@blamejs/exceptd-skills 0.12.24 → 0.12.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/AGENTS.md +12 -4
  2. package/CHANGELOG.md +83 -0
  3. package/data/_indexes/_meta.json +31 -31
  4. package/data/_indexes/activity-feed.json +45 -45
  5. package/data/_indexes/catalog-summaries.json +19 -19
  6. package/data/_indexes/chains.json +320 -0
  7. package/data/_indexes/currency.json +9 -9
  8. package/data/_indexes/frequency.json +39 -2
  9. package/data/_indexes/jurisdiction-clocks.json +2 -2
  10. package/data/_indexes/jurisdiction-map.json +3 -1
  11. package/data/_indexes/section-offsets.json +396 -396
  12. package/data/_indexes/summary-cards.json +3 -3
  13. package/data/_indexes/token-budget.json +73 -73
  14. package/data/atlas-ttps.json +491 -19
  15. package/data/attack-techniques.json +198 -84
  16. package/data/cve-catalog.json +1309 -9
  17. package/data/exploit-availability.json +300 -10
  18. package/data/framework-control-gaps.json +395 -1
  19. package/data/global-frameworks.json +44 -19
  20. package/data/rfc-references.json +93 -1
  21. package/data/zeroday-lessons.json +475 -13
  22. package/lib/schemas/cve-catalog.schema.json +24 -3
  23. package/manifest-snapshot.json +1 -1
  24. package/manifest-snapshot.sha256 +1 -1
  25. package/manifest.json +59 -59
  26. package/package.json +1 -1
  27. package/sbom.cdx.json +6 -6
  28. package/skills/ai-attack-surface/skill.md +11 -2
  29. package/skills/ai-c2-detection/skill.md +3 -1
  30. package/skills/ai-risk-management/skill.md +3 -1
  31. package/skills/api-security/skill.md +4 -0
  32. package/skills/attack-surface-pentest/skill.md +1 -0
  33. package/skills/container-runtime-security/skill.md +3 -1
  34. package/skills/dlp-gap-analysis/skill.md +1 -1
  35. package/skills/exploit-scoring/skill.md +2 -2
  36. package/skills/incident-response-playbook/skill.md +1 -1
  37. package/skills/kernel-lpe-triage/skill.md +6 -1
  38. package/skills/mcp-agent-trust/skill.md +7 -2
  39. package/skills/mlops-security/skill.md +1 -1
  40. package/skills/rag-pipeline-security/skill.md +4 -2
  41. package/skills/sector-financial/skill.md +1 -1
  42. package/skills/skill-update-loop/skill.md +1 -1
  43. package/skills/supply-chain-integrity/skill.md +3 -1
  44. package/skills/threat-model-currency/skill.md +1 -1
  45. package/skills/webapp-security/skill.md +2 -0
  46. package/skills/zeroday-gap-learn/skill.md +2 -2
package/data/_indexes/chains.json CHANGED
@@ -1834,6 +1834,326 @@
1834
1834
  "rfc_refs": []
1835
1835
  }
1836
1836
  },
1837
+ "CVE-2024-21626": {
1838
+ "name": "runc /proc/self/fd leak (Leaky Vessels)",
1839
+ "rwep": 75,
1840
+ "cvss": 8.6,
1841
+ "cisa_kev": true,
1842
+ "epss_score": 0.65,
1843
+ "referencing_skills": [],
1844
+ "chain": {
1845
+ "cwes": [],
1846
+ "atlas": [],
1847
+ "d3fend": [],
1848
+ "framework_gaps": [],
1849
+ "attack_refs": [],
1850
+ "rfc_refs": []
1851
+ }
1852
+ },
1853
+ "CVE-2024-3094": {
1854
+ "name": "xz-utils liblzma backdoor",
1855
+ "rwep": 70,
1856
+ "cvss": 10,
1857
+ "cisa_kev": true,
1858
+ "epss_score": 0.86,
1859
+ "referencing_skills": [],
1860
+ "chain": {
1861
+ "cwes": [],
1862
+ "atlas": [],
1863
+ "d3fend": [],
1864
