npm - @blamejs/exceptd-skills - Versions diffs - 0.15.1 → 0.15.3 - Mend

@blamejs/exceptd-skills 0.15.1 → 0.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +8 -0
package/data/_indexes/_meta.json +5 -5
package/data/attack-techniques.json +5 -0
package/data/cve-catalog.json +612 -96
package/data/zeroday-lessons.json +328 -104
package/manifest.json +44 -44
package/package.json +1 -1
package/sbom.cdx.json +18 -18

package/data/cve-catalog.json CHANGED Viewed

@@ -2302,7 +2302,15 @@
         "severity": "high",
         "published_date": "2024-04-08"
       }
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "A container process whose working directory or a bind/volume resolves into the host via /proc/self/fd/<N> (the leaked file descriptor), reaching host paths outside the container rootfs.",
+        "runc exec/run where the process cwd is set to /proc/self/fd/* or a WORKDIR that escapes the rootfs.",
+        "Files written by a container to host directories that are not part of any declared mount."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2024-21626, CISA KEV, and the Snyk 'Leaky Vessels' analysis."
+    }
   },
   "CVE-2024-3094": {
     "ai_assisted_weaponization": false,
@@ -2395,7 +2403,15 @@
         "severity": "critical",
         "published_date": "2024-04-03"
       }
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "liblzma / xz-utils version 5.6.0 or 5.6.1 present on a host where sshd links libsystemd (and thus liblzma).",
+        "An sshd login latency regression (~0.5s) traced to liblzma symbol resolution / IFUNC resolver activity.",
+        "sshd routing specific attacker-supplied RSA public keys to a non-standard code path (the Ed448-gated backdoor trigger)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2024-3094, the openwall oss-security disclosure, and research.swtch.com/xz-script."
+    }
   },
   "CVE-2024-3154": {
     "ai_assisted_weaponization": false,
@@ -2460,7 +2476,15 @@
       "https://github.com/cri-o/cri-o/security/advisories"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Reported by the OpenShift / CRI-O upstream security team via Red Hat Bugzilla 2272532; no individual researcher byline in the public advisory and no AI-tool credit. Bug class (systemd property injection through pod annotations) is conventional argument-injection. Source: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-3154."
+    "discovery_attribution_note": "Reported by the OpenShift / CRI-O upstream security team via Red Hat Bugzilla 2272532; no individual researcher byline in the public advisory and no AI-tool credit. Bug class (systemd property injection through pod annotations) is conventional argument-injection. Source: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-3154.",
+    "iocs": {
+      "behavioral": [
+        "CRI-O nodes on 1.27.x < 1.27.10 / 1.28.x < 1.28.7 / 1.29.x < 1.29.4 accepting pod-create from non-cluster-admin RBAC subjects.",
+        "modprobe / kernel-module load events on a node correlated with a pod creation whose spec carried module-name attributes.",
+        "newly present kernel modules in /proc/modules on a worker node with no matching node-image or DaemonSet provenance."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2024-3154 and the cri-o GitHub security advisory cited in verification_sources."
+    }
   },
   "CVE-2023-43472": {
     "ai_assisted_weaponization": false,
@@ -2521,7 +2545,16 @@
       "https://huntr.com/bounties/"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Discovered by Joseph Beeton, senior security researcher at Contrast Security, via the Protect AI Huntr bug bounty program. Named human researcher; no AI-tool credited. Source: https://securityonline.info/cve-2023-43472-critical-vulnerability-uncovered-in-mlflow/ and https://github.com/advisories/GHSA-wqxf-447m-6f5f."
