npm - @blamejs/exceptd-skills - Versions diffs - 0.13.15 → 0.13.17 - Mend

@blamejs/exceptd-skills 0.13.15 → 0.13.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/AGENTS.md +5 -2
package/CHANGELOG.md +42 -0
package/README.md +3 -3
package/data/_indexes/_meta.json +9 -9
package/data/_indexes/activity-feed.json +5 -5
package/data/_indexes/catalog-summaries.json +5 -5
package/data/_indexes/chains.json +36194 -5006
package/data/_indexes/frequency.json +50 -1
package/data/attack-techniques.json +310 -1
package/data/cve-catalog.json +26215 -4
package/data/cwe-catalog.json +1090 -20
package/data/framework-control-gaps.json +866 -2
package/data/zeroday-lessons.json +10758 -0
package/lib/cve-regression-watcher.js +218 -0
package/lib/refresh-external.js +11 -0
package/lib/source-advisories.js +162 -11
package/manifest.json +44 -44
package/package.json +2 -2
package/sbom.cdx.json +46 -31

package/data/_indexes/frequency.json CHANGED Viewed

@@ -2463,25 +2463,68 @@
   },
   "uncited": {
     "cwe_refs": [
+      "CWE-119",
+      "CWE-120",
+      "CWE-121",
+      "CWE-122",
       "CWE-123",
+      "CWE-124",
+      "CWE-1321",
+      "CWE-1390",
+      "CWE-158",
+      "CWE-190",
+      "CWE-209",
+      "CWE-23",
+      "CWE-25",
       "CWE-250",
       "CWE-256",
+      "CWE-257",
+      "CWE-264",
+      "CWE-267",
+      "CWE-282",
+      "CWE-288",
+      "CWE-290",
       "CWE-310",
       "CWE-312",
+      "CWE-324",
       "CWE-326",
       "CWE-328",
       "CWE-329",
       "CWE-330",
       "CWE-331",
       "CWE-338",
+      "CWE-347",
+      "CWE-35",
       "CWE-353",
+      "CWE-367",
+      "CWE-399",
+      "CWE-420",
       "CWE-426",
+      "CWE-436",
+      "CWE-472",
+      "CWE-476",
       "CWE-506",
+      "CWE-528",
+      "CWE-552",
+      "CWE-59",
+      "CWE-611",
+      "CWE-648",
+      "CWE-667",
       "CWE-669",
+      "CWE-693",
+      "CWE-73",
+      "CWE-74",
       "CWE-759",
       "CWE-760",
+      "CWE-807",
+      "CWE-822",
+      "CWE-843",
       "CWE-88",
-      "CWE-916"
+      "CWE-913",
+      "CWE-916",
+      "CWE-940",
+      "CWE-95",
+      "CWE-98"
     ],
     "atlas_refs": [
       "AML.T0001",
@@ -2549,6 +2592,7 @@
       "EU-AI-Act-Art15",
       "EU-AI-Act-GPAI-CoP",
       "EU-CRA-Art13",
+      "EU-GDPR-Art.32-1(a)",
       "FedRAMP-AC-3",
       "FedRAMP-AC-4",
       "FedRAMP-SC-4",
@@ -2561,6 +2605,7 @@
       "ISO-27001-2022-A.5.15",
       "ISO-27001-2022-A.5.21",
       "ISO-27001-2022-A.5.7",
+      "ISO-27001-2022-A.7.10",
       "ISO-27001-2022-A.8.13",
       "ISO-27001-2022-A.8.15",
       "ISO-27001-2022-A.8.21",
@@ -2576,6 +2621,7 @@
       "NIS2-Art21-incident-handling",
       "NIS2-Art21-network-security",
       "NIS2-Art21-supply-chain",
+      "NIS2-Art21-vulnerability-handling",
       "NIS2-Art21-vulnerability-management",
       "NIST-800-218-SSDF-PO.4.2",
       "NIST-800-218-SSDF-PW.4",
@@ -2583,12 +2629,15 @@
       "NIST-800-53-AC-3",
       "NIST-800-53-AC-6",
       "NIST-800-53-AU-9",
+      "NIST-800-53-CM-3",
       "NIST-800-53-IA-2",
       "NIST-800-53-IA-8",
+      "NIST-800-53-MP-7",
       "NIST-800-53-SC-39",
       "NIST-800-53-SC-44",
