@blamejs/exceptd-skills 0.12.31 → 0.12.33

package/data/_indexes/frequency.json

@@ -2508,6 +2508,7 @@
     "d3fend_refs": [
       "D3-ANCI",
       "D3-CH",
+      "D3-EFA",
       "D3-EI",
       "D3-FCR",
       "D3-KBPI",
@@ -2519,6 +2520,8 @@
       "AU-Essential-8-Backup",
       "AU-Essential-8-MFA",
       "AU-Essential-8-Patch",
+      "CIS-Controls-v8-10.1",
+      "DORA-Art-9",
       "DORA-Art28",
       "DORA-IA-CTPP-Oversight",
       "DORA-ITS-TLPT",
@@ -2534,8 +2537,15 @@
       "HIPAA-Security-Rule-2026-NPRM-164.310",
       "HIPAA-Security-Rule-2026-NPRM-164.312",
       "HIPAA-Security-Rule-2026-NPRM-164.314",
+      "ISO-27001-2022-A.8.7",
+      "NIS2-Art21-identity-management",
       "NIS2-Art21-incident-handling",
+      "NIS2-Art21-vulnerability-management",
+      "NIST-800-53-AC-3",
+      "NIST-800-53-AC-6",
+      "NIST-800-53-SC-44",
       "NIST-800-53-SI-10",
+      "OWASP-LLM-Top-10-2025-LLM05",
       "PCI-DSS-4.0.1-11.6.1",
       "PCI-DSS-4.0.1-12.10.7",
       "PCI-DSS-4.0.1-12.3.3",

package/data/_indexes/section-offsets.json

@@ -3731,7 +3731,7 @@
     },
     "ransomware-response": {
       "path": "skills/ransomware-response/skill.md",
-      "total_bytes": 48211,
+      "total_bytes": 48543,
       "total_lines": 375,
       "frontmatter": {
         "line_start": 1,
@@ -3817,8 +3817,8 @@
           "normalized_name": "hand-off",
           "line": 360,
           "byte_start": 44725,
-          "byte_end": 48211,
-          "bytes": 3486,
+          "byte_end": 48543,
+          "bytes": 3818,
           "h3_count": 0
         }
       ]
@@ -4013,7 +4013,7 @@
     },
     "cloud-iam-incident": {
       "path": "skills/cloud-iam-incident/skill.md",
-      "total_bytes": 44433,
+      "total_bytes": 44569,
       "total_lines": 420,
       "frontmatter": {
         "line_start": 1,
@@ -4099,15 +4099,15 @@
           "normalized_name": "hand-off",
           "line": 400,
           "byte_start": 41396,
-          "byte_end": 44433,
-          "bytes": 3037,
+          "byte_end": 44569,
+          "bytes": 3173,
           "h3_count": 0
         }
       ]
     },
     "idp-incident-response": {
       "path": "skills/idp-incident-response/skill.md",
-      "total_bytes": 46225,
+      "total_bytes": 46352,
       "total_lines": 353,
       "frontmatter": {
         "line_start": 1,
@@ -4193,8 +4193,8 @@
           "normalized_name": "hand-off",
           "line": 335,
           "byte_start": 42384,
-          "byte_end": 46225,
-          "bytes": 3841,
+          "byte_end": 46352,
+          "bytes": 3968,
           "h3_count": 0
         }
       ]

package/data/_indexes/token-budget.json

@@ -3,8 +3,8 @@
     "schema_version": "1.0.0",
     "tokenizer_note": "Character-density approximation: 1 token ≈ 4 chars. This is the canonical rule-of-thumb for OpenAI tokenizers on English+technical text. Claude's tokenizer is typically more efficient on prose; treat this as an upper-bound budget for both. Consumers with stricter precision needs should re-tokenize with their own tokenizer.",
     "approx_chars_per_token": 4,
-    "total_chars": 1589324,
-    "total_approx_tokens": 397336,
+    "total_chars": 1589917,
+    "total_approx_tokens": 397485,
     "skill_count": 42
   },
   "skills": {
@@ -2175,10 +2175,10 @@
     },
     "ransomware-response": {
       "path": "skills/ransomware-response/skill.md",
-      "bytes": 48211,
-      "chars": 48033,
+      "bytes": 48543,
+      "chars": 48363,
       "lines": 375,
-      "approx_tokens": 12008,
+      "approx_tokens": 12091,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2222,9 +2222,9 @@
           "approx_tokens": 945
         },
         "hand-off": {
-          "bytes": 3486,
-          "chars": 3460,
-          "approx_tokens": 865
+          "bytes": 3818,
+          "chars": 3790,
+          "approx_tokens": 948
         }
       }
     },
@@ -2340,10 +2340,10 @@
     },
     "cloud-iam-incident": {
       "path": "skills/cloud-iam-incident/skill.md",
-      "bytes": 44433,
-      "chars": 44275,
+      "bytes": 44569,
+      "chars": 44411,
       "lines": 420,
-      "approx_tokens": 11069,
+      "approx_tokens": 11103,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2387,18 +2387,18 @@
