliate-driven operation [underground].",
        "Qilin's affiliate network extends to at least one subordinate group, Securotrop, established in early 2025, which operates under the Qilin affiliate structure while maintaining an independent public identity [underground]. Securotrop focuses exclusively on commercial targets and deliberately avoids healthcare and government entities, suggesting the broader Qilin network applies at least selective target scoping to manage legal and reputational exposure [underground].",
        "Qilin has accumulated 45 documented victims on its leak site [underground]. In May 2026, the group was identified alongside ShinyHunters in connection with a confirmed data breach at Cushman and Wakefield, a major commercial real estate firm, with the incident described as involving a vishing component [articles]. The convergence of two serial extortion groups against a single high-value target indicates coordinated or opportunistic pile-on activity against already-compromised organizations."
      ],
      "source_breakdown": [
        {
          "source": "Underground (ransomware leak sites)",
          "count": 2,
          "label": "Group profile + affiliated group Securotrop; 45 victims tracked"
        },
        {
          "source": "News outlets",
          "count": 1,
          "label": "The Register, May 2026 — Cushman & Wakefield breach claim"
        }
      ],
      "timeline": [
        {
          "date": "2022-07-01",
          "event": "Qilin ransomware first observed; Golang-based, multi-mode encryption"
        },
        {
          "date": "2025-01-01",
          "event": "Securotrop affiliate group established within Qilin network"
        },
        {
          "date": "2026-05-05",
          "event": "Qilin and ShinyHunters both claim breach of Cushman & Wakefield"
        },
        {
          "date": "2026-05-28",
          "event": "Qilin leak-site profile updated; 45 victims listed"
        }
      ],
      "events": [
        {
          "date": "2022-07-01",
          "source": "underground",
          "label": "Qilin ransomware first observed; Golang, multi-mode encryption",
          "weight": 3
        },
        {
          "date": "2025-01-01",
          "source": "underground",
          "label": "Securotrop affiliate group established under Qilin network",
          "weight": 2
        },
        {
          "date": "2026-05-05",
          "source": "articles",
          "label": "Qilin claims Cushman & Wakefield breach alongside ShinyHunters",
          "weight": 3
        },
        {
          "date": "2026-05-28",
          "source": "underground",
          "label": "Qilin leak-site profile shows 45 victims",
          "weight": 2
        }
      ],
      "convergences": [],
      "adjacent_entities": [
        {
          "name": "Cushman & Wakefield",
          "type": "Corporation",
          "via": "confirmed breach victim, vishing incident May 2026"
        },
        {
          "name": "ShinyHunters",
          "type": "Threat actor",
          "via": "co-claimed Cushman & Wakefield attack"
        },
        {
          "name": "Securotrop",
          "type": "Threat actor",
          "via": "Qilin affiliate group, commercial-targets-only focus"
        }
      ],
      "references": [
        {
          "source": "articles",
          "title": "Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking",
          "date": "2026-05-05",
          "outlet": "The Register",
          "href": "/article/222390"
        },
        {
          "source": "underground",
          "title": "qilin",
          "date": "2026-05-28",
          "outlet": "Ransomware leak site",
          "href": "/underground/group/qilin"
        },
        {
          "source": "underground",
          "title": "securotrop",
          "date": "2026-05-28",
          "outlet": "Ransomware leak site",
          "href": "/underground/group/securotrop"
        }
      ],
      "buyer_persona": "Threat intelligence analyst · Incident response team · Cyber insurance underwriter",
      "value_prop": "*Cortex surfaces Qilin's affiliate structure, victim count, tooling profile, and live breach claims across leak sites and news in 30 seconds, work that would otherwise require manual triage of dark-web forums, threat-intel feeds, and press monitoring.*",
      "id": "qilin-ransomware"
    }
  ]
}