       "NIST-800-53-SC-5",
       "NIST-800-53-SI-10",
+      "NIST-800-53-SI-4",
       "NIST-800-53-SR-3",
       "NIST-AI-RMF-MAP-3.4",
       "NIST-AI-RMF-MEASURE-2.7",

package/data/attack-techniques.json CHANGED Viewed

@@ -132,7 +132,15 @@
     "name": "Command and Scripting Interpreter: JavaScript",
     "version": "v19",
     "cve_refs": [
+      "CVE-2021-26829",
+      "CVE-2024-11182",
+      "CVE-2024-27443",
+      "CVE-2024-42009",
       "CVE-2025-0133",
+      "CVE-2025-27915",
+      "CVE-2025-48700",
+      "CVE-2025-66376",
+      "CVE-2025-68461",
       "CVE-2026-45321",
       "MAL-2026-NODE-IPC-STEALER"
     ]
@@ -141,12 +149,24 @@
     "name": "Exploitation for Privilege Escalation",
     "version": "v19",
     "cve_refs": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
+      "CVE-2020-17103-REREGRESSION-2026",
+      "CVE-2021-43226",
+      "CVE-2024-0769",
+      "CVE-2024-8068",
       "CVE-2025-10725",
       "CVE-2025-22224",
       "CVE-2025-22225",
       "CVE-2025-24201",
+      "CVE-2025-24990",
+      "CVE-2025-32701",
       "CVE-2025-38352",
+      "CVE-2025-40602",
       "CVE-2025-43300",
+      "CVE-2025-48543",
+      "CVE-2025-48572",
+      "CVE-2025-60710",
+      "CVE-2025-62215",
       "CVE-2025-62849",
       "CVE-2026-0300",
       "CVE-2026-31431",
@@ -167,12 +187,33 @@
     "name": "Valid Accounts",
     "version": "v19",
     "cve_refs": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
+      "CVE-2015-7755",
+      "CVE-2017-7921",
+      "CVE-2019-19006",
       "CVE-2020-10148",
+      "CVE-2020-24363",
+      "CVE-2021-32030",
+      "CVE-2023-27351",
+      "CVE-2023-50224",
       "CVE-2024-1709",
+      "CVE-2024-54085",
       "CVE-2025-21085",
+      "CVE-2025-2746",
+      "CVE-2025-2747",
+      "CVE-2025-32975",
+      "CVE-2025-34026",
+      "CVE-2025-49706",
+      "CVE-2025-61757",
+      "CVE-2026-1603",
+      "CVE-2026-20127",
       "CVE-2026-20182",
+      "CVE-2026-24061",
+      "CVE-2026-24423",
+      "CVE-2026-24858",
       "CVE-2026-33825",
       "CVE-2026-39884",
+      "CVE-2026-41940",
       "CVE-2026-42897",
       "CVE-2026-6973",
       "MAL-2026-NODE-IPC-STEALER",
@@ -250,24 +291,181 @@
     "name": "Exploit Public-Facing Application",
     "version": "v19",
     "cve_refs": [
+      "CVE-2007-0671",
+      "CVE-2008-0015",
+      "CVE-2009-0238",
+      "CVE-2009-0556",
+      "CVE-2010-3765",
+      "CVE-2010-3962",
+      "CVE-2011-3402",
+      "CVE-2012-1854",
+      "CVE-2013-3893",
+      "CVE-2013-3918",
+      "CVE-2014-6278",
+      "CVE-2016-10033",
+      "CVE-2016-7836",
+      "CVE-2017-1000353",
+      "CVE-2018-4063",
+      "CVE-2019-6693",
       "CVE-2020-10148",
+      "CVE-2020-25078",
+      "CVE-2020-25079",
+      "CVE-2021-22681",
+      "CVE-2021-26828",
+      "CVE-2022-37055",
+      "CVE-2022-40799",
+      "CVE-2022-48503",
+      "CVE-2023-0386",
+      "CVE-2023-21529",
+      "CVE-2023-2533",
+      "CVE-2023-33538",
       "CVE-2023-3519",
+      "CVE-2023-39780",
+      "CVE-2023-52163",
+      "CVE-2024-12987",
       "CVE-2024-1709",
       "CVE-2024-21762",
+      "CVE-2024-37079",
+      "CVE-2024-43468",
