npm - @blamejs/exceptd-skills - Versions diffs - 0.13.13 → 0.13.15 - Mend

@blamejs/exceptd-skills 0.13.13 → 0.13.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/AGENTS.md +3 -2
package/CHANGELOG.md +30 -0
package/README.md +7 -5
package/data/_indexes/_meta.json +8 -8
package/data/_indexes/activity-feed.json +2 -2
package/data/_indexes/catalog-summaries.json +2 -2
package/data/_indexes/chains.json +124 -0
package/data/attack-techniques.json +2 -0
package/data/cve-catalog.json +93 -1
package/data/cwe-catalog.json +1 -0
package/data/framework-control-gaps.json +4 -1
package/data/zeroday-lessons.json +57 -1
package/lib/source-advisories.js +35 -0
package/manifest.json +44 -44
package/package.json +1 -1
package/sbom.cdx.json +28 -28

package/AGENTS.md CHANGED Viewed

@@ -170,7 +170,7 @@ Cross-cutting playbook `framework` is the natural correlation layer — many pla
 | `exceptd attest show <sid>` | Print the attestation body. |
 | `exceptd doctor` | Health checks. `--signatures` verifies Ed25519 chains; `--cves` / `--rfcs` check catalog currency; `--fix` repairs recoverable state; `--ai-config` audits AI-assistant config-file permissions (`~/.claude`, `~/.cursor`, `~/.codeium`, `~/.aider`, `~/.continue`) and flags sensitive files not at mode `0o600` on POSIX (NEW-CTRL-050). |
 | `exceptd lint` | Skill format lint — frontmatter completeness, required body sections, signature presence. |
-| `exceptd refresh --check-advisories` | Poll 8 primary-source advisory feeds (Qualys TRU, Red Hat RHSA, Ubuntu USN, ZDI, kernel.org commits, oss-security mailing list, JFrog SecOps, CISA current advisories) for CVE IDs at T+0 to T+1 — typically 3-14 days ahead of NVD enrichment. Report-only; emits structured `diffs[]` without mutating the catalog. Route promising IDs through `refresh --advisory <CVE-ID> --apply` to enrich. |
+| `exceptd refresh --check-advisories` | Poll 12 primary-source advisory feeds — 8 advisory/coordinated-disclosure venues (Qualys TRU, Red Hat RHSA, Ubuntu USN, ZDI, kernel.org commits, oss-security mailing list, JFrog SecOps, CISA current advisories) plus 4 vendor security research blogs (Microsoft Security Blog, Sysdig, Trail of Bits, Embrace the Red — added in v0.13.14 after DirtyDecrypt fell through the advisory-only set) for CVE IDs at T+0 to T+1 — typically 3-14 days ahead of NVD enrichment. Report-only; emits structured `diffs[]` without mutating the catalog. Route promising IDs through `refresh --advisory <CVE-ID> --apply` to enrich. |
 | `exceptd watchlist` | Default: aggregate every skill's `forward_watch` entries. `--by-skill` inverts grouping. `--alerts` switches to CVE-catalog pattern alerts (5 patterns: `kernel_lpe_with_poc`, `supply_chain_family`, `ai_discovered_kev`, `active_exploitation_unpatched`, `recent_poc_no_kev_yet`); sorts critical-first, then by RWEP. `--org-scan --org <login>` probes GitHub Search for repos matching threat-actor naming patterns ("A Gift From TeamPCP", "Shai-Hulud", "TeamPCP"); custom patterns via repeatable `--pattern <s>`; set `GITHUB_TOKEN` for private-repo + rate-limit headroom (NEW-CTRL-052). |
 All verbs support `--help` for per-verb usage. JSON output by default; `--pretty` for indented.
@@ -244,6 +244,7 @@ Recently added (use the IDs in skill prose and operator briefings; full text in
 | `NEW-CTRL-069` | ECOSYSTEM-PACKAGE-TEMPORAL-TRUST-DRIFT-DETECTION | `MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER` | NIST-800-218 SSDF PW.4, EU CRA Annex I §1(2)(b), SLSA Build L3 |
 | `NEW-CTRL-070` | TYPOSQUAT-INSTALL-TIME-NAME-CONFUSION-GUARD | `MAL-2025-PYPI-COLORAMA-SOLANA-STEALER` | NIST-800-218 SSDF PW.4, NIST-800-53 SI-7, EU CRA Annex I §1(2)(c) |
 | `NEW-CTRL-071` | AI-DISCOVERY-CREDIT-IN-COMPLIANCE-EVIDENCE | `MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP` + `CVE-2025-6965` + `CVE-2025-0133` + ZeroPath quartet | NIST AI RMF MEASURE 2.7, ISO/IEC 42001 §6.1.4 (records of AI use), EU AI Act Art.12 (record-keeping) |
+| `NEW-CTRL-072` | PRIMARY-SOURCE-INTAKE-VENDOR-BLOG-COVERAGE | `CVE-2026-31635` (DirtyDecrypt) | NIST-800-53 SI-5 (security alerts / advisories), ISO-27001-2022 A.5.7 (threat intelligence), CIS Controls v8 7.1 |
 When you cite a `NEW-CTRL-*` ID in a skill body, the lint reads the upstream `zeroday-lessons.json` entry as the authoritative source for the requirement text — do not paraphrase the description in the skill body, link to the ID instead.
@@ -251,7 +252,7 @@ When you cite a `NEW-CTRL-*` ID in a skill body, the lint reads the upstream `ze
 ## Operational threat-intake cadence
-The toolkit ships with a `routine: exceptd-threat-intake` (claude.ai remote agent) that runs daily at 14:00 UTC. Sequence: `npm install` → `refresh --check-advisories` (poll the 8 primary-source feeds) → `watchlist --alerts` (5-pattern CVE-class scan) → `refresh --apply` → `refresh --advisory <CVE-ID>` for up to 5 newly-disclosed IDs from the primary-source diff → re-sign + rebuild-indexes if the catalog mutated → commit on `intake/<YYYY-MM-DD>` branch with the full diff in the report.
+The toolkit ships with a `routine: exceptd-threat-intake` (claude.ai remote agent) that runs daily at 14:00 UTC. Sequence: `npm install` → `refresh --check-advisories` (poll the 12 primary-source feeds — 8 advisory venues + 4 vendor security blogs) → `watchlist --alerts` (5-pattern CVE-class scan) → `refresh --apply` → `refresh --advisory <CVE-ID>` for up to 5 newly-disclosed IDs from the primary-source diff → re-sign + rebuild-indexes if the catalog mutated → commit on `intake/<YYYY-MM-DD>` branch with the full diff in the report.
 The routine is operator-managed at <https://claude.ai/code/routines>. Closes the cadence gap between vendor disclosure (T+0) and NVD enrichment (T+10) — operators no longer depend on manual intake to surface ssh-keysign-pwn-class or Shai-Hulud-class events.

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,35 @@
 # Changelog
+## 0.13.15 — 2026-05-18
+Doc currency for v0.13.14 — README + AGENTS now reflect the 12-feed intake.
+### Bugs
+**`README.md` + `AGENTS.md` no longer advertise 8 advisory feeds.** v0.13.14 expanded `lib/source-advisories.js#FEEDS` from 8 to 12 (added Microsoft Security Blog / Sysdig / Trail of Bits / Embrace the Red), but four prose lines and one CLI-help excerpt still claimed "8 primary-source advisory feeds" / "8 vendor and coordinated-disclosure feeds". All updated to reflect the 12-feed total, with the v0.13.14 additions named in the operator-facing copy. The daily threat-intake routine doc string in `AGENTS.md` likewise updated.
+### Internal
+- New regression test `tests/doc-feed-count-currency.test.js` greps `README.md` + `AGENTS.md` for `<N> (primary-source|vendor and coordinated-disclosure|advisory venues) feeds?` claims and asserts at least one claim per doc matches the live `FEEDS.length`. Adding a new feed without bumping the doc claim now fires in CI. Same pattern as `tests/doc-playbook-count-currency.test.js`.
+## 0.13.14 — 2026-05-18
+DirtyDecrypt catalog entry + intake-pipeline coverage fix for the silent-kernel-patch + delayed-research-disclosure class.
+### Features
+**`CVE-2026-31635` (DirtyDecrypt) added to the catalog.** Same Linux page-cache write primitive as Copy Fail (CVE-2026-31431), Dirty Frag (CVE-2026-43284 / 43500), and Fragnesia (CVE-2026-46300) — this one in the `rxgk_decrypt_skb` function. Affects kernels with `CONFIG_RXGK=y` (Fedora / Arch / openSUSE Tumbleweed). Patched in mainline 2026-04-25; V12 security team rediscovered 2026-05-09 (told it was duplicate of mainline fix); PoC + writeup published 2026-05-17. Entry carries an `intake_gap_note` explaining why the daily threat-intake routine missed it: the kernel.org Atom feed window rolled past the silent-patch commit, V12 went to maintainers privately rather than to oss-security@openwall, and the PoC publication surfaced on vendor security blogs that the 8-feed primary-source set did not cover.
+**Vendor-security-blog intake coverage.** Four new feeds added to `lib/source-advisories.js`: `microsoft-security-blog` (Linux-kernel CVE intel, anchored Dirty Frag 2026-05-08 analysis), `sysdig-blog` (kernel-LPE detection writeups, anchored Copy Fail / Dirty Frag), `trail-of-bits-blog` (MCP / supply-chain / AI-tool disclosures, anchored CVE-2026-30615), `embrace-the-red` (AI-tool prompt-injection + agentic-AI research, anchored CVE-2025-53773). These are the canonical signal channel for "kernel-class CVE patched silently, class-of-bug research published weeks later" and for AI-tool / MCP supply-chain disclosures — closing a class of intake-pipeline blind spot without polluting the catalog with news-aggregator noise.
+**`NEW-CTRL-072`** (`PRIMARY-SOURCE-INTAKE-VENDOR-BLOG-COVERAGE`) added to `AGENTS.md`: requires threat-intake pipelines to cover vendor security blogs alongside advisory feeds. Maps to NIST 800-53 SI-5, ISO 27001:2022 A.5.7, CIS Controls v8 7.1.
+### Internal
+- `tests/intake-vendor-blog-coverage.test.js` pins: the four vendor feeds are registered with HTTPS URLs + `kind: rss`, the fixture has frozen content for each (no live-RSS fall-through), and the DirtyDecrypt entry + matching `zeroday-lessons.json` entry are present with the `intake_gap_note` and `NEW-CTRL-072` reference.
+- `tests/refresh-swarm.test.js` `8/8 feeds reachable` assertion replaced with a dynamic count derived from `lib/source-advisories.js#FEEDS.length` so future intake expansions don't require a test edit.
+- Fixture `tests/fixtures/refresh/advisories.json` extended with `microsoft-security-blog` / `sysdig-blog` / `trail-of-bits-blog` / `embrace-the-red` frozen RSS entries.
 ## 0.13.13 — 2026-05-18
 `exceptd doctor` now distinguishes consumer-install from contributor-checkout when reporting on signing.