           "approx_tokens": 1017
         },
         "hand-off": {
-          "bytes": 3037,
-          "chars": 3009,
-          "approx_tokens": 752
+          "bytes": 3173,
+          "chars": 3145,
+          "approx_tokens": 786
         }
       }
     },
     "idp-incident-response": {
       "path": "skills/idp-incident-response/skill.md",
-      "bytes": 46225,
-      "chars": 46095,
+      "bytes": 46352,
+      "chars": 46222,
       "lines": 353,
-      "approx_tokens": 11524,
+      "approx_tokens": 11556,
       "approx_chars_per_token": 4,
       "sections": {
         "threat-context": {
@@ -2442,9 +2442,9 @@
           "approx_tokens": 1130
         },
         "hand-off": {
-          "bytes": 3841,
-          "chars": 3817,
-          "approx_tokens": 954
+          "bytes": 3968,
+          "chars": 3944,
+          "approx_tokens": 986
         }
       }
     }

package/data/cve-catalog.json

@@ -39,7 +39,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.167,
+      "current_rate": 0.162,
       "current_floor_enforced_by_test": 0.15,
       "ladder_to_target": [
         0.15,
@@ -2769,8 +2769,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields."
   },
   "CVE-2026-0300": {
-    "_draft": true,
-    "_auto_imported": true,
     "name": "PAN-UID — Palo Alto Networks PAN-OS User-ID Authentication Portal RCE",
     "type": "rce",
     "cvss_score": 9.3,
@@ -2874,11 +2872,11 @@
       ]
     },
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Internal discovery by Palo Alto Networks PSIRT during proactive authentication-subsystem auditing; vendor advisory published 2026-05-13 alongside CISA KEV listing 2026-05-06. No AI-tool credit. Source: https://security.paloaltonetworks.com/CVE-2026-0300 and https://www.cisa.gov/news-events/alerts/2026/05/06/cisa-adds-one-known-exploited-vulnerability-catalog."
+    "discovery_attribution_note": "Internal discovery by Palo Alto Networks PSIRT during proactive authentication-subsystem auditing; vendor advisory published 2026-05-13 alongside CISA KEV listing 2026-05-06. No AI-tool credit. Source: https://security.paloaltonetworks.com/CVE-2026-0300 and https://www.cisa.gov/news-events/alerts/2026/05/06/cisa-adds-one-known-exploited-vulnerability-catalog.",
+    "_editorial_promoted": "2026-05-15",
+    "_editorial_note": "Promoted from draft v0.12.32 (cycle 12 F1 fix): cycle 11 audit confirmed all required fields populated (iocs, vendor_advisories, verification_sources, complexity, affected_versions); RWEP factors satisfy Shape B invariant; discovery_attribution_note cites a researcher / team with URL. Editorial gate: passed."
   },
   "CVE-2026-39987": {
-    "_draft": true,
-    "_auto_imported": true,
     "name": "Marimo Python Notebook Pre-Auth WebSocket Terminal RCE",
     "type": "rce",
     "cvss_score": 9.3,
@@ -2989,11 +2987,11 @@
       ]
     },
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Marimo team's security review of the terminal subsystem prompted by Sysdig honeypot evidence; vendor advisory + Sysdig blog jointly disclosed 2026-04-21 / 2026-04-23. No AI-tool credit for the discovery; the vulnerable component IS an AI/ML developer surface but the bug was found by conventional human review. Source: https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface and https://github.com/marimo-team/marimo/security/advisories."
+    "discovery_attribution_note": "Marimo team's security review of the terminal subsystem prompted by Sysdig honeypot evidence; vendor advisory + Sysdig blog jointly disclosed 2026-04-21 / 2026-04-23. No AI-tool credit for the discovery; the vulnerable component IS an AI/ML developer surface but the bug was found by conventional human review. Source: https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface and https://github.com/marimo-team/marimo/security/advisories.",
+    "_editorial_promoted": "2026-05-15",
+    "_editorial_note": "Promoted from draft v0.12.32 (cycle 12 F1 fix): cycle 11 audit confirmed all required fields populated (iocs, vendor_advisories, verification_sources, complexity, affected_versions); RWEP factors satisfy Shape B invariant; discovery_attribution_note cites a researcher / team with URL. Editorial gate: passed."