+      "CVE-2024-56145",
+      "CVE-2024-57726",
+      "CVE-2024-7694",
+      "CVE-2024-8069",
+      "CVE-2025-10035",
       "CVE-2025-1094",
+      "CVE-2025-11371",
+      "CVE-2025-11953",
+      "CVE-2025-12480",
       "CVE-2025-12686",
+      "CVE-2025-13223",
+      "CVE-2025-14611",
+      "CVE-2025-14733",
       "CVE-2025-14847",
+      "CVE-2025-15556",
+      "CVE-2025-20281",
+      "CVE-2025-20333",
+      "CVE-2025-20337",
+      "CVE-2025-20352",
+      "CVE-2025-20362",
+      "CVE-2025-20393",
+      "CVE-2025-21042",
+      "CVE-2025-21043",
+      "CVE-2025-24016",
+      "CVE-2025-24893",
+      "CVE-2025-25257",
+      "CVE-2025-26399",
+      "CVE-2025-2775",
+      "CVE-2025-2776",
+      "CVE-2025-29635",
+      "CVE-2025-30397",
+      "CVE-2025-31125",
+      "CVE-2025-32432",
+      "CVE-2025-32433",
+      "CVE-2025-32463",
+      "CVE-2025-32706",
+      "CVE-2025-32756",
+      "CVE-2025-33053",
+      "CVE-2025-33073",
+      "CVE-2025-35939",
+      "CVE-2025-37164",
+      "CVE-2025-3935",
+      "CVE-2025-4008",
+      "CVE-2025-40536",
+      "CVE-2025-40551",
+      "CVE-2025-41244",
+      "CVE-2025-42999",
+      "CVE-2025-43200",
+      "CVE-2025-43510",
+      "CVE-2025-43520",
+      "CVE-2025-4427",
+      "CVE-2025-4428",
+      "CVE-2025-47812",
+      "CVE-2025-47827",
+      "CVE-2025-48384",
+      "CVE-2025-48703",
+      "CVE-2025-48927",
+      "CVE-2025-48928",
+      "CVE-2025-49113",
+      "CVE-2025-49704",
       "CVE-2025-49844",
+      "CVE-2025-5086",
+      "CVE-2025-52691",
+      "CVE-2025-53521",
+      "CVE-2025-53690",
       "CVE-2025-53767",
+      "CVE-2025-53770",
       "CVE-2025-53773",
+      "CVE-2025-54068",
+      "CVE-2025-54236",
+      "CVE-2025-54253",
+      "CVE-2025-54309",
+      "CVE-2025-54313",
+      "CVE-2025-54948",
+      "CVE-2025-55177",
+      "CVE-2025-55182",
+      "CVE-2025-57819",
+      "CVE-2025-58034",
+      "CVE-2025-58360",
+      "CVE-2025-59230",
+      "CVE-2025-59287",
+      "CVE-2025-59374",
       "CVE-2025-59389",
+      "CVE-2025-59689",
+      "CVE-2025-59718",
+      "CVE-2025-61882",
+      "CVE-2025-61932",
+      "CVE-2025-6204",
+      "CVE-2025-6205",
+      "CVE-2025-62221",
       "CVE-2025-62847",
       "CVE-2025-62848",
+      "CVE-2025-64328",
+      "CVE-2025-6554",
+      "CVE-2025-6558",
+      "CVE-2025-66644",
+      "CVE-2025-68613",
+      "CVE-2025-68645",
       "CVE-2025-6965",
+      "CVE-2025-7775",
+      "CVE-2025-8875",
+      "CVE-2025-8876",
+      "CVE-2025-9242",
+      "CVE-2025-9377",
       "CVE-2026-0300",
+      "CVE-2026-1281",
+      "CVE-2026-1340",
+      "CVE-2026-1731",
+      "CVE-2026-20045",
+      "CVE-2026-20122",
+      "CVE-2026-20128",
+      "CVE-2026-20131",
+      "CVE-2026-20133",
       "CVE-2026-20182",
+      "CVE-2026-20700",
+      "CVE-2026-20963",
+      "CVE-2026-21509",
+      "CVE-2026-21510",
+      "CVE-2026-21513",
+      "CVE-2026-21514",
+      "CVE-2026-21519",
+      "CVE-2026-21525",
+      "CVE-2026-21533",
+      "CVE-2026-21643",
+      "CVE-2026-22719",
+      "CVE-2026-22769",
       "CVE-2026-22778",
+      "CVE-2026-23760",
+      "CVE-2026-25108",