package/README.md CHANGED Viewed

@@ -30,7 +30,7 @@ This platform surfaces what is actually happening right now. Every skill explici
 ## Status
-Pre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases) and on npm as [`@blamejs/exceptd-skills`](https://www.npmjs.com/package/@blamejs/exceptd-skills) with signed npm provenance attestation and Ed25519-signed skill bodies. The package ships 42 skills across kernel LPE, MCP supply chain, AI-as-C2, prompt injection, post-quantum crypto, SBOM integrity, identity-incident response, and 35 other AI/security domains, plus 10 intelligence catalogs (CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons) covering 35 jurisdictions, 23 investigation playbooks (kernel, MCP, AI-API, framework, SBOM, runtime, hardening, secrets, cred-stores, containers, crypto, plus `webhook-callback-abuse`, `cicd-pipeline-compromise`, `identity-sso-compromise`, `llm-tool-use-exfil`, `post-quantum-migration`, `ai-discovered-cve-triage`, `supply-chain-recovery`, and more), a CLI for discovery and seven-phase investigation runs (`govern → direct → look → detect → analyze → validate → close`), and a nightly auto-refresh job that pulls KEV / NVD / EPSS / GHSA / OSV / IETF deltas plus primary-source advisories (Qualys TRU, Red Hat RHSA, Ubuntu USN, ZDI, kernel.org, oss-security, JFrog, CISA) into auto-PRs for editorial review.
+Pre-1.0. Latest release lives on [GitHub Releases](https://github.com/blamejs/exceptd-skills/releases) and on npm as [`@blamejs/exceptd-skills`](https://www.npmjs.com/package/@blamejs/exceptd-skills) with signed npm provenance attestation and Ed25519-signed skill bodies. The package ships 42 skills across kernel LPE, MCP supply chain, AI-as-C2, prompt injection, post-quantum crypto, SBOM integrity, identity-incident response, and 35 other AI/security domains, plus 10 intelligence catalogs (CVE / ATLAS / ATT&CK / CWE / D3FEND / DLP / RFC / framework gaps / global frameworks / zero-day lessons) covering 35 jurisdictions, 23 investigation playbooks (kernel, MCP, AI-API, framework, SBOM, runtime, hardening, secrets, cred-stores, containers, crypto, plus `webhook-callback-abuse`, `cicd-pipeline-compromise`, `identity-sso-compromise`, `llm-tool-use-exfil`, `post-quantum-migration`, `ai-discovered-cve-triage`, `supply-chain-recovery`, and more), a CLI for discovery and seven-phase investigation runs (`govern → direct → look → detect → analyze → validate → close`), and a nightly auto-refresh job that pulls KEV / NVD / EPSS / GHSA / OSV / IETF deltas plus primary-source advisories (Qualys TRU, Red Hat RHSA, Ubuntu USN, ZDI, kernel.org, oss-security, JFrog, CISA, Microsoft Security Blog, Sysdig, Trail of Bits, Embrace the Red) into auto-PRs for editorial review.
 ---
@@ -154,7 +154,7 @@ Air-gapped operation: run `exceptd refresh --prefetch` on a connected host, copy
 Fresh-disclosure workflow (v0.12.0): the nightly auto-PR job pulls KEV / NVD / EPSS / IETF / **GHSA** (added in v0.12.0) / **OSV** (added in v0.12.10). KEV typically takes days; NVD ~10 days; GHSA fires within hours of disclosure and covers npm + PyPI + Maven + Go + NuGet + …; OSV aggregates the OSSF Malicious Packages dataset (`MAL-*` keys) + Snyk + RustSec + Mageia + Ubuntu USN + Go Vuln DB + PYSEC + UVI on top of GHSA — useful for malicious-package compromises that don't have CVEs yet (`exceptd refresh --advisory MAL-2026-3083`). New IDs land as drafts (`_auto_imported: true`, `_draft: true`) that the catalog validator treats as warnings, not errors — operators get the fresh entry immediately, editorial review (framework gaps, IoCs, ATLAS/ATT&CK refs) follows via `exceptd refresh --curate <ID>`. For "I want this advisory today, not tomorrow": `exceptd refresh --advisory <CVE-or-GHSA-or-MAL-or-SNYK-or-RUSTSEC-ID> --apply`.
-Primary-source advisory polling: `exceptd refresh --check-advisories` polls 8 vendor and coordinated-disclosure feeds (Qualys TRU, Red Hat RHSA, Ubuntu USN, Zero Day Initiative, kernel.org commits, oss-security mailing list, JFrog SecOps, CISA current advisories) that publish CVE IDs at T+0 to T+1 — typically 3–14 days ahead of NVD enrichment. The command is report-only: it returns a structured `diffs[]` listing each newly-seen CVE ID with its source attributions and advisory URLs, but does not mutate the catalog. Operators triage the output and route promising IDs through `exceptd refresh --advisory <CVE-ID> --apply`. Pairs naturally with the daily scheduled remote agent below.
+Primary-source advisory polling: `exceptd refresh --check-advisories` polls 12 vendor and coordinated-disclosure feeds — 8 advisory/coordinated-disclosure venues (Qualys TRU, Red Hat RHSA, Ubuntu USN, Zero Day Initiative, kernel.org commits, oss-security mailing list, JFrog SecOps, CISA current advisories) plus 4 vendor security research blogs added in v0.13.14 (Microsoft Security Blog, Sysdig, Trail of Bits, Embrace the Red) that publish CVE-class research and silent-patch follow-ups not always announced through the advisory channels. Combined coverage publishes CVE IDs at T+0 to T+1 — typically 3–14 days ahead of NVD enrichment. The command is report-only: it returns a structured `diffs[]` listing each newly-seen CVE ID with its source attributions and advisory URLs, but does not mutate the catalog. Operators triage the output and route promising IDs through `exceptd refresh --advisory <CVE-ID> --apply`. Pairs naturally with the daily scheduled remote agent below.
 CVE-class alert surfacing: `exceptd watchlist --alerts` matches the live `cve-catalog.json` against five operational patterns (`kernel_lpe_with_poc`, `supply_chain_family`, `ai_discovered_kev`, `active_exploitation_unpatched`, `recent_poc_no_kev_yet`) and returns the matches sorted critical-severity-first, then by RWEP. Use as a fast operational triage on a refreshed catalog without scanning every entry by hand.
@@ -322,12 +322,14 @@ exceptd refresh                       Refresh upstream catalogs + indexes.
   --curate <CVE-ID>                   (v0.12.0) Emit editorial questions + ranked
                                       candidates (ATLAS/ATT&CK/CWE/framework) for
                                       a draft catalog entry.
-  --check-advisories                  Poll 8 primary-source advisory feeds
+  --check-advisories                  Poll 12 primary-source advisory feeds
                                       (Qualys TRU, Red Hat RHSA, Ubuntu USN,
                                       ZDI, kernel.org commits, oss-security
                                       mailing list, JFrog SecOps, CISA current
-                                      advisories) for CVE IDs disclosed at T+0
-                                      to T+1 — days ahead of NVD enrichment.
+                                      advisories, Microsoft Security Blog,
+                                      Sysdig, Trail of Bits, Embrace the Red)
+                                      for CVE IDs disclosed at T+0 to T+1 —
+                                      days ahead of NVD enrichment.
                                       Report-only: emits structured diffs[]
                                       with {cve_id, sources[], advisory_urls[],
                                       disclosed_at, title}; does NOT mutate the