   },
   "CVE-2026-6973": {
-    "_draft": true,
-    "_auto_imported": true,
     "name": "Ivanti EPMM Authenticated-Admin RCE",
     "type": "rce",
     "cvss_score": 7.2,
@@ -3099,11 +3097,11 @@
       ]
     },
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Internal Ivanti product-security discovery; vendor advisory + CISA KEV listing jointly published 2026-05-07 with a 3-day due date reflecting confirmed in-wild exploitation. No AI-tool credit. Source: https://forums.ivanti.com/s/article/Security-Advisory-EPMM-CVE-2026-6973 and https://www.helpnetsecurity.com/2026/05/08/ivanti-epmm-zero-day-cve-2026-6973/."
+    "discovery_attribution_note": "Internal Ivanti product-security discovery; vendor advisory + CISA KEV listing jointly published 2026-05-07 with a 3-day due date reflecting confirmed in-wild exploitation. No AI-tool credit. Source: https://forums.ivanti.com/s/article/Security-Advisory-EPMM-CVE-2026-6973 and https://www.helpnetsecurity.com/2026/05/08/ivanti-epmm-zero-day-cve-2026-6973/.",
+    "_editorial_promoted": "2026-05-15",
+    "_editorial_note": "Promoted from draft v0.12.32 (cycle 12 F1 fix): cycle 11 audit confirmed all required fields populated (iocs, vendor_advisories, verification_sources, complexity, affected_versions); RWEP factors satisfy Shape B invariant; discovery_attribution_note cites a researcher / team with URL. Editorial gate: passed."
   },
   "CVE-2026-42897": {
-    "_draft": true,
-    "_auto_imported": true,
     "name": "Microsoft Exchange OWA Stored XSS / Spoofing Zero-Day",
     "type": "stored-xss",
     "cvss_score": 8.1,
@@ -3212,11 +3210,11 @@
       "forensic_note": "Defenders should snapshot the OWA IIS logs + Exchange transport logs covering the attack window BEFORE applying EEMS rules; the EEMS rule strips the payload pattern from subsequent renders, but historical IIS log entries retain the request shape that surfaces the exploitation."
     },
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Microsoft MSRC discovery from in-the-wild exploitation telemetry; disclosed 2026-05-15 with concurrent CISA KEV listing and Exchange Team blog publication. No binary patch at disclosure; mitigation via Exchange Emergency Mitigation Service. No AI-tool credit. Source: https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498 and https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/."
+    "discovery_attribution_note": "Microsoft MSRC discovery from in-the-wild exploitation telemetry; disclosed 2026-05-15 with concurrent CISA KEV listing and Exchange Team blog publication. No binary patch at disclosure; mitigation via Exchange Emergency Mitigation Service. No AI-tool credit. Source: https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498 and https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-exchange-zero-day-flaw-exploited-in-attacks/.",
+    "_editorial_promoted": "2026-05-15",
+    "_editorial_note": "Promoted from draft v0.12.32 (cycle 12 F1 fix): cycle 11 audit confirmed all required fields populated (iocs, vendor_advisories, verification_sources, complexity, affected_versions); RWEP factors satisfy Shape B invariant; discovery_attribution_note cites a researcher / team with URL. Editorial gate: passed."
   },
   "CVE-2026-32202": {
-    "_draft": true,
-    "_auto_imported": true,
     "name": "Microsoft Windows Shell LNK Mark-of-the-Web Bypass (APT28)",
     "type": "protection-mechanism-failure",
     "cvss_score": 7.5,
@@ -3325,11 +3323,11 @@
       ]
     },
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "APT28 (Fancy Bear) in-the-wild weaponization observed by Microsoft + Help Net Security 2026-04-28; CVE-2026-32202 represents an incomplete-patch re-exploit of CVE-2026-21510 and chains with CVE-2026-21513 in the operational APT28 toolkit. Nation-state tradecraft; no AI-tool credit on either the discovery or weaponization side. Source: https://www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/ and https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202."
