@blamejs/exceptd-skills 0.13.68 → 0.13.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +8 -8
  3. package/data/_indexes/activity-feed.json +2 -2
  4. package/data/_indexes/catalog-summaries.json +2 -2
  5. package/data/_indexes/chains.json +548 -0
  6. package/data/attack-techniques.json +12 -4
  7. package/data/cve-catalog.json +223 -0
  8. package/data/cwe-catalog.json +7 -3
  9. package/data/framework-control-gaps.json +12 -0
  10. package/data/zeroday-lessons.json +90 -0
  11. package/manifest.json +44 -44
  12. package/package.json +2 -2
  13. package/sbom.cdx.json +23 -23
package/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.13.70 — 2026-05-24
4
+
5
+ CVE catalog currency: adds **CVE-2026-45498**, the actively-exploited Microsoft Defender remote denial of service (CVSS 7.5 — network, unauthenticated; CISA KEV 2026-05-20, due 2026-06-03), companion to CVE-2026-41091 in the same Defender advisory. Uncontrolled resource consumption (CWE-400) lets a remote attacker crash or hang Defender, removing the host's AV/EDR coverage — a defense-impairment primitive (ATT&CK T1562.001) that enables follow-on intrusion. (Early press reported CVSS 4.0; NVD's authoritative score is 7.5.) Fixed in Defender antimalware platform 4.18.26040.7 (auto-update, no reboot). The entry carries RWEP scoring (P2, 45 via lib/scoring.js), CWE-400 and ATT&CK T1562.001/T1499 mappings, global-first framework-gap declarations, behavioral IoCs, and a zero-day lesson whose new control (NEW-CTRL-079) makes loss of AV/EDR availability a monitored security event. Postdates the catalog's prior bulk KEV intake (KEV catalog 2026.05.15).
6
+
7
+ ## 0.13.69 — 2026-05-24
8
+
9
+ CVE catalog currency: adds **CVE-2026-34926**, the actively-exploited Trend Micro Apex One directory traversal (CVSS 6.7; CISA KEV 2026-05-21, due 2026-06-04). A relative path traversal (CWE-23) on the on-premise management server lets an attacker who already holds server admin credentials modify a key table and inject malicious code that the server deploys to every managed agent — a fleet-wide push through the security tool's own trusted deployment channel (Scope:Changed). Fixed in Apex One on-premise 14.0.0.17079 / SaaS 14.0.20731. The entry carries RWEP scoring (P2, 52, computed via lib/scoring.js — PR:H/AC:H gate it below an unauthenticated RCE), CWE-23/22 and ATT&CK T1072/T1083 mappings, global-first framework-gap declarations, behavioral IoCs, and a zero-day lesson whose new control (NEW-CTRL-078) makes the endpoint-management deployment channel an integrity-monitored control plane. Postdates the catalog's prior bulk KEV intake (KEV catalog 2026.05.15).
10
+
3
11
  ## 0.13.68 — 2026-05-24
4
12
 
5
13
  CVE catalog currency: adds **CVE-2026-41091**, the actively-exploited Microsoft Defender link-following local privilege escalation (CVSS 7.8; CISA KEV 2026-05-20, due 2026-06-03). The Malware Protection Engine runs as SYSTEM and improperly resolves links before accessing files (CWE-59), so a local low-privileged attacker who plants a symlink/junction can elevate to SYSTEM — the AV/EDR agent itself is the privileged confused deputy. Fixed in engine build 1.1.26040.8 (auto-update, no reboot); managed environments that pin or delay engine updates are the exposed population. The entry carries full RWEP scoring (P2, 55), CWE-59/269 and ATT&CK T1068 mappings, global-first framework-gap declarations, behavioral IoCs, and a matching zero-day lesson whose new control requirement (NEW-CTRL-077) makes the security agent's own engine-build currency an audited target. Postdates the catalog's prior bulk KEV intake (KEV catalog 2026.05.15).