+    "discovery_attribution_note": "Discovered by Joseph Beeton, senior security researcher at Contrast Security, via the Protect AI Huntr bug bounty program. Named human researcher; no AI-tool credited. Source: https://securityonline.info/cve-2023-43472-critical-vulnerability-uncovered-in-mlflow/ and https://github.com/advisories/GHSA-wqxf-447m-6f5f.",
+    "iocs": {
+      "behavioral": [
+        "GET requests to the MLflow /model-versions/get-artifact endpoint whose path parameter contains ../ traversal sequences.",
+        "MLflow tracking server below 2.9.0 reachable and serving artifact-fetch requests.",
+        "MLflow artifact reads resolving to files outside the configured artifact root (e.g. /etc/passwd, SSH keys) returned through get-artifact responses.",
+        "Encoded/stacked traversal tokens (%2e%2e%2f, ....//) targeting MLflow artifact endpoints."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2023-43472 and the Protect AI Huntr report cited in verification_sources."
+    }
   },
   "CVE-2020-10148": {
     "ai_assisted_weaponization": false,
@@ -2598,7 +2631,15 @@
         "severity": "critical",
         "published_date": "2020-12-17"
       }
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "SolarWinds Orion API requests that bypass authentication by including a crafted request path containing the GUID parameter (e.g. paths with 'WebResource.axd', 'ScriptResource.axd', 'i18n.ashx' segments) to reach SolarWinds.Orion.Core.* endpoints unauthenticated.",
+        "The trojanized SolarWinds.Orion.Core.BusinessLayer.dll (SUNBURST) and beaconing to avsvmcloud.com or DGA-derived subdomains.",
+        "Orion server initiating outbound C2 after a dormancy period, with traffic masqueraded as the Orion Improvement Program protocol."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2020-10148 and CISA advisory AA20-352A (SolarWinds SUNBURST)."
+    }
   },
   "CVE-2023-3519": {
     "ai_assisted_weaponization": false,
@@ -2677,7 +2718,15 @@
         "severity": "critical",
         "published_date": "2023-07-18"
       }
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Web shells written under the NetScaler web root (e.g. /var/netscaler/logon/LogonPoint/, /netscaler/ns_gui/) following unauthenticated POSTs to the SAML/GWTest endpoints.",
+        "Crash artifacts in /var/core on the NetScaler ADC/Gateway appliance from the stack overflow.",
+        "An internet-facing NetScaler ADC/Gateway configured as a Gateway/AAA virtual server below the patched build."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2023-3519 and Citrix advisory CTX561482."
+    }
   },
   "CVE-2024-1709": {
     "ai_assisted_weaponization": false,
@@ -2760,7 +2809,15 @@
         "severity": "critical",
         "published_date": "2024-02-22"
       }
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated requests to SetupWizard.aspx with an appended path segment (e.g. /SetupWizard.aspx/anything) on a ScreenConnect server, re-triggering the initial setup flow.",
+        "A new administrative user created on the ScreenConnect instance with no corresponding operator action.",
+        "ScreenConnect deploying unexpected extensions or remote-control tooling immediately after the setup-wizard access."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2024-1709 and the ConnectWise ScreenConnect 23.9.8 security bulletin."
+    }
   },
   "CVE-2026-20182": {
     "ai_assisted_weaponization": false,
@@ -2845,7 +2902,15 @@
         "severity": "critical",
         "published_date": "2026-05-14"
       }
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Unauthenticated requests reaching administrative functions on the Cisco SD-WAN manager/controller (admin actions without a preceding authenticated session).",
+        "New administrative accounts or unexpected configuration/template changes on the SD-WAN management plane.",
+        "An internet-facing Cisco SD-WAN management interface running a release below the fixed version."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-20182, CISA KEV, and the Cisco security advisory."
+    }
   },
   "CVE-2024-40635": {
     "ai_assisted_weaponization": false,
@@ -2905,7 +2970,16 @@
     ],
     "last_updated": "2026-05-15",
     "discovery_attribution_note": "Reported via the containerd security team (GO-2025-3528, Snyk SNYK-GOLANG-GITHUBCOMCONTAINERDCONTAINERDV2PKGOCI-9479987); no individual researcher byline in the advisory and no AI-tool credited. Bug class is straight integer overflow in WithUser() UID handling. Source: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERDCONTAINERDV2PKGOCI-9479987.",
-    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0."