+    "discovery_attribution_note": "APT28 (Fancy Bear) in-the-wild weaponization observed by Microsoft + Help Net Security 2026-04-28; CVE-2026-32202 represents an incomplete-patch re-exploit of CVE-2026-21510 and chains with CVE-2026-21513 in the operational APT28 toolkit. Nation-state tradecraft; no AI-tool credit on either the discovery or weaponization side. Source: https://www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/ and https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202.",
+    "_editorial_promoted": "2026-05-15",
+    "_editorial_note": "Promoted from draft v0.12.32 (cycle 12 F1 fix): cycle 11 audit confirmed all required fields populated (iocs, vendor_advisories, verification_sources, complexity, affected_versions); RWEP factors satisfy Shape B invariant; discovery_attribution_note cites a researcher / team with URL. Editorial gate: passed."
   },
   "CVE-2026-33825": {
-    "_draft": true,
-    "_auto_imported": true,
     "name": "BlueHammer — Microsoft Defender File-Remediation TOCTOU LPE",
     "type": "race-condition",
     "cvss_score": 7.8,
@@ -3440,6 +3438,136 @@
       ]
     },
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Picus Security ('BlueHammer' / RedSun research) published a working PoC before Microsoft released the patch — true zero-day disclosure 2026-04-22; CISA KEV listed same day with a 14-day due date. No AI-tool credit on the discovery; conventional Windows-Defender internals research. Source: https://www.picussecurity.com/resource/blog/bluehammer-redsun-windows-defender-cve-2026-33825-zero-day-vulnerability-explained and https://www.cisa.gov/known-exploited-vulnerabilities-catalog."
+    "discovery_attribution_note": "Picus Security ('BlueHammer' / RedSun research) published a working PoC before Microsoft released the patch — true zero-day disclosure 2026-04-22; CISA KEV listed same day with a 14-day due date. No AI-tool credit on the discovery; conventional Windows-Defender internals research. Source: https://www.picussecurity.com/resource/blog/bluehammer-redsun-windows-defender-cve-2026-33825-zero-day-vulnerability-explained and https://www.cisa.gov/known-exploited-vulnerabilities-catalog.",
+    "_editorial_promoted": "2026-05-15",
+    "_editorial_note": "Promoted from draft v0.12.32 (cycle 12 F1 fix): cycle 11 audit confirmed all required fields populated (iocs, vendor_advisories, verification_sources, complexity, affected_versions); RWEP factors satisfy Shape B invariant; discovery_attribution_note cites a researcher / team with URL. Editorial gate: passed."
+  },
+  "MAL-2026-NODE-IPC-STEALER": {
+    "name": "node-ipc credential-stealer (expired-domain account-recovery compromise)",
+    "type": "supply-chain-credential-stealer",
+    "cvss_score": 9.8,
+    "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+    "cvss_correction_note": "No NVD CVE assigned as of 2026-05-15; CVSS synthesized per OSSF Malicious-Packages convention: unauthenticated code execution on `require('node-ipc')` against a 3.35M-monthly-download package with confirmed credential exfiltration. AV:N because the malicious payload reaches the victim over the npm registry network channel; UI:R because a developer / CI must invoke `npm install`; S:C because exfiltrated AWS / GCP / Azure / SSH / kubeconfig / Vault material extends the blast radius beyond the consuming process.",
+    "cisa_kev": false,
+    "cisa_kev_date": null,
+    "kev_scope_note": "CISA KEV historically excludes ecosystem-package compromises (npm / PyPI / RubyGems malicious-package events) — its scope is federally-deployable products with assigned CVE identifiers. The node-ipc 2026-05-14 publish event is OSSF-MAL-catalogued (MAL-2026-NODE-IPC-STEALER) without a NVD CVE as of 2026-05-15; `cisa_kev: false` is correct, and `active_exploitation: confirmed` reflects the live malicious payload in the registry. Operators should consume CISA-KEV-equivalent guidance from the OpenSSF MAL feed + ecosystem-specific advisories (Socket, StepSecurity, Semgrep, Datadog Security Labs, Snyk) for this class.",
+    "poc_available": true,
+    "poc_description": "Live payload — three malicious versions (node-ipc 9.1.6, 9.2.3, 12.0.1) were published to the public npm registry by attacker-controlled account `atiertant` on 2026-05-14 and remained installable for the exposure window before npm yank. The malicious build IS the PoC.",
+    "ai_discovered": false,
+    "ai_discovery_source": "vendor_research",
+    "ai_discovery_notes": "No AI-tool credited for discovery. Concurrent ecosystem telemetry detection by Socket, StepSecurity, Semgrep, and Datadog Security Labs within hours of publication; The Hacker News surfaced the consolidated report. ai_discovery_source set to `vendor_research` because the enum does not include an `ecosystem_detection` value; the attribution note records the actual provenance.",
+    "ai_assisted_weaponization": false,