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,21 +1,21 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-18T19:44:45.014Z",
+  "generated_at": "2026-05-19T01:02:08.246Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "72d078b29f6f658d4e976626054a2d9a50cc354c2ab729ea2d9a1ad40f30cc49",
+    "manifest.json": "21e451470c35463ab5e7e0026fddc962156b1f53f740eca99faddb62fc7e9eb8",
     "data/atlas-ttps.json": "c2aee9c70ec24cf48f1ea4daf170aa6e7b93292888239c46a8ec9e522ee32119",
-    "data/attack-techniques.json": "29cd5690040c7153dbf293b7e3a99b72fc897b0495478e369f7ce7004b8d64f4",
-    "data/cve-catalog.json": "b3731361d298483648264215fd8dbfca36d0f4e2ead4aebf7c49718e12038e1f",
-    "data/cwe-catalog.json": "4a0036f9ec17af29e0df111ac77b94f8be6a52742bfd89ff3583096d23b75e35",
+    "data/attack-techniques.json": "6b1fa4c2559229bb8d0b3df497f6bfdd0816e7294ec06afed6482e9dd66b7cb4",
+    "data/cve-catalog.json": "e57929ebdde8027a0cdae9125120644667a1b78c3cababd97f2a032c4f10ca22",
+    "data/cwe-catalog.json": "42bcaf5d95401c29bcd0851284e3b3ecd60f14a02fcebd3efe198a11e7bc5067",
     "data/d3fend-catalog.json": "a1fc2827ceb344669e148d55197dbf1b0e5b20bcc618e90517639c17d67ee82d",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
     "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
-    "data/framework-control-gaps.json": "a8bb654f6ed2fba5290dc6acac73ee423c1afcb2dca27bce3303adc3ee40f791",
+    "data/framework-control-gaps.json": "368115d37ab5936abb44e346193979b24c3e5fdf7cb5b00afb2aadc9b5c4bf62",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "e253a548c8a829d178d5aea601e268724b85c936ccbfa51c2e5d80c5f8efe2b0",
-    "data/zeroday-lessons.json": "bb3fec080f649a5968f8d0c6d69ca4d32fb120de0f7d07b1f5058184d4d3ff3a",
+    "data/zeroday-lessons.json": "606ccb60a0a117809cd8b814f575db15b66385f9b63a4e8c790e4dcc0e492ed5",
     "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
     "skills/ai-attack-surface/skill.md": "d1361c53c8360999e1ec6a403bcbfaa53d0afc11689e8781d26081196dd079d4",
     "skills/mcp-agent-trust/skill.md": "19a6b54375808e59143070011328d8c936836845bca4a484108738bbef290694",
@@ -72,7 +72,7 @@
       "dlp_refs": 0
     },
     "trigger_table_entries": 538,
-    "chains_cve_entries": 59,
+    "chains_cve_entries": 60,
     "chains_cwe_entries": 55,
     "jurisdictions_indexed": 29,
     "handoff_dag_nodes": 42,

package/data/_indexes/activity-feed.json CHANGED Viewed

@@ -11,7 +11,7 @@
       "artifact": "data/cve-catalog.json",
       "path": "data/cve-catalog.json",
       "schema_version": "1.0.0",
-      "entry_count": 67
+      "entry_count": 68
     },
     {
       "date": "2026-05-18",
@@ -27,7 +27,7 @@
       "artifact": "data/zeroday-lessons.json",
       "path": "data/zeroday-lessons.json",
       "schema_version": "1.1.0",
-      "entry_count": 67
+      "entry_count": 68
     },
     {
       "date": "2026-05-15",

package/data/_indexes/catalog-summaries.json CHANGED Viewed

@@ -62,7 +62,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 67,
+      "entry_count": 68,
       "sample_keys": [
         "CVE-2025-53773",
         "CVE-2026-30615",
@@ -238,7 +238,7 @@
         "rebuild_after_days": 365,
         "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
       },
-      "entry_count": 67,
+      "entry_count": 68,
       "sample_keys": [
         "CVE-2026-31431",
         "CVE-2025-53773",

package/data/_indexes/chains.json CHANGED Viewed

@@ -11207,6 +11207,124 @@
       "rfc_refs": []
     }
   },
+  "CVE-2026-31635": {
+    "name": "DirtyDecrypt (rxgk page-cache write)",
+    "rwep": 35,
+    "cvss": 7.8,
+    "cisa_kev": false,
+    "referencing_skills": [
+      "kernel-lpe-triage",
+      "coordinated-vuln-disclosure"
+    ],
+    "chain": {
+      "cwes": [
+        {
+          "id": "CWE-125",
+          "name": "Out-of-bounds Read",
+          "category": "Memory Safety"
+        },
+        {
+          "id": "CWE-1357",
+          "name": "Reliance on Insufficiently Trustworthy Component",
+          "category": "Supply Chain"
+        },
+        {
+          "id": "CWE-362",
+          "name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
+          "category": "Concurrency"
+        },
+        {
+          "id": "CWE-416",
+          "name": "Use After Free",
+          "category": "Memory Safety"
+        },
+        {
+          "id": "CWE-672",
+          "name": "Operation on a Resource after Expiration or Release",
+          "category": "Memory Safety"
+        },
+        {
+          "id": "CWE-787",
+          "name": "Out-of-bounds Write",
+          "category": "Memory Safety"
+        }
+      ],
+      "atlas": [],
+      "d3fend": [
+        {
+          "id": "D3-ASLR",
+          "name": "Address Space Layout Randomization",
+          "tactic": "Harden"
+        },
+        {
+          "id": "D3-EAL",
+          "name": "Executable Allowlisting",
+          "tactic": "Harden"
+        },
+        {
+          "id": "D3-PHRA",
+          "name": "Process Hardware Resource Access",
+          "tactic": "Isolate"
+        },
+        {
+          "id": "D3-PSEP",
+          "name": "Process Segment Execution Prevention",
+          "tactic": "Harden"
+        }
+      ],
+      "framework_gaps": [
+        {
+          "id": "CIS-Controls-v8-Control7",
+          "framework": "CIS Controls v8",
+          "control_name": "Continuous Vulnerability Management"
+        },
+        {
+          "id": "ISO-27001-2022-A.8.8",
+          "framework": "ISO/IEC 27001:2022",
+          "control_name": "Management of technical vulnerabilities"
+        },
+        {
+          "id": "NIS2-Art21-patch-management",
+          "framework": "EU NIS2 Directive",
+          "control_name": "Vulnerability handling and disclosure"
+        },
+        {
+          "id": "NIST-800-218-SSDF",
+          "framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
+          "control_name": "Secure Software Development Framework"
+        },
+        {
+          "id": "NIST-800-53-SC-8",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Transmission Confidentiality and Integrity"
+        },
+        {
+          "id": "NIST-800-53-SI-2",
+          "framework": "NIST SP 800-53 Rev 5",
+          "control_name": "Flaw Remediation"
+        },
+        {
+          "id": "PCI-DSS-4.0-6.3.3",
+          "framework": "PCI DSS 4.0",
+          "control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
+        },
+        {
+          "id": "SOC2-CC9-vendor-management",
+          "framework": "SOC 2 (AICPA Trust Services Criteria)",
+          "control_name": "Risk Mitigation — Vendor and Business Partner Risk"
+        }
+      ],
+      "attack_refs": [
+        "T1068",
+        "T1548.001"
+      ],
+      "rfc_refs": [
+        "RFC-4301",
+        "RFC-4303",
+        "RFC-7296"
+      ]
+    }
+  },
   "CWE-20": {
     "name": "Improper Input Validation",
     "category": "Validation",
@@ -12518,6 +12636,7 @@
       "CVE-2025-62849",
       "CVE-2026-0300",
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-32202",
       "CVE-2026-33825",
       "CVE-2026-39884",
@@ -14688,6 +14807,7 @@
       "CVE-2025-62849",
       "CVE-2026-0300",
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-32202",
       "CVE-2026-33825",
       "CVE-2026-39884",
@@ -14835,6 +14955,7 @@
       "CVE-2025-62849",
       "CVE-2026-0300",
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-32202",
       "CVE-2026-33825",
       "CVE-2026-39884",
@@ -15779,6 +15900,7 @@
       "CVE-2025-62849",
       "CVE-2026-0300",
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-32202",
       "CVE-2026-33825",
       "CVE-2026-39884",
@@ -16321,6 +16443,7 @@
       "CVE-2026-30615",
       "CVE-2026-30623",
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-32202",
       "CVE-2026-33825",
       "CVE-2026-39884",
@@ -18088,6 +18211,7 @@
       "CVE-2026-0300",
       "CVE-2026-30615",
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-42945",
       "CVE-2026-45321",
       "CVE-2026-46300",