+ "framework_gaps": [],
1865
+ "attack_refs": [],
1866
+ "rfc_refs": []
1867
+ }
1868
+ },
1869
+ "CVE-2024-3154": {
1870
+ "name": "CRI-O arbitrary kernel-module load",
1871
+ "rwep": 30,
1872
+ "cvss": 8.1,
1873
+ "cisa_kev": false,
1874
+ "epss_score": 0.012,
1875
+ "referencing_skills": [],
1876
+ "chain": {
1877
+ "cwes": [],
1878
+ "atlas": [],
1879
+ "d3fend": [],
1880
+ "framework_gaps": [],
1881
+ "attack_refs": [],
1882
+ "rfc_refs": []
1883
+ }
1884
+ },
1885
+ "CVE-2023-43472": {
1886
+ "name": "MLflow path-traversal arbitrary file read",
1887
+ "rwep": 30,
1888
+ "cvss": 7.5,
1889
+ "cisa_kev": false,
1890
+ "epss_score": 0.014,
1891
+ "referencing_skills": [],
1892
+ "chain": {
1893
+ "cwes": [],
1894
+ "atlas": [],
1895
+ "d3fend": [],
1896
+ "framework_gaps": [],
1897
+ "attack_refs": [],
1898
+ "rfc_refs": []
1899
+ }
1900
+ },
1901
+ "CVE-2020-10148": {
1902
+ "name": "SolarWinds Orion API authentication bypass (SUNBURST chain)",
1903
+ "rwep": 75,
1904
+ "cvss": 9.8,
1905
+ "cisa_kev": true,
1906
+ "epss_score": 0.945,
1907
+ "referencing_skills": [],
1908
+ "chain": {
1909
+ "cwes": [],
1910
+ "atlas": [],
1911
+ "d3fend": [],
1912
+ "framework_gaps": [],
1913
+ "attack_refs": [],
1914
+ "rfc_refs": []
1915
+ }
1916
+ },
1917
+ "CVE-2023-3519": {
1918
+ "name": "Citrix NetScaler ADC/Gateway unauth RCE (CitrixBleed precursor)",
1919
+ "rwep": 75,
1920
+ "cvss": 9.8,
1921
+ "cisa_kev": true,
1922
+ "epss_score": 0.967,
1923
+ "referencing_skills": [],
1924
+ "chain": {
1925
+ "cwes": [],
1926
+ "atlas": [],
1927
+ "d3fend": [],
1928
+ "framework_gaps": [],
1929
+ "attack_refs": [],
1930
+ "rfc_refs": []
1931
+ }
1932
+ },
1933
+ "CVE-2024-1709": {
1934
+ "name": "ConnectWise ScreenConnect auth-bypass",
1935
+ "rwep": 75,
1936
+ "cvss": 10,
1937
+ "cisa_kev": true,
1938
+ "epss_score": 0.973,
1939
+ "referencing_skills": [],
1940
+ "chain": {
1941
+ "cwes": [],
1942
+ "atlas": [],
1943
+ "d3fend": [],
1944
+ "framework_gaps": [],
1945
+ "attack_refs": [],
1946
+ "rfc_refs": []
1947
+ }
1948
+ },
1949
+ "CVE-2026-20182": {
1950
+ "name": "Cisco SD-WAN authentication bypass to admin",
1951
+ "rwep": 65,
1952
+ "cvss": 10,
1953
+ "cisa_kev": true,
1954
+ "epss_score": 0.5,
1955
+ "referencing_skills": [],
1956
+ "chain": {
1957
+ "cwes": [],
1958
+ "atlas": [],
1959
+ "d3fend": [],
1960
+ "framework_gaps": [],
1961
+ "attack_refs": [],
1962
+ "rfc_refs": []
1963
+ }
1964
+ },
1965
+ "CVE-2024-40635": {
1966
+ "name": "containerd integer overflow IP mask leak",
1967
+ "rwep": 30,
1968
+ "cvss": 5.9,
1969
+ "cisa_kev": false,
1970
+ "epss_score": 0.005,
1971
+ "referencing_skills": [],
1972
+ "chain": {
1973
+ "cwes": [],
1974
+ "atlas": [],
1975
+ "d3fend": [],
1976
+ "framework_gaps": [],
1977
+ "attack_refs": [],
1978
+ "rfc_refs": []
1979
+ }
1980
+ },
1981
+ "MAL-2026-TANSTACK-MINI": {
1982
+ "name": "Mini Shai-Hulud (TanStack worm)",
1983
+ "rwep": 55,
1984
+ "cvss": 9.8,
1985
+ "cisa_kev": false,
1986
+ "epss_score": null,
1987
+ "referencing_skills": [],
1988
+ "chain": {
1989
+ "cwes": [],
1990
+ "atlas": [],
1991
+ "d3fend": [],
1992
+ "framework_gaps": [],
1993
+ "attack_refs": [],
1994
+ "rfc_refs": []
1995
+ }
1996