+    "ai_assisted_notes": "No AI-tooling credit on the payload-development side. The 80 KB obfuscated IIFE follows a conventional minifier-plus-string-encoding pattern; no AI-generated code fingerprint reported by the responding firms.",
+    "active_exploitation": "confirmed",
+    "active_exploitation_notes": "The three malicious versions executed credential harvesting on every `require('node-ipc')` against installed hosts during the exposure window. Datadog Security Labs and Socket each observed real consumer-side installs of the malicious versions before yank.",
+    "affected": "node-ipc package on npm — versions 9.1.6, 9.2.3, 12.0.1 published 2026-05-14 by publisher `atiertant` (contact `a.tiertant@atlantis-software.net`). Package carries approximately 3.35M monthly downloads per npm registry telemetry; secondary reports cite 822K weekly (Socket) and 10M weekly (The Hacker News) — see source-data ambiguity note in verification_sources. Architectural impact reaches every transitive consumer that resolves any of the three malicious versions during the exposure window.",
+    "affected_versions": [
+      "node-ipc == 9.1.6 (malicious, published 2026-05-14)",
+      "node-ipc == 9.2.3 (malicious, published 2026-05-14)",
+      "node-ipc == 12.0.1 (malicious, published 2026-05-14)"
+    ],
+    "vector": "Novel supply-chain account-recovery abuse via expired maintainer email domain. (1) `atlantis-software.net` — the email domain associated with the legitimate node-ipc maintainer account — lapsed and was re-registered by the attacker on 2026-05-07 via Namecheap PrivateEmail. (2) Attacker invoked the npm password-reset flow, which delivered the reset link to the now-attacker-controlled mailbox. (3) Attacker published three malicious versions (9.1.6, 9.2.3, 12.0.1) with an 80 KB obfuscated IIFE appended to `node-ipc.cjs` that fires on every `require('node-ipc')` — no lifecycle / postinstall hook required, so consumer-side `--ignore-scripts` does NOT mitigate. (4) Payload exfiltrates AWS credentials, GCP service-account keys, Azure tokens, SSH private keys, Kubernetes kubeconfig, HashiCorp Vault tokens, Claude AI configs, and Kiro IDE configs via DNS TXT queries to an Azure-lookalike spoofed domain controlled by the attacker. Class: registry-side account-recovery abuse mediated by DNS lifecycle, NOT credential-dump or token-theft.",
+    "complexity": "low",
+    "complexity_notes": "Consumer-side exploitation is automatic on any process that calls `require('node-ipc')` from a malicious version. No race condition, no user interaction beyond `npm install` resolving to a malicious version. The novel attack precondition (expired-domain re-registration + npm password reset) is itself low-complexity for any attacker who monitors maintainer-email-domain expirations.",
+    "patch_available": true,
+    "patch_required_reboot": false,
+    "live_patch_available": true,
+    "live_patch_tools": [
+      "npm audit (yank-aware after npm registry-side removal of the malicious versions)",
+      "Socket (registry-side install-time blocking)",
+      "StepSecurity Harden-Runner (CI-side egress + install-time blocking)",
+      "Snyk (advisory-driven CI policy block)",
+      "Datadog Security Labs CI integrations (telemetry-driven block)",
+      "Semgrep Supply Chain (lockfile audit against the malicious version set)"
+    ],
+    "vendor_update_paths": [
+      "npm yanked the three malicious versions 2026-05-14",
+      "Pin to node-ipc <= 9.1.5 OR >= the post-yank clean republication (consult package security tab on npm for the current clean version range)",
+      "Lockfile audit: scan package-lock.json / yarn.lock / pnpm-lock.yaml for resolved tarball SHAs matching the three malicious version IDs; rotate any credentials reachable from a host that resolved them during the exposure window"
+    ],
+    "framework_control_gaps": {
+      "NIST-800-218-SSDF": "Reused-OSS-component control assumes maintainer-account integrity; does not address maintainer-email-domain expiry as a supply-chain risk class.",
+      "EU-CRA-Art13": "SBOM requirement does not address freshness-of-published-version OR maintainer-account-recovery integrity — pinning to a malicious version is SBOM-compliant.",
+      "NIS2-Art21-supply-chain": "Generic supply chain controls without npm-ecosystem-specific guidance (postinstall vs main-module payload distinction, maintainer-domain-expiry monitoring, registry-account MFA enforcement).",
+      "NIST-800-53-IA-5-Federated": "Authenticator-management control covers operator-side credentials but does not extend to upstream-maintainer-account recovery flow on third-party package registries.",
+      "SLSA-v1.0-Build-L3": "Source / build provenance attestations do not address account-takeover-via-domain-expiry — provenance asserts who built, not whether `who` is still the legitimate maintainer."