+      "CVE-2026-32201",
       "CVE-2026-32202",
+      "CVE-2026-33017",
+      "CVE-2026-33634",
+      "CVE-2026-34197",
+      "CVE-2026-34621",
+      "CVE-2026-3502",
+      "CVE-2026-35616",
+      "CVE-2026-3909",
+      "CVE-2026-3910",
       "CVE-2026-39987",
       "CVE-2026-42208",
       "CVE-2026-42897",
@@ -313,12 +511,27 @@
     "name": "Exploitation for Client Execution",
     "version": "v19",
     "cve_refs": [
+      "CVE-2014-3931",
+      "CVE-2018-14634",
+      "CVE-2020-9715",
+      "CVE-2021-22555",
+      "CVE-2021-30952",
+      "CVE-2023-41974",
+      "CVE-2023-43000",
       "CVE-2025-10585",
       "CVE-2025-14174",
+      "CVE-2025-21479",
+      "CVE-2025-21480",
       "CVE-2025-24201",
+      "CVE-2025-27038",
+      "CVE-2025-31277",
+      "CVE-2025-32709",
       "CVE-2025-43300",
       "CVE-2025-43529",
       "CVE-2025-4919",
+      "CVE-2026-21385",
+      "CVE-2026-2441",
+      "CVE-2026-5281",
       "MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP"
     ]
   },
@@ -462,6 +675,9 @@
     "detection_strategies": [
       "DS0017",
       "DS0022"
+    ],
+    "cve_refs": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND"
     ]
   },
   "T1562.006": {
@@ -535,7 +751,10 @@
   },
   "T1600": {
     "name": "Weaken Encryption",
-    "version": "v19"
+    "version": "v19",
+    "cve_refs": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY"
+    ]
   },
   "T1606.001": {
     "name": "Forge Web Credentials: Web Cookies",
@@ -722,8 +941,15 @@
     "name": "Data from Local System",
     "version": "v19",
     "cve_refs": [
+      "CVE-2023-36424",
       "CVE-2025-14847",
       "CVE-2025-22226",
+      "CVE-2025-47813",
+      "CVE-2025-48633",
+      "CVE-2025-5419",
+      "CVE-2025-5777",
+      "CVE-2026-20805",
+      "CVE-2026-3055",
       "CVE-2026-7482"
     ]
   },
@@ -779,5 +1005,88 @@
     "cve_refs": [
       "MAL-2025-PYPI-COLORAMA-SOLANA-STEALER"
     ]
+  },
+  "T1606": {
+    "id": "T1606",
+    "name": "Forge Web Credentials",
+    "tactic": [
+      "Credential Access"
+    ],
+    "sub_techniques": [
+      "T1606.001",
+      "T1606.002"
+    ],
+    "description": "Adversaries may forge credential materials that can be used to gain access to web applications or Internet services. Web applications and services (hosted in cloud SaaS environments or on-premises servers) often use session cookies, tokens, or other materials to authenticate and authorize user access. In the context of YellowKey, the BitLocker key-inheritance class is a sibling pattern: the attacker does not extract the credential, they inherit a context where the credential is already in scope — the forgery is contextual rather than cryptographic.",
+    "last_verified": "2026-05-18",
+    "notes": "Added v0.13.17 to support BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY attack_refs. Used as a near-fit for the BitLocker-inheritance class; tighter ATT&CK technique may be assigned when Microsoft publishes an advisory naming the specific boot-flow defect.",
+    "cve_refs": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY"
+    ]
+  },
+  "T1562.004": {
+    "id": "T1562.004",