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0.",
+    "iocs": {
+      "behavioral": [
+        "containerd 1.6.x < 1.6.34 or 1.7.x < 1.7.21 with CNI IP allocation in scope.",
+        "Containers receiving an IP mask inconsistent with their assigned CNI subnet (spurious/oversized mask from the 32-bit overflow).",
+        "CNI IPAM configs or pod network requests specifying CIDR values large enough to overflow the mask conversion path.",
+        "Cross-namespace network reachability or address-mask leakage between containers that should be CNI-isolated."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2024-40635 and the containerd GitHub security advisory / Snyk Labs PoC cited in verification_sources."
+    }
   },
   "MAL-2026-TANSTACK-MINI": {
     "ai_assisted_weaponization": false,
@@ -2979,7 +3053,16 @@
     "related_threats": [
       "MAL-2026-SHAI-HULUD-OSS"
     ],
-    "related_threats_note": "MAL-2026-TANSTACK-MINI is a Mini-Shai-Hulud-wave incident (Microsoft Security Research, 2026-05-11). The framework was open-sourced 2026-05-12 (MAL-2026-SHAI-HULUD-OSS) — TanStack predates the public release by ~24h. Same threat-actor authorship class; same registry-pivot tradecraft."
+    "related_threats_note": "MAL-2026-TANSTACK-MINI is a Mini-Shai-Hulud-wave incident (Microsoft Security Research, 2026-05-11). The framework was open-sourced 2026-05-12 (MAL-2026-SHAI-HULUD-OSS) — TanStack predates the public release by ~24h. Same threat-actor authorship class; same registry-pivot tradecraft.",
+    "iocs": {
+      "behavioral": [
+        "Installation of any @tanstack/* package version flagged in the 2026-05-11 advisory (84 malicious versions across 42 packages).",
+        "Postinstall lifecycle hooks executing during @tanstack/* installs that read ~/.npmrc, ~/.aws/credentials, or GitHub PAT files.",
+        "Outbound network activity or npm publish/republication attempts originating from a postinstall script during @tanstack/* installation.",
+        "Credential-file reads (~/.npmrc, ~/.aws/credentials, GitHub token files) by a node/npm child process spawned from an @tanstack/* install."
+      ],
+      "_ioc_source_note": "Anchored to the TanStack security advisory 2026-05-11 and the npm advisories cited in verification_sources."
+    }
   },
   "CVE-2026-30623": {
     "ai_assisted_weaponization": false,
@@ -3044,7 +3127,16 @@
       "https://github.com/anthropics/anthropic-sdk-python/security/advisories"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "OX Security advisory 2026-04-15; researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok. Same disclosure cluster as CVE-2026-30615. Named-human research; no AI-tool credit. Source: https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/."
+    "discovery_attribution_note": "OX Security advisory 2026-04-15; researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok. Same disclosure cluster as CVE-2026-30615. Named-human research; no AI-tool credit. Source: https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/.",
+    "iocs": {
+      "behavioral": [
+        "Anthropic MCP SDK stdio transport at a pre-fix version spawning MCP servers from an operator-supplied command string.",
+        "MCP server-spawn command strings containing shell metacharacters (;, |, &, $(), backticks) reaching subprocess exec without argv-array separation.",
+        "Child processes spawned by the MCP-client stdio transport whose command line differs from the configured server binary.",
+        "Unexpected subprocess execution (shells, downloaders) parented to the MCP client process at server-launch time."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-30623 and the anthropic MCP SDK GitHub security advisory cited in verification_sources."