+    },
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0020"
+    ],
+    "attack_refs": [
+      "T1195.001",
+      "T1195.002",
+      "T1078",
+      "T1552.001",
+      "T1059.007"
+    ],
+    "rwep_score": 43,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 20,
+      "blast_radius": 28,
+      "patch_available": -15,
+      "live_patch_available": -10,
+      "reboot_required": 0
+    },
+    "epss_score": null,
+    "epss_date": "2026-05-15",
+    "epss_note": "EPSS coverage does not extend to non-CVE OSSF-MAL identifiers as of 2026-05-15.",
+    "cwe_refs": [
+      "CWE-506",
+      "CWE-829",
+      "CWE-1357"
+    ],
+    "source_verified": "2026-05-15",
+    "verification_sources": [
+      "https://thehackernews.com/2026/05/stealer-backdoor-found-in-3-node-ipc.html",
+      "https://socket.dev/blog/node-ipc-package-compromised",
+      "https://www.stepsecurity.io/blog/node-ipc-npm-supply-chain-attack",
+      "https://semgrep.dev/blog/2026/not-your-ipc-but-node-ipc-npm-hit-again-with-supply-chain-attack-but-this-time-its-not-a-worm/",
+      "https://securitylabs.datadoghq.com/articles/node-ipc-npm-malware-analysis/"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "npm (GitHub Advisory Database)",
+        "advisory_id": null,
+        "url": "https://github.com/advisories?query=node-ipc",
+        "severity": "critical",
+        "published_date": "2026-05-14"
+      },
+      {
+        "vendor": "Socket",
+        "advisory_id": null,
+        "url": "https://socket.dev/blog/node-ipc-package-compromised",
+        "severity": "critical",
+        "published_date": "2026-05-14"
+      }
+    ],
+    "iocs": {
+      "payload_artifacts": [
+        "node-ipc.cjs file SHA / size diff vs the prior clean version — three malicious versions (9.1.6, 9.2.3, 12.0.1) ship an 80 KB obfuscated IIFE appended to the main module export. Lockfile-resolved tarball integrity hash for any of these three versions IS the primary artifact IoC.",
+        "package.json publisher metadata: `_npmUser.name == 'atiertant'` OR maintainer email `a.tiertant@atlantis-software.net` on a node-ipc tarball — both are attacker-controlled and distinct from the legitimate historical publisher account."
+      ],
+      "behavioral": [
+        "Process executing `require('node-ipc')` issues outbound DNS TXT queries to an Azure-lookalike domain controlled by the attacker — high-entropy subdomain labels carrying base64 / hex chunks of harvested credential material. DNS-layer telemetry (Resolved, Cloudflare DNS, internal Unbound logs) captures the exfil channel even when HTTP egress is blocked.",
+        "Process executing `require('node-ipc')` performs read access to ANY of: ~/.aws/credentials, ~/.aws/config, ~/.config/gcloud/, ~/.azure/, ~/.ssh/id_*, ~/.kube/config, ~/.vault-token, ~/.config/Claude/, ~/.kiro/ — read pattern is the credential-harvest fingerprint regardless of whether the exfil channel succeeded.",
+        "node binary parent-process executes a `require('node-ipc')` call path AND opens a non-process-typical egress connection within the same scheduler tick — temporal correlation between module load and exfil DNS lookup is near-deterministic on first invocation."
+      ],
+      "version_exposure": [
+        "Lockfile (package-lock.json / yarn.lock / pnpm-lock.yaml) contains a `node-ipc` entry resolved to version 9.1.6, 9.2.3, or 12.0.1 — exact-version match is sufficient; the integrity hash will also differ from any pre-2026-05-14 cache.",
+        "package.json declares a node-ipc dependency range that includes any of the three malicious versions AND the lockfile was regenerated during the 2026-05-14 exposure window (lockfile mtime + node-ipc resolution check)."
+      ],
+      "registry_account_recovery": [
+        "npm account audit: any maintainer account whose primary contact email domain has WHOIS expiry within 90 days. Cross-reference with `npm whoami` + `npm owner ls <package>` for every critical-path dependency. This is the upstream IoC class — once it fires, the package is recoverable by any attacker who registers the domain before the legitimate maintainer renews."