package/data/attack-techniques.json CHANGED Viewed

@@ -150,6 +150,7 @@
       "CVE-2025-62849",
       "CVE-2026-0300",
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-33825",
       "CVE-2026-43284",
       "CVE-2026-43500",
@@ -388,6 +389,7 @@
     "version": "v19",
     "cve_refs": [
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-43284"
     ]
   },

package/data/cve-catalog.json CHANGED Viewed

@@ -55,7 +55,7 @@
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
-      "current_rate": 0.1791,
+      "current_rate": 0.176,
       "current_floor_enforced_by_test": 0.13,
       "ladder_to_target": [
         0.13,
@@ -5619,5 +5619,97 @@
     ],
     "discovery_attribution_note": "Composite / tranche entry covering the Big Sleep FFmpeg + ImageMagick AI-tool zero-day finds (Google DeepMind + Project Zero). Operator action: when the per-CVE detail becomes available, split this into individual catalog entries and retire the composite. Anchor entry for Hard Rule #7 (AI-discovery rate).",
     "live_patch_tools": []
+  },
+  "CVE-2026-31635": {
+    "name": "DirtyDecrypt (rxgk page-cache write)",
+    "type": "LPE",
+    "cvss_score": 7.8,
+    "cvss_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+    "cisa_kev": false,
+    "cisa_kev_date": null,
+    "poc_available": true,
+    "poc_description": "V12 security team published a working PoC on 2026-05-17 demonstrating root escalation via missing COW guard in rxgk_decrypt_skb. Same primitive class as Copy Fail / Dirty Frag / Fragnesia.",
+    "ai_discovered": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_date": "2026-05-09",
+    "ai_discovery_notes": "V12 security team independently rediscovered after April 25 silent patch. Public attribution names V12 as a human-discovered finding; no AI-tool attribution in the published research.",
+    "discovery_attribution_note": "V12 security team rediscovery 2026-05-09; maintainers informed them it was a duplicate of the mainline patch landed 2026-04-25. PoC and writeup published 2026-05-17. No named AI tool — human researcher rediscovery via similarity to Copy Fail / Dirty Frag class. Sources: https://www.bleepingcomputer.com/news/security/exploit-available-for-new-dirtydecrypt-linux-root-escalation-flaw/ and https://www.news4hackers.com/dirty-decrypt-linux-root-escalation-flaw-exploit-uncovered.",
+    "ai_assisted_weaponization": false,
+    "active_exploitation": "theoretical",
+    "affected": "Linux kernel with CONFIG_RXGK enabled (Fedora, Arch Linux, openSUSE Tumbleweed, and any distro tracking upstream master). Distros pinned to older LTS kernels without rxgk are not affected.",
+    "affected_versions": [
+      "linux-kernel >= 6.13 (when rxgk landed) through 2026-04-24 (pre-fix)"
+    ],
+    "vector": "Page-cache write primitive in the rxgk_decrypt_skb function — missing copy-on-write guard allows an unprivileged local user to corrupt page-cache pages backing privileged binaries. Same primitive class as the Copy Fail (CVE-2026-31431) / Dirty Frag (CVE-2026-43284/43500) / Fragnesia (CVE-2026-46300) cluster.",
+    "complexity": "low",
+    "complexity_notes": "Deterministic, no race condition. PoC is reliable on any kernel with CONFIG_RXGK=y.",
+    "patch_available": true,
+    "patch_required_reboot": true,
+    "live_patch_available": false,
+    "live_patch_tools": [],
+    "live_patch_notes": "No kpatch / ksplice / kgraft entry visible for the rxgk subsystem as of 2026-05-18. Reboot is the only resolution.",
+    "framework_control_gaps": {
+      "NIST-800-53-SI-2": "Standard 30-day patch SLA is exploitation window for a public-PoC kernel LPE with deterministic primitive. Same gap as CVE-2026-31431.",
+      "ISO-27001-2022-A.8.8": "Appropriate timescales undefined; 30-day default is unsafe for class-of-bug PoC publications.",
+      "NIS2-Art21-availability": "Network-controls section is silent on kernel-LPE — IPsec / kTLS / firewall are not compensating controls for a local page-cache write."
+    },
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1068",
+      "T1548.001"
+    ],
+    "rwep_score": 35,
+    "rwep_factors": {
+      "cisa_kev": 0,
+      "poc_available": 20,
+      "ai_factor": 0,
+      "active_exploitation": 5,
+      "blast_radius": 25,
+      "patch_available": -15,
+      "live_patch_available": 0,
+      "reboot_required": 0
+    },
+    "cwe_refs": [
+      "CWE-362",
+      "CWE-264"
+    ],
+    "source_verified": "2026-05-18",
+    "verification_sources": [
+      "https://www.bleepingcomputer.com/news/security/exploit-available-for-new-dirtydecrypt-linux-root-escalation-flaw/",
+      "https://www.news4hackers.com/dirty-decrypt-linux-root-escalation-flaw-exploit-uncovered",
+      "https://cybertools4u.com/cyber-news/new-dirtydecrypt-flaw-exposes-linux-systems-to-root-escalati-2026-05-18"
+    ],
+    "vendor_advisories": [
+      {
+        "vendor": "kernel.org",
+        "advisory_id": null,
+        "url": "https://lore.kernel.org/linux-cve-announce/?q=CVE-2026-31635",
+        "severity": "high",
+        "published_date": "2026-04-25"
+      },
+      {
+        "vendor": "Fedora",
+        "advisory_id": null,
+        "url": "https://bodhi.fedoraproject.org/updates/?search=CVE-2026-31635",
+        "severity": "important",
+        "published_date": "2026-04-26"
+      },
+      {
+        "vendor": "Arch Linux",
+        "advisory_id": null,
+        "url": "https://security.archlinux.org/CVE-2026-31635",
+        "severity": "high",
+        "published_date": "2026-04-26"
+      },
+      {
+        "vendor": "openSUSE",
+        "advisory_id": null,
+        "url": "https://www.suse.com/security/cve/CVE-2026-31635.html",
+        "severity": "important",
+        "published_date": "2026-04-26"
+      }
+    ],
+    "last_updated": "2026-05-18",
+    "intake_gap_note": "Catalog entry added 2026-05-18 via manual operator triage AFTER public PoC. The daily exceptd-threat-intake routine missed this CVE — kernel.org Atom feed window had rolled past the 2026-04-25 silent-patch commit by the time the PoC published on 2026-05-17, and the V12 rediscovery report went to maintainers privately rather than to oss-security@openwall. The v0.13.14 release adds a vendor-security-blog source (Microsoft / Sysdig / Trail of Bits) to close this class of gap. See feeds_into supply-chain-recovery + framework playbooks for the chained handling."
   }
 }

package/data/cwe-catalog.json CHANGED Viewed

@@ -964,6 +964,7 @@
       "kernel-lpe-triage"
     ],
     "evidence_cves": [
+      "CVE-2026-31635",
       "CVE-2026-33825",
       "CVE-2026-46333"
     ],

package/data/framework-control-gaps.json CHANGED Viewed

@@ -1223,6 +1223,7 @@
       "CVE-2025-4919",
       "CVE-2026-0300",
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-42945",
       "CVE-2026-46300",
       "CVE-2026-46333"
@@ -1885,6 +1886,7 @@
       "CVE-2025-62849",
       "CVE-2026-0300",
       "CVE-2026-31431",
+      "CVE-2026-31635",
       "CVE-2026-32202",
       "CVE-2026-33825",
       "CVE-2026-42897",
@@ -5293,7 +5295,8 @@
     "status": "open",
     "opened_at": "2026-05-18",
     "evidence_cves": [
-      "CVE-2025-8671"
+      "CVE-2025-8671",
+      "CVE-2026-31635"
     ],
     "theater_test": {
       "claim": "We are compliant with Art-21-availability (Availability and resilience risk-management measures) because we follow the documented requirement: Article 21(2)(c-f) — measures for business continuity, supply-chain security, vulnerability handling, and the effectiveness of cybersecurity risk-management measures. The availability angle covers bac",