+    "name": "Impair Defenses: Disable or Modify System Firewall",
+    "tactic": [
+      "Defense Evasion"
+    ],
+    "description": "Adversaries may disable or modify system firewalls in order to bypass controls limiting network usage. While the technique is named for system firewalls specifically, the parent T1562 (Impair Defenses) covers the broader class of defense impairment that includes silently degrading update channels and signature freshness — UnDefend belongs to this class even when the specific sub-technique is closer to T1562.001 (Disable or Modify Tools). T1562.004 retained as a secondary ref because the UnDefend chain leaves Windows Firewall update logs in a corrupted state alongside the Defender pipeline tampering.",
+    "last_verified": "2026-05-18",
+    "notes": "Added v0.13.17 to support BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND attack_refs. The dominant technique is T1562.001 (already in local catalog); T1562.004 is the secondary mapping for the firewall-state side-effects of UnDefend.",
+    "cve_refs": [
+      "BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND"
+    ]
+  },
+  "T1592": {
+    "id": "T1592",
+    "name": "Gather Victim Host Information",
+    "tactic": [
+      "Reconnaissance"
+    ],
+    "description": "Adversaries may gather information about the victim's hosts that can be used during targeting. Information about hosts may include a variety of details, including administrative data (e.g., name, assigned IP, functionality, etc.) as well as specifics regarding their configuration. In bulk-imported KEV entries, T1592 is used as a near-fit for information-disclosure / arbitrary-file-read / SSRF classes where the operational impact is intelligence gathering against the host.",
+    "last_verified": "2026-05-18",
+    "notes": "Added v0.13.17 to support information-disclosure KEV imports' attack_refs. Per-CVE refinement may reroute to T1083 (File and Directory Discovery), T1005 (Data from Local System), or T1071 depending on the vector.",
+    "cve_refs": [
+      "CVE-2019-5418",
+      "CVE-2019-9621",
+      "CVE-2020-7796",
+      "CVE-2021-21311",
+      "CVE-2021-22054",
+      "CVE-2021-22175",
+      "CVE-2021-39935",
+      "CVE-2021-43798",
+      "CVE-2022-20775",
+      "CVE-2023-38950",
+      "CVE-2024-1708",
+      "CVE-2024-27199",
+      "CVE-2024-57728",
+      "CVE-2024-7399",
+      "CVE-2025-2749",
+      "CVE-2025-27920",
+      "CVE-2025-4632",
+      "CVE-2025-61884",
+      "CVE-2025-6218",
+      "CVE-2025-64446",
+      "CVE-2025-8088",
+      "CVE-2025-8110"
+    ]
+  },
+  "T1499": {
+    "id": "T1499",
+    "name": "Endpoint Denial of Service",
+    "tactic": [
+      "Impact"
+    ],
+    "sub_techniques": [
+      "T1499.001",
+      "T1499.002",
+      "T1499.003",
+      "T1499.004"
+    ],
+    "description": "Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users. Endpoint DoS can be performed by exhausting the system resources that the underlying services rely on, or by exploiting the system itself.",
+    "last_verified": "2026-05-18",
+    "notes": "Added v0.13.17 to support DoS-class KEV bulk imports.",
+    "cve_refs": [
+      "CVE-2025-6543"
+    ]
   }
 }