+      ],
+      "forensic_note": "DNS TXT exfiltration is invisible to HTTP egress filtering and to most network IDS rules tuned for HTTPS. Defenders investigating suspected compromise should pull DNS resolver logs for the full exposure window — the exfil channel is the only telemetry that proves the payload fired AND succeeded (file-read alone does not prove successful exfil). Snapshot node_modules/node-ipc tarball before remediating; the tarball IS the primary forensic artifact."
+    },
+    "last_updated": "2026-05-15",
+    "discovery_attribution_note": "Concurrent ecosystem-detection by Socket (https://socket.dev/blog/node-ipc-package-compromised), StepSecurity (https://www.stepsecurity.io/blog/node-ipc-npm-supply-chain-attack), Semgrep (https://semgrep.dev/blog/2026/not-your-ipc-but-node-ipc-npm-hit-again-with-supply-chain-attack-but-this-time-its-not-a-worm/), and Datadog Security Labs (https://securitylabs.datadoghq.com/articles/node-ipc-npm-malware-analysis/) within hours of the 2026-05-14 publish window. Consolidated coverage by The Hacker News (https://thehackernews.com/2026/05/stealer-backdoor-found-in-3-node-ipc.html). No single human researcher credited; no AI-tool credit on the defender side. Discovery class: ecosystem-detection (telemetry-driven, no AI tool). Source-data ambiguity noted: monthly-download figure reported as 3.35M (npm registry direct) but Socket cited 822K weekly and The Hacker News cited 10M weekly — npm-registry-direct figure carried in the affected description; alternative figures retained in this note so future audits can reconcile against npm's API once the live counter rolls forward past the yank.",
+    "_editorial_promoted": "2026-05-15",
+    "_editorial_note": "Cycle 13 intake (v0.12.33): cycle 13 agent C surfaced node-ipc 2026-05-14 publish event in the 24h-window check. Novel attack precondition (expired-domain re-registration + npm password-reset abuse) makes this a distinct supply-chain class from the Shai-Hulud (token-compromise) and elementary-data (typosquat + orphan-commit) precedents; warrants its own NEW-CTRL-047 in zeroday-lessons.json. RWEP factors satisfy Shape B invariant (0 + 20 + 0 + 20 + 28 - 15 - 10 + 0 = 43); discovery_attribution_note cites multiple firms with URLs."
   }
 }

package/data/cwe-catalog.json

@@ -46,7 +46,9 @@
     "skills_referencing": [
       "fuzz-testing-strategy"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2026-6973"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
       "ISO-27001-2022-A.8.28",
@@ -112,8 +114,8 @@
       "webapp-security"
     ],
     "evidence_cves": [
-      "MAL-2026-3083",
-      "CVE-2025-53773"
+      "CVE-2025-53773",
+      "MAL-2026-3083"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
@@ -145,7 +147,9 @@
       "fuzz-testing-strategy",
       "webapp-security"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2026-39987"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
       "ISO-27001-2022-A.8.28"
@@ -177,7 +181,9 @@
       "attack-surface-pentest",
       "webapp-security"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2026-42897"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
       "NIST-800-53-SC-18",
@@ -271,8 +277,7 @@
       "webapp-security"
     ],
     "evidence_cves": [
-      "CVE-2025-53773",
-      "CVE-2026-30615",
+      "CVE-2026-6973",
       "MAL-2026-3083"
     ],
     "framework_controls_partially_addressing": [
@@ -559,7 +564,10 @@
       "sector-energy",
       "sector-telecom"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2026-0300",
+      "CVE-2026-39987"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-IA-2",
       "ISO-27001-2022-A.5.17"
@@ -846,7 +854,7 @@
       "mcp-agent-trust"
     ],
     "evidence_cves": [
-      "CVE-2026-30615"
+      "CVE-2026-32202"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SA-12",
@@ -905,7 +913,9 @@
       "CAPEC-39"
     ],
     "skills_referencing": [],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2026-32202"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-7",
       "NIST-800-53-SC-8(1)",
@@ -938,7 +948,9 @@
       "fuzz-testing-strategy",
       "kernel-lpe-triage"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2026-33825"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-16",
       "ISO-27001-2022-A.8.28"
@@ -967,10 +979,7 @@
       "fuzz-testing-strategy",
       "kernel-lpe-triage"
     ],
-    "evidence_cves": [
-      "CVE-2026-43284",
-      "CVE-2026-43500"
-    ],
+    "evidence_cves": [],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-16",
       "NIST-800-53-SI-2",