package/data/zeroday-lessons.json CHANGED Viewed

@@ -17,7 +17,7 @@
       "rebuild_after_days": 365,
       "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
     },
-    "entry_count": 67
+    "entry_count": 68
   },
   "CVE-2026-31431": {
     "name": "Copy Fail",
@@ -4666,5 +4666,61 @@
     "ai_discovery_source": "vendor_research",
     "ai_discovery_date": "2025-08-04",
     "ai_assist_factor": "very_high"
+  },
+  "CVE-2026-31635": {
+    "name": "DirtyDecrypt (rxgk page-cache write)",
+    "lesson_date": "2026-05-18",
+    "attack_vector": {
+      "description": "Missing copy-on-write guard in the Linux kernel rxgk_decrypt_skb function. Unprivileged local user writes to a read-only page via the page-cache CoW path, corrupting kernel memory and escalating to root. Same primitive class as Copy Fail / Dirty Frag / Fragnesia.",
+      "privileges_required": "unprivileged local user; CONFIG_RXGK=y on the running kernel",
+      "complexity": "deterministic, no race condition (PoC published 2026-05-17 by V12 security team)",
+      "ai_factor": "Not AI-discovered. V12 security team rediscovered after the 2026-04-25 silent patch had already landed; the rediscovery is a parallel-discovery event, not an AI-assisted find. The Copy-Fail-class detection method (page-cache CoW guard absence) is what surfaces these patterns under human review now that operators know to look for them."
+    },
+    "framework_coverage": {
+      "NIST-800-53-SI-2": {
+        "covered": true,
+        "adequate": false,
+        "gap": "30-day SLA is exploitation window for class-of-bug PoC publications."
+      },
+      "ISO-27001-2022-A.8.8": {
+        "covered": true,
+        "adequate": false,
+        "gap": "Appropriate timescales undefined; 30-day default is unsafe for kernel-LPE PoCs."
+      },
+      "NIS2-Art21-availability": {
+        "covered": false,
+        "adequate": false,
+        "gap": "Network-controls section silent on kernel-LPE; encryption-in-transit not a compensating control."
+      }
+    },
+    "new_control_requirements": [
+      {
+        "id": "NEW-CTRL-001",
+        "name": "CISA-KEV-RESPONSE-SLA",
+        "description": "4-hour SLA on public-PoC kernel LPEs even without KEV listing.",
+        "evidence": "CVE-2026-31635 — PoC published before KEV listing.",
+        "gap_closes": [
+          "NIST-800-53-SI-2"
+        ]
+      },
+      {
+        "id": "NEW-CTRL-072",
+        "name": "PRIMARY-SOURCE-INTAKE-VENDOR-BLOG-COVERAGE",
+        "description": "Threat-intake pipelines must cover vendor security blogs (Microsoft / Sysdig / Trail of Bits / Project Zero) in addition to advisory feeds (Qualys / RHSA / USN / ZDI / kernel.org / oss-security / JFrog / CISA). Silent kernel patches with delayed-disclosure research publications fall through advisory-only feeds — vendor blogs are the canonical signal channel for that class.",
+        "evidence": "CVE-2026-31635 — patched 2026-04-25 in mainline, V12 PoC published 2026-05-17 via BleepingComputer / news4hackers, fell through 8 primary-source feeds because the kernel.org Atom rolling window expired and oss-security never received the report.",
+        "gap_closes": [
+          "INTAKE-FEED-COVERAGE-GAP"
+        ]
+      }
+    ],
+    "compliance_exposure_score": {
+      "percent_audit_passing_orgs_still_exposed": 35,
+      "basis": "CONFIG_RXGK is only enabled on Fedora / Arch / openSUSE Tumbleweed kernels — enterprise distros (RHEL / Ubuntu LTS / SUSE Enterprise) on older kernel branches without rxgk are NOT affected. Exposure concentrated in dev/research workstations and bleeding-edge servers.",
+      "theater_pattern": "patch_management"
+    },
+    "ai_discovered_zeroday": false,
+    "ai_discovery_source": "human_researcher",
+    "ai_discovery_date": "2026-05-09",
+    "ai_assist_factor": "low"
   }
 }

package/lib/source-advisories.js CHANGED Viewed

@@ -105,6 +105,41 @@ const FEEDS = [
     kind: 'rss',
     description: 'CISA cybersecurity advisories feed — federal-vendor coordinated disclosures (separate from KEV which captures only exploited-in-the-wild items)',
   },
+  // v0.13.14 additions — closes the "silent kernel patch + delayed-research-
+  // disclosure" intake gap surfaced by DirtyDecrypt (CVE-2026-31635). That
+  // CVE was patched in mainline 2026-04-25, the kernel.org Atom-feed rolling
+  // window rotated past the fix commit before the daily intake noticed, the
+  // V12 rediscovery on 2026-05-09 went to maintainers privately rather than
+  // to oss-security@openwall, and the PoC publication on 2026-05-17 surfaced
+  // on vendor security blogs (Microsoft / Sysdig / Trail of Bits) that the
+  // 8-feed primary-source set did not cover. Vendor security blogs are the
+  // canonical signal channel for "kernel-class CVE patched silently, then
+  // class-of-bug research published weeks later" — adding them closes the
+  // class without polluting the catalog with news-aggregator noise.
+  {
+    name: 'microsoft-security-blog',
+    url: 'https://www.microsoft.com/en-us/security/blog/feed/',
+    kind: 'rss',
+    description: 'Microsoft Security Blog — covers Linux-kernel CVE intel (Dirty Frag analysis 2026-05-08, Windows + cross-platform research). Vendor publishes ahead of standard advisory feeds for class-of-bug regressions.',
+  },
+  {
+    name: 'sysdig-blog',
+    url: 'https://www.sysdig.com/blog/feed/',
+    kind: 'rss',
+    description: 'Sysdig research blog — kernel-LPE detection writeups (Copy Fail, Dirty Frag CVE-2026-43284 / 43500). Names CVE IDs in titles, often before NVD enrichment completes.',
+  },
+  {
+    name: 'trail-of-bits-blog',
+    url: 'https://blog.trailofbits.com/feed/',
+    kind: 'rss',
+    description: 'Trail of Bits research blog — MCP / supply-chain / AI-tool security disclosures with CVE assignments. Anchored CVE-2026-30615 (Windsurf MCP) and the MCP tool-poisoning class.',
+  },
+  {
+    name: 'embrace-the-red',
+    url: 'https://embracethered.com/blog/index.xml',
+    kind: 'rss',
+    description: 'Embrace the Red (Johann Rehberger) — AI-tool prompt-injection + agentic-AI research. Anchored CVE-2025-53773 (Copilot YOLO mode) and the agentic-IDE host-execution class.',
+  },
 ];
 // Permissive CVE-ID matcher. The official format is CVE-YYYY-NNNN+ but