package/data/_indexes/_meta.json CHANGED
@@ -1,21 +1,21 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-25T05:37:39.668Z",
3
+ "generated_at": "2026-05-25T06:30:17.716Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "b2768a6fed1f9af27587332675592dd96abf0fe4f7692023324157dec05b1335",
7
+ "manifest.json": "2ef5e043e6e1ca9519dc9bccf1df86d42b46a2244c8885a01dd88e24d60eec8b",
8
8
  "data/atlas-ttps.json": "019f12d24dc45ef8f5ae8812dec7c31a9506429a94751aaa559890a007ec6b22",
9
- "data/attack-techniques.json": "69afb5bc47a2e15353d62cabc64c41bc0bc3516c4856c889b9c2cdc5c5110e54",
10
- "data/cve-catalog.json": "31eec14b758ef04a5d2fd63be8bd08e79a5f195570afc60885feb8f145e54dcc",
11
- "data/cwe-catalog.json": "ca52b055bb9a5062ee92f19fb15315379b71bbc50d484cfe274a5197f6c4d5c3",
9
+ "data/attack-techniques.json": "c5cb0ab9d14f531a671623cad187aa92afb647626fd1170cb934e8d19ba4221d",
10
+ "data/cve-catalog.json": "0d8e58d0f666b47596985d86619c2cc739070e4ce644be14af100aae3fbedde7",
11
+ "data/cwe-catalog.json": "ab362db52eb840fec10e3b568418a6420cddc1fad1a02d3b7b34b187ffdcfba4",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
14
14
  "data/exploit-availability.json": "ec2656f0d9a893610e27b43eb6035fe9b18e057c9f6dfaac7e7d4959bbcbb795",
15
- "data/framework-control-gaps.json": "935c17ffd9b6e08f0a89f711946565fc2bb36d3cc3609d0eea5482c09a0b85c8",
15
+ "data/framework-control-gaps.json": "d76aa93b18b997f783b4e615b117452020641fa546db6418ffe7fdacdff14b2b",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
17
  "data/rfc-references.json": "66ef2e1f444a2cf0c2700a754f0a66030bb8a91d9e68394b9537ea1fe8b904fe",
18
- "data/zeroday-lessons.json": "a970a232aa612d01b93d7cfc7684e8692939265efa09eb3a2ffeca475eb02c08",
18
+ "data/zeroday-lessons.json": "a8283ec189cc26bab26ae942529cbce3c0fa9bea853eb8bf06a5a38e26bab41c",
19
19
  "skills/kernel-lpe-triage/skill.md": "08b3e9815ba481c57c80f5fc0ccbf5bb7cbb41f570c235ba6ff9596b8c07354d",
20
20
  "skills/ai-attack-surface/skill.md": "c4c1eb22a38ca7a959b5725222bab8fbd4f4044a548a93f3e288e6f698334b72",
21
21
  "skills/mcp-agent-trust/skill.md": "89ac89084391d2341b6513fefb1be2d36b93de1c130f057696219c1c59440f13",
@@ -72,7 +72,7 @@
72
72
  "dlp_refs": 0
73
73
  },
74
74
  "trigger_table_entries": 538,
75
- "chains_cve_entries": 303,
75
+ "chains_cve_entries": 305,
76
76
  "chains_cwe_entries": 171,
77
77
  "jurisdictions_indexed": 29,
78
78
  "handoff_dag_nodes": 42,
package/data/_indexes/activity-feed.json CHANGED
@@ -149,7 +149,7 @@
149
149
  "artifact": "data/cve-catalog.json",
150
150
  "path": "data/cve-catalog.json",
151
151
  "schema_version": "1.0.0",
152
- "entry_count": 314
152
+ "entry_count": 316
153
153
  },
154
154
  {
155
155
  "date": "2026-05-18",
@@ -165,7 +165,7 @@
165
165
  "artifact": "data/zeroday-lessons.json",
166
166
  "path": "data/zeroday-lessons.json",
167
167
  "schema_version": "1.1.0",
168
- "entry_count": 314
168
+ "entry_count": 316
169
169
  },
170
170
  {
171
171
  "date": "2026-05-17",
package/data/_indexes/catalog-summaries.json CHANGED
@@ -62,7 +62,7 @@
62
62
  "rebuild_after_days": 365,
63
63
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
64
64
  },
65
- "entry_count": 314,
65
+ "entry_count": 316,
66
66
  "sample_keys": [
67
67
  "CVE-2025-53773",
68
68
  "CVE-2026-30615",
@@ -238,7 +238,7 @@
238
238
  "rebuild_after_days": 365,
239
239
  "note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
240
240
  },
241
- "entry_count": 314,
241
+ "entry_count": 316,
242
242
  "sample_keys": [
243
243
  "CVE-2026-31431",
244
244
  "CVE-2025-53773",