@@ -1058,9 +1067,7 @@
       "mcp-agent-trust",
       "supply-chain-integrity"
     ],
-    "evidence_cves": [
-      "CVE-2026-30615"
-    ],
+    "evidence_cves": [],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-7",
       "NIST-800-53-SA-12",
@@ -1120,8 +1127,8 @@
     ],
     "skills_referencing": [],
     "evidence_cves": [
-      "CVE-2026-45321",
-      "MAL-2026-3083"
+      "MAL-2026-3083",
+      "MAL-2026-NODE-IPC-STEALER"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SA-12",
@@ -1214,7 +1221,9 @@
     "skills_referencing": [
       "kernel-lpe-triage"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "CVE-2026-46300"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-16",
       "ISO-27001-2022-A.8.28"
@@ -1339,8 +1348,9 @@
       "kernel-lpe-triage"
     ],
     "evidence_cves": [
-      "CVE-2026-31431",
-      "CVE-2026-43500"
+      "CVE-2026-0300",
+      "CVE-2026-43500",
+      "CVE-2026-46300"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SI-10",
@@ -1404,7 +1414,9 @@
       "sector-federal-government",
       "supply-chain-integrity"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "MAL-2026-NODE-IPC-STEALER"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SA-12",
       "ISO-27001-2022-A.8.30"
@@ -1643,7 +1655,9 @@
       "sector-federal-government",
       "supply-chain-integrity"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "MAL-2026-NODE-IPC-STEALER"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SA-12",
       "ISO-27001-2022-A.5.21",

package/data/d3fend-catalog.json

@@ -1043,5 +1043,51 @@
     "ai_pipeline_applicability": "Self-managed AI hosts: standard FIM applies to MCP server configs, ~/.claude, ~/.cursor settings. Serverless: equivalent is image-immutability + read-only rootfs (modifications outside writable tmpfs are structurally impossible).",
     "lag_notes": "SI-7 covers software/firmware integrity; user-space configuration FIM is implicit not explicit. Framework audits accept 'FIM is deployed' without sampling whether the rule set covers AI-assistant config paths that have become high-value targets.",
     "last_verified": "2026-05-13"
+  },
+  "D3-EFA": {
+    "id": "D3-EFA",
+    "name": "Executable File Analysis",
+    "tactic": "Detect",
+    "subtactic": "File Analysis",
+    "description": "Analyzing the format, contents, or static characteristics of an executable file to determine whether it warrants further investigation. Covers PE/ELF/Mach-O header inspection, embedded-string + import-table review, entropy + packer detection, and YARA-rule matching against known malicious patterns. Distinct from D3-DA (Dynamic Analysis): no execution occurs.",
+    "counters_attack_techniques": [
+      "T1027",
+      "T1027.002",
+      "T1059",
+      "T1078",
+      "T1195.002",
+      "T1204",
+      "T1505.003",
+      "T1546.014",
+      "AML.T0010",
+      "AML.T0019"
+    ],
+    "digital_artifacts_addressed": [
+      "Executable Binary",
+      "Executable Script",
+      "Firmware",
+      "OS Image"
+    ],
+    "skills_referencing": [],
+    "implementation_examples": [
+      "YARA",
+      "PEStudio / PEiD",
+      "radare2 / Cutter / Ghidra (static-only mode)",
+      "ssdeep + sdhash fuzzy-hash matching",
+      "Mandiant CAPA capability detection",
+      "Sigstore cosign verify on container image manifests",
+      "OEM firmware-image signature verification at provisioning time"
+    ],
+    "framework_controls_partially_mapped": [
+      "NIST-800-53-SI-3",
+      "NIST-800-53-SI-7",
+      "NIST-800-53-SI-7(6)",
+      "ISO-27001-2022-A.8.7",
+      "PCI-DSS-v4-5.2.3",
+      "CIS-Controls-v8-10.5"
+    ],
+    "ai_pipeline_applicability": "Directly applicable to model-artifact ingestion paths (pickle/safetensors/ONNX): static analysis of serialized weights can surface malicious __reduce__ payloads (D3-EFA on the pickle stream) before any deserialization occurs. For MCP-server binaries shipped via npm/PyPI, D3-EFA pairs with D3-EAL — analyze first to gate the allowlist decision rather than allow-by-publisher.",
+    "lag_notes": "NIST SI-3 prescribes \"malicious code protection\" without binding the control to static-file-analysis specifically; auditors routinely accept signature-AV deployment as the entire SI-3 implementation, missing the analyze-before-load posture that catches packed / encoder-obfuscated payloads. Distinct from D3-EAL: allowlisting blocks a binary at execute-time; D3-EFA inspects the bytes at file-write / image-pull / artifact-fetch time and gates the allowlist itself.",
+    "last_verified": "2026-05-15"
   }
 }