+ },
1997
+ "MAL-2026-ANTHROPIC-MCP-STDIO": {
1998
+ "name": "Anthropic SDK MCP STDIO command-injection (embargoed)",
1999
+ "rwep": 25,
2000
+ "cvss": 9,
2001
+ "cisa_kev": false,
2002
+ "epss_score": null,
2003
+ "referencing_skills": [],
2004
+ "chain": {
2005
+ "cwes": [],
2006
+ "atlas": [],
2007
+ "d3fend": [],
2008
+ "framework_gaps": [],
2009
+ "attack_refs": [],
2010
+ "rfc_refs": []
2011
+ }
2012
+ },
2013
+ "CVE-2026-GTIG-AI-2FA": {
2014
+ "name": "GTIG-tracked AI-built 2FA-bypass zero-day (placeholder)",
2015
+ "rwep": 55,
2016
+ "cvss": 8.1,
2017
+ "cisa_kev": false,
2018
+ "epss_score": null,
2019
+ "referencing_skills": [],
2020
+ "chain": {
2021
+ "cwes": [],
2022
+ "atlas": [],
2023
+ "d3fend": [],
2024
+ "framework_gaps": [],
2025
+ "attack_refs": [],
2026
+ "rfc_refs": []
2027
+ }
2028
+ },
2029
+ "CVE-2026-30623": {
2030
+ "name": "Anthropic MCP SDK stdio command-injection",
2031
+ "rwep": 30,
2032
+ "cvss": 8.8,
2033
+ "cisa_kev": false,
2034
+ "epss_score": 0.02,
2035
+ "referencing_skills": [],
2036
+ "chain": {
2037
+ "cwes": [],
2038
+ "atlas": [],
2039
+ "d3fend": [],
2040
+ "framework_gaps": [],
2041
+ "attack_refs": [],
2042
+ "rfc_refs": []
2043
+ }
2044
+ },
2045
+ "CVE-2025-12686": {
2046
+ "name": "Synology BeeStation unauth RCE (Pwn2Own Ireland 2025)",
2047
+ "rwep": 50,
2048
+ "cvss": 9.8,
2049
+ "cisa_kev": false,
2050
+ "epss_score": 0.04,
2051
+ "referencing_skills": [],
2052
+ "chain": {
2053
+ "cwes": [],
2054
+ "atlas": [],
2055
+ "d3fend": [],
2056
+ "framework_gaps": [],
2057
+ "attack_refs": [],
2058
+ "rfc_refs": []
2059
+ }
2060
+ },
2061
+ "CVE-2025-62847": {
2062
+ "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 1/3)",
2063
+ "rwep": 45,
2064
+ "cvss": 9.8,
2065
+ "cisa_kev": false,
2066
+ "epss_score": 0.03,
2067
+ "referencing_skills": [],
2068
+ "chain": {
2069
+ "cwes": [],
2070
+ "atlas": [],
2071
+ "d3fend": [],
2072
+ "framework_gaps": [],
2073
+ "attack_refs": [],
2074
+ "rfc_refs": []
2075
+ }
2076
+ },
2077
+ "CVE-2025-62848": {
2078
+ "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 2/3)",
2079
+ "rwep": 45,
2080
+ "cvss": 9.8,
2081
+ "cisa_kev": false,
2082
+ "epss_score": 0.03,
2083
+ "referencing_skills": [],
2084
+ "chain": {
2085
+ "cwes": [],
2086
+ "atlas": [],
2087
+ "d3fend": [],
2088
+ "framework_gaps": [],
2089
+ "attack_refs": [],
2090
+ "rfc_refs": []
2091
+ }
2092
+ },
2093
+ "CVE-2025-62849": {
2094
+ "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 3/3)",
2095
+ "rwep": 40,
2096
+ "cvss": 8.8,
2097
+ "cisa_kev": false,
2098
+ "epss_score": 0.02,
2099
+ "referencing_skills": [],
2100
+ "chain": {
2101
+ "cwes": [],
2102
+ "atlas": [],
2103
+ "d3fend": [],
2104
+ "framework_gaps": [],
2105
+ "attack_refs": [],
2106
+ "rfc_refs": []
2107
+ }
2108
+ },
2109
+ "CVE-2025-59389": {
2110
+ "name": "QNAP Hyper Data Protector critical RCE (Pwn2Own Ireland 2025)",
2111
+ "rwep": 45,
2112
+ "cvss": 9.8,
2113
+ "cisa_kev": false,
2114
+ "epss_score": 0.05,
2115
+ "referencing_skills": [],
2116
+ "chain": {
2117
+ "cwes": [],
2118
+ "atlas": [],
2119
+ "d3fend": [],
2120
+ "framework_gaps": [],
2121
+ "attack_refs": [],
2122
+ "rfc_refs": []
2123
+ }
2124