package/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "exceptd-security",
-  "version": "0.13.13",
+  "version": "0.13.15",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
   "homepage": "https://exceptd.com",
   "license": "Apache-2.0",
@@ -53,7 +53,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "lXhZgoIrrVloO3XaTvo/43AxZn4mwErstd7DR0O/oVhD3AOGODM4HqrageYEou9WKOdMEGP5mJNTjJsXdP5NDA==",
-      "signed_at": "2026-05-18T19:44:43.674Z",
+      "signed_at": "2026-05-19T01:01:20.307Z",
       "cwe_refs": [
         "CWE-125",
         "CWE-362",
@@ -117,7 +117,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "OI+pADcTrRHZB8UTq9G89cNPvvYf1A+4rR+oJGTCVGXWoxPY9+bKW7FqCPQBb+rnxde/gwBX0+vxN/Nn7XwgDA==",
-      "signed_at": "2026-05-18T19:44:43.677Z",
+      "signed_at": "2026-05-19T01:01:20.310Z",
       "cwe_refs": [
         "CWE-1039",
         "CWE-1426",
@@ -180,7 +180,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "fqnvFL75sJgJJV6LUt6qHld4PsMJiPB1r+M905mkr8mUkByE0pPZfK1voS/r/wh2O1+1j2zzo0OkAw0pCk37Aw==",
-      "signed_at": "2026-05-18T19:44:43.677Z",
+      "signed_at": "2026-05-19T01:01:20.310Z",
       "cwe_refs": [
         "CWE-22",
         "CWE-345",
@@ -226,7 +226,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "g+vvEyHA4LllzMLuyY2Cc6h7hSWeQbfDqGx629Yb3/kQ8MsQW0moypnxUMA50KBetKMd0+WfnbC4H1DvxJtgAg==",
-      "signed_at": "2026-05-18T19:44:43.677Z"
+      "signed_at": "2026-05-19T01:01:20.311Z"
     },
     {
       "name": "compliance-theater",
@@ -257,7 +257,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "N7vMeWMdMutAAZ49QoPW7lMA1WRjnTRezh9oLBUfAgetZBcHHd14Rg9uqWTkCjilXxhw/fyQrWPjraD2IRg4AQ==",
-      "signed_at": "2026-05-18T19:44:43.678Z"
+      "signed_at": "2026-05-19T01:01:20.311Z"
     },
     {
       "name": "exploit-scoring",
@@ -286,7 +286,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "9DFiNgH4Nl21B90MjL5Z9eJ74Z8zR60n+EZ6RStCTe6YcLg7P5K8iiuQ4u6q0hxsVewKZmS60SqZL9UEpeGgCg==",
-      "signed_at": "2026-05-18T19:44:43.679Z"
+      "signed_at": "2026-05-19T01:01:20.312Z"
     },
     {
       "name": "rag-pipeline-security",
@@ -323,7 +323,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "AijYcd8FuFEDdcx+mzIHVpQ0uh5LpYDZ0rIgbudM6WIvsSDRkBmE65gI8uKgHYdGTEAQGLkamkLaTtdwcx0YAQ==",
-      "signed_at": "2026-05-18T19:44:43.680Z",
+      "signed_at": "2026-05-19T01:01:20.312Z",
       "cwe_refs": [
         "CWE-1395",
         "CWE-1426"
@@ -380,7 +380,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "ba7EtmQAML+H+wn7UyH7yGnK30gT79SlxwO+jKCaSBzctOZ/OVex3wFVz/Yi9kPPPJ6Z5EEhBl6rWJrCr4uOBg==",
-      "signed_at": "2026-05-18T19:44:43.681Z",
+      "signed_at": "2026-05-19T01:01:20.313Z",
       "d3fend_refs": [
         "D3-CA",
         "D3-CSPP",
@@ -415,7 +415,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "V7v4r2RzeD7ICZUABLfSQTEmSQUlWegiXoo1iGvnrmQtw/nquZNRPTa3QsKQD1i7IxEg7NmJhCX6NLEz4eV0Dg==",
-      "signed_at": "2026-05-18T19:44:43.681Z",
+      "signed_at": "2026-05-19T01:01:20.313Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -443,7 +443,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "xjtEOaQiBjq7XBD7nCpU59egkLNgBDwfvY7GMxEe+wOyUM4GBMHK2O3khanVEaCgWfu1NNoTMPsDCejJ+D64Ag==",
-      "signed_at": "2026-05-18T19:44:43.682Z"
+      "signed_at": "2026-05-19T01:01:20.314Z"
     },
     {
       "name": "global-grc",
@@ -475,7 +475,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "oYsSk35N2Uzq7MRofACykylcVwkgPhI4luWZ14vmQT+gUKLyZiKVOUJbe1+7lGl6BYPRN0sUDQ0f7S5Eu5w2Ag==",
-      "signed_at": "2026-05-18T19:44:43.682Z"
+      "signed_at": "2026-05-19T01:01:20.314Z"
     },
     {
       "name": "zeroday-gap-learn",
@@ -502,7 +502,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-01",
       "signature": "01faIrHr8xeZU0USNoWiDQBUqu/yu7KHskZdi48q5eg811Tu6YwCopHezIoeuPabaH46M8Qve8ll/7qGpFGEBA==",
-      "signed_at": "2026-05-18T19:44:43.683Z"
+      "signed_at": "2026-05-19T01:01:20.314Z"
     },
     {
       "name": "pqc-first",
@@ -554,7 +554,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "vhc3wuQEro/86s1ro2b/KakUXg8QVnySYTBqA7ebzv9oeR2HYO5bvGEJp3oOHWtL37JDqcCAHYadSN/qxIyCCA==",
-      "signed_at": "2026-05-18T19:44:43.683Z",
+      "signed_at": "2026-05-19T01:01:20.315Z",
       "cwe_refs": [
         "CWE-327"
       ],
@@ -601,7 +601,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "8P1I6i7N0sFHloR/hY4NIWictk5Irrze4xPjVQEH5BtBrS2OCCq/YzCpUuS+XexhWiIpyLo2CA1ecbllnWlNBQ==",
-      "signed_at": "2026-05-18T19:44:43.684Z"
+      "signed_at": "2026-05-19T01:01:20.315Z"
     },
     {
       "name": "security-maturity-tiers",
@@ -638,7 +638,7 @@
       ],
       "last_threat_review": "2026-05-01",
       "signature": "SdTtvkaxdgcHkm8ph7YX+2VMihw2iBMy434JGf5TxCFQq1AfNsQcowK+7FPDquEM47a1KTvS3ytxaJxpHuOqDw==",
-      "signed_at": "2026-05-18T19:44:43.684Z",
+      "signed_at": "2026-05-19T01:01:20.315Z",
       "cwe_refs": [
         "CWE-1188"
       ]
@@ -673,7 +673,7 @@
       "framework_gaps": [],
       "last_threat_review": "2026-05-11",
       "signature": "WAu5fRirzSOcnnZsTx2d/JJZwa/LPpXCi+31qATTGLmoNuhyy81k3ooPe9kCM3E0CLMtvTePg9DagYqBninZDQ==",
-      "signed_at": "2026-05-18T19:44:43.684Z"
+      "signed_at": "2026-05-19T01:01:20.316Z"
     },
     {
       "name": "attack-surface-pentest",
@@ -744,7 +744,7 @@
         "PTES revision incorporating AI-surface enumeration"
       ],
       "signature": "pKVlOkHybXjj5Llpm4VQtz+b/qTxE2vWsoDx/aie5z0rA2qWMmNNiWZl+b8/oO4Ghu2TIOdy/+cX4YlTrIg7DA==",
-      "signed_at": "2026-05-18T19:44:43.685Z"
+      "signed_at": "2026-05-19T01:01:20.316Z"
     },
     {
       "name": "fuzz-testing-strategy",
@@ -804,7 +804,7 @@
         "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
       ],
       "signature": "uf8JFFve9Q7QXdyO8yc11SBFndVGEKQkMKTSZEJSCzj33HRvMGhV184JSpHUy5Vce284HUcVC1R73aOjbc0iBg==",
-      "signed_at": "2026-05-18T19:44:43.685Z"
+      "signed_at": "2026-05-19T01:01:20.316Z"
     },
     {
       "name": "dlp-gap-analysis",
@@ -879,7 +879,7 @@
         "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
       ],
       "signature": "y6N/9z4AwGPfhcNWVk1zEVSMBpn+3YTmIaIXAin4Q9yREAupKDey3ch9s+Y2LjFSS/SLLzh4H/Y8rDs2bKxFCg==",
-      "signed_at": "2026-05-18T19:44:43.686Z"
+      "signed_at": "2026-05-19T01:01:20.317Z"
     },
     {
       "name": "supply-chain-integrity",
@@ -956,7 +956,7 @@
         "OpenSSF model-signing — emerging Sigstore-based signing standard for ML model weights; track for production adoption"
       ],
       "signature": "c3OewLIMenKMWba5eKOwfa1OD8pp6tU9o+xFC/KbIcIPUhtZAO+R5/uoOhZXiwhjmg2GzHU2f8ROpBP3p0dxBA==",
-      "signed_at": "2026-05-18T19:44:43.686Z"
+      "signed_at": "2026-05-19T01:01:20.317Z"
     },
     {
       "name": "defensive-countermeasure-mapping",
@@ -1013,7 +1013,7 @@
       ],
       "last_threat_review": "2026-05-11",
       "signature": "gqF8eU3VBrZhO2WnlcqKa7wm1d2mmWtvpbmx0kNCgHojNV+qEt+Ij84RO6bZvaUqhfYPWizWL79Fa4DL0curAQ==",
-      "signed_at": "2026-05-18T19:44:43.686Z"
+      "signed_at": "2026-05-19T01:01:20.317Z"
     },
     {
       "name": "identity-assurance",
@@ -1080,7 +1080,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Wv5hGMeHjlaQK1zwicVCA7AvdKgJBgvcjdpGM9Ywahh9tagAKhbkOjybowDQZzu7OZ3bDkbh6pBYc1Sdwr6NAA==",
-      "signed_at": "2026-05-18T19:44:43.687Z"
+      "signed_at": "2026-05-19T01:01:20.318Z"
     },
     {
       "name": "ot-ics-security",
@@ -1136,7 +1136,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "2Z8iAEf+dzdBpE6InLL6hHT7aGUNHJOlgyddDsdNb+xxjC2TJz+sXIRsHHhpaPuFMVf38VJSD5SqL1cwB+5lDw==",
-      "signed_at": "2026-05-18T19:44:43.687Z"
+      "signed_at": "2026-05-19T01:01:20.318Z"
     },
     {
       "name": "coordinated-vuln-disclosure",
@@ -1188,7 +1188,7 @@
         "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
       ],
       "signature": "TITt0dI7T6nifFEdiOaGSDzIdrpjBCtuwyNcQdZm4P/nm1yLPI2+7T3SXWNeCTfZuMGiBBhuGETuawH21lBBBA==",
-      "signed_at": "2026-05-18T19:44:43.688Z"
+      "signed_at": "2026-05-19T01:01:20.318Z"
     },
     {
       "name": "threat-modeling-methodology",
@@ -1238,7 +1238,7 @@
         "PASTA v2 updates incorporating AI/ML application threats"
       ],
       "signature": "0c5JzFhjzSU+Em8pWkez62TtAs2ePLnY0Na/dz9CxkU5A7U0s4B7bynpXuz8DxsQZd75/o4BkaYQegp7d/ktBw==",
-      "signed_at": "2026-05-18T19:44:43.688Z"
+      "signed_at": "2026-05-19T01:01:20.319Z"
     },
     {
       "name": "webapp-security",
@@ -1312,7 +1312,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "vIm/lDjC/bx7tHXWWEK2foOmiqdr7UuUuWPo75h6yV9ZteEF6kzNpWPbQ1KRThUm+2/XOBT+iwJ5Ecf2WDpDAQ==",
-      "signed_at": "2026-05-18T19:44:43.689Z"
+      "signed_at": "2026-05-19T01:01:20.319Z"
     },
     {
       "name": "ai-risk-management",
@@ -1362,7 +1362,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "IIXnkZ5ZNqFwOto5KfytADTLLZLoyXNZACD1ORZ40P1HUAQxe6u2uyXFzzsfuob4Uy06jNkRGr2FFgCphUH1Cw==",
-      "signed_at": "2026-05-18T19:44:43.689Z"
+      "signed_at": "2026-05-19T01:01:20.319Z"
     },
     {
       "name": "sector-healthcare",
@@ -1422,7 +1422,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "2JPsumXuTOrUhEGcfb03Q69zcW1hw+MTlNoycZ7RSNCHDw7jKaDlEfYmg0Px/aJp2hIt9qDGFq+cpYdfL+tfAQ==",
-      "signed_at": "2026-05-18T19:44:43.690Z"
+      "signed_at": "2026-05-19T01:01:20.320Z"
     },
     {
       "name": "sector-financial",
@@ -1503,7 +1503,7 @@
         "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
       ],
       "signature": "xz0p47mECulSsdRdioeqi6K7KEnyXd+SWNtFra8JQh7g88CV9ycQeSPTTjiNpWaPreDAmYhRM83jupC7EEdUAg==",
-      "signed_at": "2026-05-18T19:44:43.690Z"
+      "signed_at": "2026-05-19T01:01:20.320Z"
     },
     {
       "name": "sector-federal-government",
@@ -1572,7 +1572,7 @@
         "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
       ],
       "signature": "PebiIg9j8Lm8yF8wIH2w7Pj75B5NaqQYcRZJ16RtKHC37tEG6THbo714JOaek45ifTMBhzNPwZ6Cy32ae4VdAQ==",
-      "signed_at": "2026-05-18T19:44:43.691Z"
+      "signed_at": "2026-05-19T01:01:20.321Z"
     },
     {
       "name": "sector-energy",
@@ -1637,7 +1637,7 @@
         "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
       ],
       "signature": "4KOVUlWWuhOWIV8ilCEOOuKV/s9CbIvNo4crB1oSf+G5KQ8KkUHxEn6KzEJX/NAwk5bOA1k58XykXvUun2YJDQ==",
-      "signed_at": "2026-05-18T19:44:43.692Z"
+      "signed_at": "2026-05-19T01:01:20.321Z"
     },
     {
       "name": "sector-telecom",
@@ -1723,7 +1723,7 @@
         "O-RAN SFG / WG11 security specifications"
       ],
       "signature": "JWVxKFoKrbX4d+Tko1d4OBdwyg25MfFFKn4CT6E/CzH+YwnU3T6Y76uBQIKg3+gIGTvPduqyvQwQQ5FxKDuPBw==",
-      "signed_at": "2026-05-18T19:44:43.692Z"
+      "signed_at": "2026-05-19T01:01:20.321Z"
     },
     {
       "name": "api-security",
@@ -1792,7 +1792,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "LgEIz6dmHxnlV3ay8BxqH7nXt+lWB8AsWcf5fPI40uuljs8+/dWNb4dCuB5s4SWRPX/64LoAXMOyzBvlt7QNCw==",
-      "signed_at": "2026-05-18T19:44:43.692Z"
+      "signed_at": "2026-05-19T01:01:20.322Z"
     },
     {
       "name": "cloud-security",
@@ -1873,7 +1873,7 @@
         "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
       ],
       "signature": "fu8QqobbuyqDqmuo3iAigJmH2wUzS5AbMNNB7BrY8qAQ2KGHmrVIn4p53vUjF58bEzo6W2qAIldHla5p1sQCDw==",
-      "signed_at": "2026-05-18T19:44:43.693Z"
+      "signed_at": "2026-05-19T01:01:20.322Z"
     },
     {
       "name": "container-runtime-security",
@@ -1935,7 +1935,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "Z9KNlVRL9UWtObXDr3FmfdG+bBQGaUKEAv8WbZPRhwQUafx1mNp/h7CLsASeOQmGime00XN7fbO25oA18vYVAA==",
-      "signed_at": "2026-05-18T19:44:43.693Z"
+      "signed_at": "2026-05-19T01:01:20.322Z"
     },
     {
       "name": "mlops-security",
@@ -2006,7 +2006,7 @@
         "MITRE ATLAS v5.4.0 (released February 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: ATLAS v5.5 / v6.0 — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
       ],
       "signature": "2xuFDRLVjmzsbuipOc0HlUCjQ9B5lbB3L2fh5sPD9l0KqHmV1w1MuU9293ODxdTtqhSEJKkA5ghlbr8esFnlBw==",
-      "signed_at": "2026-05-18T19:44:43.694Z"
+      "signed_at": "2026-05-19T01:01:20.323Z"
     },
     {
       "name": "incident-response-playbook",
@@ -2068,7 +2068,7 @@
         "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
       ],
       "signature": "6/9Ehyx49Rr/o5Tp9oQ3cfHa2WhKYtLXJp0akoDbRC1RSCxZVbkKaW7/5/IkdgCQMiJivI/Q0g0Bq/5q/UUZAA==",
-      "signed_at": "2026-05-18T19:44:43.694Z"
+      "signed_at": "2026-05-19T01:01:20.323Z"
     },
     {
       "name": "ransomware-response",
@@ -2148,7 +2148,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "+5FiwJFRq08x2oXejTO1Nw6Cd+EzOcrwAG2xNrngJ8vHPDXqFgGAjTAJuXrNl7QblTfSLQ+xvoAziBly56/eDg==",
-      "signed_at": "2026-05-18T19:44:43.695Z"
+      "signed_at": "2026-05-19T01:01:20.323Z"
     },
     {
       "name": "email-security-anti-phishing",
@@ -2201,7 +2201,7 @@
       "d3fend_refs": [],
       "last_threat_review": "2026-05-11",
       "signature": "rK+WnuS+9tqEABmwc0jO/PEmxcLjG1/tmUb897HsClQeKzf+TQOlwBE+OsbtuKxpjYNwur62Xxs3TxObkwm8Cw==",
-      "signed_at": "2026-05-18T19:44:43.695Z"
+      "signed_at": "2026-05-19T01:01:20.324Z"
     },
     {
       "name": "age-gates-child-safety",
@@ -2269,7 +2269,7 @@
         "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
       ],
       "signature": "5BXLeR3lzvdRs2nSzN/rOE17ur2sMa44gQvY8+OWvazm5Vh6lNAaDDDoExB2/hlg6k7v1KIKwA1MPAKj6qB/CQ==",
-      "signed_at": "2026-05-18T19:44:43.696Z"
+      "signed_at": "2026-05-19T01:01:20.324Z"
     },
     {
       "name": "cloud-iam-incident",
@@ -2349,7 +2349,7 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
-      "signed_at": "2026-05-18T19:44:43.696Z"
+      "signed_at": "2026-05-19T01:01:20.324Z"
     },
     {
       "name": "idp-incident-response",
@@ -2430,11 +2430,11 @@
       ],
       "last_threat_review": "2026-05-15",
       "signature": "ew9Kglc9fAZzbn0ZIfGP7WSK/j4eV2VhSvpy+s5bEfNEVYIMa2kZjnGBapgUsyGDLes9H9K2ovjQyX17+GKiBw==",
-      "signed_at": "2026-05-18T19:44:43.696Z"
+      "signed_at": "2026-05-19T01:01:20.325Z"
     }
   ],
   "manifest_signature": {
     "algorithm": "Ed25519",
-    "signature_base64": "bIpcj5mG6211wZ8L3TSD2kU+dDqhItCx4W1f2bMQ+XyrKCbn3fcdX5S3X3kdiEs1UfpkizxudyUs+aKn8i/yBA=="
+    "signature_base64": "OhJHwjT6fo3VOwol5oVjVlFejpro8H/08ToRCDQ1J+kR4sA32JogPPqioQDPuUKniKFHVU6QFtNJmcy5Pf8AAw=="
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/exceptd-skills",
-  "version": "0.13.13",
+  "version": "0.13.15",
   "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
   "keywords": [
     "ai-security",