+ },
2125
+ "CVE-2025-11837": {
2126
+ "name": "QNAP Malware Remover code-injection",
2127
+ "rwep": 40,
2128
+ "cvss": 8,
2129
+ "cisa_kev": false,
2130
+ "epss_score": 0.025,
2131
+ "referencing_skills": [],
2132
+ "chain": {
2133
+ "cwes": [],
2134
+ "atlas": [],
2135
+ "d3fend": [],
2136
+ "framework_gaps": [],
2137
+ "attack_refs": [],
2138
+ "rfc_refs": []
2139
+ }
2140
+ },
2141
+ "CVE-2026-42945": {
2142
+ "name": "NGINX Rift",
2143
+ "rwep": 40,
2144
+ "cvss": 9.2,
2145
+ "cisa_kev": false,
2146
+ "epss_score": null,
2147
+ "referencing_skills": [],
2148
+ "chain": {
2149
+ "cwes": [],
2150
+ "atlas": [],
2151
+ "d3fend": [],
2152
+ "framework_gaps": [],
2153
+ "attack_refs": [],
2154
+ "rfc_refs": []
2155
+ }
2156
+ },
1837
2157
  "CWE-20": {
1838
2158
  "name": "Improper Input Validation",
1839
2159
  "category": "Validation",
package/data/_indexes/currency.json CHANGED
@@ -28,7 +28,7 @@
28
28
  "days_since_review": 0,
29
29
  "currency_score": 100,
30
30
  "currency_label": "current",
31
- "forward_watch_count": 0,
31
+ "forward_watch_count": 8,
32
32
  "action_required": false
33
33
  },
34
34
  {
@@ -55,7 +55,7 @@
55
55
  "days_since_review": -10,
56
56
  "currency_score": 100,
57
57
  "currency_label": "current",
58
- "forward_watch_count": 0,
58
+ "forward_watch_count": 3,
59
59
  "action_required": false
60
60
  },
61
61
  {
@@ -64,7 +64,7 @@
64
64
  "days_since_review": -10,
65
65
  "currency_score": 100,
66
66
  "currency_label": "current",
67
- "forward_watch_count": 4,
67
+ "forward_watch_count": 5,
68
68
  "action_required": false
69
69
  },
70
70
  {
@@ -91,7 +91,7 @@
91
91
  "days_since_review": -10,
92
92
  "currency_score": 100,
93
93
  "currency_label": "current",
94
- "forward_watch_count": 0,
94
+ "forward_watch_count": 1,
95
95
  "action_required": false
96
96
  },
97
97
  {
@@ -190,7 +190,7 @@
190
190
  "days_since_review": 0,
191
191
  "currency_score": 100,
192
192
  "currency_label": "current",
193
- "forward_watch_count": 0,
193
+ "forward_watch_count": 4,
194
194
  "action_required": false
195
195
  },
196
196
  {
@@ -199,7 +199,7 @@
199
199
  "days_since_review": 0,
200
200
  "currency_score": 100,
201
201
  "currency_label": "current",
202
- "forward_watch_count": 0,
202
+ "forward_watch_count": 4,
203
203
  "action_required": false
204
204
  },
205
205
  {
@@ -244,7 +244,7 @@
244
244
  "days_since_review": 0,
245
245
  "currency_score": 100,
246
246
  "currency_label": "current",
247
- "forward_watch_count": 0,
247
+ "forward_watch_count": 1,
248
248
  "action_required": false
249
249
  },
250
250
  {
@@ -316,7 +316,7 @@
316
316
  "days_since_review": -10,
317
317
  "currency_score": 100,
318
318
  "currency_label": "current",
319
- "forward_watch_count": 6,
319
+ "forward_watch_count": 8,
320
320
  "action_required": false
321
321
  },
322
322
  {
@@ -343,7 +343,7 @@
343
343
  "days_since_review": -10,
344
344
  "currency_score": 100,
345
345
  "currency_label": "current",
346
- "forward_watch_count": 0,
346
+ "forward_watch_count": 1,
347
347
  "action_required": false
348
348
  },
349
349
  {
package/data/_indexes/frequency.json CHANGED
@@ -2063,12 +2063,26 @@
2063
2063
  "CWE-916"
2064
2064
  ],
2065
2065
  "atlas_refs": [
2066
+ "AML.T0001",
2067
+ "AML.T0011.002",
2066
2068
  "AML.T0024",
2067
2069
  "AML.T0044",
2068
2070
  "AML.T0048",
2069
2071
  "AML.T0053",
2070
2072
  "AML.T0055",
2071
- "AML.T0057"
2073
+ "AML.T0057",
2074
+ "AML.T0097",
2075
+ "AML.T0098",
2076
+ "AML.T0099",
2077
+ "AML.T0100",
2078
+ "AML.T0101",
2079
+ "AML.T0102",
2080
+ "AML.T0103",
2081
+ "AML.T0104",
2082
+ "AML.T0105",
2083
+ "AML.T0106",
2084
+ "AML.T0107",
2085
+ "AML.T0108"
2072
2086
  ],
2073
2087
  "d3fend_refs": [
2074
2088
  "D3-ANCI",
@@ -2086,10 +2100,26 @@
2086
2100
  "AU-Essential-8-MFA",
2087
2101
  "AU-Essential-8-Patch",
2088
2102
  "DORA-Art28",
2103
+ "DORA-IA-CTPP-Oversight",
2104
+ "DORA-ITS-TLPT",
2105
+ "DORA-RTS-Incident-Classification",
2106
+ "DORA-RTS-Subcontracting",
2107
+ "EU-AI-Act-Annex-IX-Conformity",
2089
2108
  "EU-AI-Act-Art-15",
2109
+ "EU-AI-Act-Art-53-GPAI",
2110
+ "EU-AI-Act-Art-55-Systemic",
2111
+ "EU-AI-Act-GPAI-CoP",
2090
2112
  "EU-CRA-Art13",
2113
+ "HIPAA-Security-Rule-2026-NPRM-164.308",
2114
+ "HIPAA-Security-Rule-2026-NPRM-164.310",
2115
+ "HIPAA-Security-Rule-2026-NPRM-164.312",
2116
+ "HIPAA-Security-Rule-2026-NPRM-164.314",
2091
2117
  "NIS2-Art21-incident-handling",
2092
2118
  "NIST-800-53-SI-10",
2119
+ "PCI-DSS-4.0.1-11.6.1",
2120
+ "PCI-DSS-4.0.1-12.10.7",
2121
+ "PCI-DSS-4.0.1-12.3.3",
2122
+ "PCI-DSS-4.0.1-6.4.3",
2093
2123
  "UK-CAF-A1",
2094
2124
  "UK-CAF-B2",
2095
2125
  "UK-CAF-C1",
@@ -2104,10 +2134,17 @@
2104
2134
  "RFC-6546",
2105
2135
  "RFC-7208",
2106
2136
  "RFC-7489",
2137
+ "RFC-7644",
2107
2138
  "RFC-7970",
2139
+ "RFC-8460",
2108
2140
  "RFC-8461",
2109
2141
  "RFC-8616",
2110
- "RFC-9116"
2142
+ "RFC-8617",
2143
+ "RFC-8705",
2144
+ "RFC-9112",
2145
+ "RFC-9116",
2146
+ "RFC-9449",
2147
+ "RFC-9622"
2111
2148
  ],
2112
2149
  "dlp_refs": [
2113
2150
  "DLP-CHAN-CLIPBOARD-AI",
package/data/_indexes/jurisdiction-clocks.json CHANGED
@@ -38,9 +38,9 @@
38
38
  "trigger": "Major ICT-related incident (RTO/RPO breach, high financial impact, reputational damage)",
39
39
  "stages": null,
40
40
  "source": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554",
41
- "authority": "ESAs (EBA, EIOPA, ESMA)"
41
+ "authority": "ESAs (EBA, EIOPA, ESMA) + Lead Overseers (CTPP regime from H2 2026)"
42
42
  },
43
- "authority": "ESAs (EBA, EIOPA, ESMA)"
43
+ "authority": "ESAs (EBA, EIOPA, ESMA) + Lead Overseers (CTPP regime from H2 2026)"
44
44
  },
45
45
  "EU_CRA": {
46
46
  "breach_notification": {
package/data/_indexes/jurisdiction-map.json CHANGED
@@ -131,6 +131,7 @@
131
131
  "SG": {
132
132
  "skills": [
133
133
  "age-gates-child-safety",
134
+ "ai-attack-surface",
134
135
  "api-security",
135
136
  "cloud-security",
136
137
  "container-runtime-security",
@@ -140,6 +141,7 @@
140
141
  "global-grc",
141
142
  "identity-assurance",
142
143
  "incident-response-playbook",
144
+ "mcp-agent-trust",
143
145
  "mlops-security",
144
146
  "researcher",
145
147
  "sector-federal-government",
@@ -149,7 +151,7 @@
149
151
  "webapp-security"
150
152
  ],
151
153
  "example_excerpts": {},
152
- "skill_count": 17
154
+ "skill_count": 19
153
155
  },
154
156
  "JP": {
155
157
  "skills": [