package/sbom.cdx.json CHANGED Viewed

@@ -1,22 +1,22 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.6",
-  "serialNumber": "urn:uuid:6df79c40-8808-4f37-bcfb-6668590270af",
+  "serialNumber": "urn:uuid:4367945a-81ef-43df-8413-115de248d533",
   "version": 1,
   "metadata": {
-    "timestamp": "2084-06-18T12:25:36.000Z",
+    "timestamp": "2061-11-01T16:14:18.000Z",
     "tools": [
       {
         "vendor": "blamejs",
         "name": "scripts/refresh-sbom.js",
-        "version": "0.13.13"
+        "version": "0.13.15"
       }
     ],
     "component": {
-      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.13",
+      "bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.13.15",
       "type": "application",
       "name": "@blamejs/exceptd-skills",
-      "version": "0.13.13",
+      "version": "0.13.15",
       "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 10 catalogs, 34 jurisdictions, pre-computed indexes, Ed25519-signed.",
       "licenses": [
         {
@@ -25,17 +25,17 @@
           }
         }
       ],
-      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.13",
+      "purl": "pkg:npm/%40blamejs/exceptd-skills@0.13.15",
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "aa86edac86d8dbd1e11255897a86664664958355072fc2920864d33da7b300ca"
+          "content": "845e2f37d4ffd197efcd87efdf27b616d839024aa2a5ca2e5da87a4a9726a062"
         }
       ],
       "externalReferences": [
         {
           "type": "distribution",
-          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.13"
+          "url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.13.15"
         },
         {
           "type": "vcs",
@@ -86,11 +86,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "cf29f5fb3c8dff3d6ede57f305f28ce5d0dbbdc3ae6f44acc539a00e9812faac"
+          "content": "93bf718cb20f29940458ab1b4bb31c3b3d894e49a1f080a97c2e1f876e1411d5"
         },
         {
           "alg": "SHA3-512",
-          "content": "e3ca7fdb2ad506b0359b3a52d80132871c76ebf57c9f37272111180bdc543bd8152edff07d7535ae1d1a12a8b8181661d1f721b02451b667971130435da3434a"
+          "content": "c8d9d8ea0e167520dba7e444c0c2fd549d0d90b094680c3ca5b6089896310573a59a6aaf41af9dd52cdd8f38e498a84c1eaa3e9660b80c3d6f8f824162cedd0c"
         }
       ]
     },
@@ -116,11 +116,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3920a5e8a3c954951e8d64ccbf2f218f149b482888d09c71ce70f42ec01c97b0"
+          "content": "e49c9c795ad2898e8aef1316c704b54a4aa1f0dacfc2d34de9969aac74c82dcc"
         },
         {
           "alg": "SHA3-512",
-          "content": "36c204818b375c1abe3ae1621e814776d3ad19324e45f94ec5e9c5e246a8ede98b1e241c1d667b18997b576386e94fa26724861d2b9740a2db171d69b56526cf"
+          "content": "3d6948cf32ce65b650da24234d965d666113bf1e77674deb5b276df3c8cba95e68ba882a2cf014df613246e1010fdd123b59b81b480d2a28c3089016f89efba6"
         }
       ]
     },
@@ -176,11 +176,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "3e8ce799c960f20427afc363037253f9cb2bf30815540520b5ecddc394c1576a"
+          "content": "9f291d7e594c1058f9e27e15298e27f3d6a4bcced0f4ded5d09e427fa64fb966"
         },
         {
           "alg": "SHA3-512",
-          "content": "2c2469d21d5c1fe1694eba4cd75697cc462d54177c6e66fbb9f50b9a2069e0a77e78223c87b84338e878691f00b163517da591977ffe31944ca9c52f91e73cca"
+          "content": "3ca28531bb57044aff1c2b06845b05affc60642ce03660ec09724522bea2af0a0a5ffbeb30727021c56674eabef4fa6bf9ee58313293442a25e591575f593324"
         }
       ]
     },
@@ -311,11 +311,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "29cd5690040c7153dbf293b7e3a99b72fc897b0495478e369f7ce7004b8d64f4"
+          "content": "6b1fa4c2559229bb8d0b3df497f6bfdd0816e7294ec06afed6482e9dd66b7cb4"
         },
         {
           "alg": "SHA3-512",
-          "content": "f4f166726072042c180c893a5699196fb25060051f5b1476a1b4592fbf73e65788bb5003f6813b14c83938eba00331dd7901d8452a535cbd18b4fb3ab4d9a50c"
+          "content": "a8cad7cab72c74fb85c77672176a76ab83ff26b68fe9d43ed061a02eec82402107fe25813cbd8865da9b15ee5bc862ae7f5dae483c7b941d85b675cd79c1d0b0"
         }
       ]
     },
@@ -326,11 +326,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "b3731361d298483648264215fd8dbfca36d0f4e2ead4aebf7c49718e12038e1f"
+          "content": "e57929ebdde8027a0cdae9125120644667a1b78c3cababd97f2a032c4f10ca22"
         },
         {
           "alg": "SHA3-512",
-          "content": "c5396fdeecd04a123dd3cfe96fd17db55fb85c53ac026d6c09493d66b69f0350e6052c14cec0ee8b91ff110b084e6393a4a39b667ff3000fb3ec8145663585b7"
+          "content": "38983d962fca794ac173f97a80f97f726672447d4ec2bde2a7317b2f83921f0ac5796a328dda95087b731b94aed6d71457d8481baffb1a96b62e840e17a7f6e9"
         }
       ]
     },
@@ -341,11 +341,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "4a0036f9ec17af29e0df111ac77b94f8be6a52742bfd89ff3583096d23b75e35"
+          "content": "42bcaf5d95401c29bcd0851284e3b3ecd60f14a02fcebd3efe198a11e7bc5067"
         },
         {
           "alg": "SHA3-512",
-          "content": "3b08b823f954c710fc525e293032269fd5db85d08c9fbacd924ab81c6fa6a197c28f3af57765a2ddeafb39efed21ced348d7dc3391e739217d7219bdf1bfbe37"
+          "content": "49d93040660e12bd7814fed3961fb07809fca412fef354235c12175eb7d2062bf648cbb0dd4ea207d7a80f5ef32af1b5aac5bb7b079e5cc1fbb3fa8f4eee88e1"
         }
       ]
     },
@@ -401,11 +401,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "a8bb654f6ed2fba5290dc6acac73ee423c1afcb2dca27bce3303adc3ee40f791"
+          "content": "368115d37ab5936abb44e346193979b24c3e5fdf7cb5b00afb2aadc9b5c4bf62"
         },
         {
           "alg": "SHA3-512",
-          "content": "bb01318bdc26209f6ccdedb6c3718e9f7dd01d5d1d1daec62874ca51287b390644ed14b8f9ed01e7f5704f271d95d1cf6b75d55b4bfd260204c928dd82aade28"
+          "content": "a7ba2500543c3edd13d32765afeff3d173d5d3bc7b353dc8d2924628eb68d9c9cfaf7f7ba4b1fdefbc8d93b9c94d41505e15cddc1091f1186c32edb20b8a8d9a"
         }
       ]
     },
@@ -791,11 +791,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "bb3fec080f649a5968f8d0c6d69ca4d32fb120de0f7d07b1f5058184d4d3ff3a"
+          "content": "606ccb60a0a117809cd8b814f575db15b66385f9b63a4e8c790e4dcc0e492ed5"
         },
         {
           "alg": "SHA3-512",
-          "content": "bd5295add5777f2075b88e93fd49108b41993150c7f539e65ae4aa126f9af02b9a54fdffc0805162e67ce7b8241842daf10f601414314e01bc6483bb14523274"
+          "content": "6ae9d94108106f700ce5c68bf0cb271460ce4c64687cce3dd6f4ce03066abe9bbd83f4a0af16bbfa7aa62947ba408202acf584722262f092a26a135d4203e5cd"
         }
       ]
     },
@@ -1136,11 +1136,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "63702da0ef17b9dd32cff349473d5e1c32aae763cd769936a07570e34cb6b824"
+          "content": "a5eba83fcffc66464d5906bcb340d7d266c885613965e467e00e8df7cca98116"
         },
         {
           "alg": "SHA3-512",
-          "content": "1a6d3c2c15cfc5bc859ec418b48939a40f081bee33d8689d23a2a15fcdabd859cb1bb44dd35e90540ccb0a60c00fe17e82c323462e32d5c3729975798e8d3cfd"
+          "content": "b1687e7484cc612bee2b4547aa7dee978a8e593d236e8859b52c661744986f95b1ea90bb1312b73bddc8867cd565b4aece4214411fd3e650f03bfb4de1d365f8"
         }
       ]
     },
@@ -1376,11 +1376,11 @@
       "hashes": [
         {
           "alg": "SHA-256",
-          "content": "72d078b29f6f658d4e976626054a2d9a50cc354c2ab729ea2d9a1ad40f30cc49"
+          "content": "21e451470c35463ab5e7e0026fddc962156b1f53f740eca99faddb62fc7e9eb8"
         },
         {
           "alg": "SHA3-512",
-          "content": "9c4fcbdf6cfbb978894c4b2e3936e1fddbd6486f7fd192d46fc4b34179167c9ad9abb56fc8ed580c9955efd45d78219126b127a5e485f3a47e3c040ef8298ca8"
+          "content": "e1d71f83e5dbf35b9ce60b451a3843432ce4916a80cd1833786a01dc06989eb37ebc08c6bef00dcf5eeec72f1e88eb4f0163546f64a83a7c086e72b46518cbef"
         }
       ]
     },