+    }
   },
   "CVE-2025-12686": {
     "ai_assisted_weaponization": false,
@@ -3102,7 +3194,15 @@
     ],
     "last_updated": "2026-05-15",
     "discovery_attribution_note": "Pwn2Own Ireland 2025 (Cork, 2025-10-21) — exploited by @Tek_7987 and @_Anyfun of Synacktiv's offensive security team. Disclosure methodology: attack-surface enumeration + manual code auditing + exploit development per Synacktiv's published writeup; no AI-tool credit. Source: https://www.synacktiv.com/en/publications/breaking-the-beestation-inside-our-pwn2own-2025-exploit-journey.",
-    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (50 -> 45)."
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (50 -> 45).",
+    "iocs": {
+      "behavioral": [
+        "Synology BeeStation Manager below 1.4.0-65374 exposing its web management interface.",
+        "Unauthenticated requests to the BeeStation web management surface resulting in OS-command execution (CWE-78).",
+        "Command-shell or unexpected child processes spawned by the BeeStation web management service without a preceding authenticated session."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-12686 and the Zero Day Initiative Pwn2Own Ireland 2025 disclosure cited in verification_sources."
+    }
   },
   "CVE-2025-62847": {
     "ai_assisted_weaponization": false,
@@ -3162,7 +3262,15 @@
     ],
     "last_updated": "2026-05-15",
     "discovery_attribution_note": "Pwn2Own Ireland 2025 — exploited by DEVCORE Research Team (chained injection + format-string bug, $40,000 + 4 Master of Pwn points). Named-human team via ZDI live-blog credit; no AI-tool attribution. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results.",
-    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (45 -> 40)."
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (45 -> 40).",
+    "iocs": {
+      "behavioral": [
+        "QNAP QTS < 5.2.4.2950 or QuTS hero < h5.2.4.2950 with the web management interface reachable.",
+        "Requests to QTS/QuTS hero management endpoints carrying OS-command metacharacters (CWE-78), consistent with the first component of the Pwn2Own chain.",
+        "Unexpected command-shell or child processes spawned by QTS/QuTS hero web services without a corresponding administrative action."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-62847 and the QNAP security advisory cited in verification_sources."
+    }
   },
   "CVE-2025-62848": {
     "ai_assisted_weaponization": false,
@@ -3222,7 +3330,15 @@
     ],
     "last_updated": "2026-05-15",
     "discovery_attribution_note": "Pwn2Own Ireland 2025 — chain 2/3 of the DEVCORE Research Team QNAP TS-453E exploit. Same researcher attribution as CVE-2025-62847; ZDI live-blog credit. No AI-tool attribution. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results.",
-    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (45 -> 40)."
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (45 -> 40).",
+    "iocs": {
+      "behavioral": [
+        "QNAP QTS < 5.2.4.2950 or QuTS hero < h5.2.4.2950 with management services reachable.",
+        "Input reaching a QTS/QuTS hero code-evaluation path (CWE-94), the second component of the Pwn2Own chain — injected code executing within a QNAP management process.",
+        "QTS/QuTS hero management processes evaluating attacker-supplied script/code fragments not present in stock firmware."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-62848 and the QNAP security advisory cited in verification_sources."
+    }
   },
   "CVE-2025-62849": {
     "ai_assisted_weaponization": false,
@@ -3282,7 +3398,15 @@
     ],
     "last_updated": "2026-05-15",
     "discovery_attribution_note": "Pwn2Own Ireland 2025 — chain 3/3 of the DEVCORE Research Team QNAP TS-453E exploit (post-auth elevation). Same attribution as CVE-2025-62847/62848; ZDI credit. No AI-tool attribution. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results.",
-    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (40 -> 35)."
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: -5 (40 -> 35).",
+    "iocs": {
+      "behavioral": [
+        "QNAP QTS < 5.2.4.2950 or QuTS hero < h5.2.4.2950 where a low-privilege session escalates privilege.",
+        "A QTS/QuTS hero process or session gaining privileges beyond its authenticated account (CWE-269), the post-auth elevation component of the Pwn2Own chain.",
+        "Post-authentication privilege transitions on the appliance not initiated through a legitimate admin role assignment."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-62849 and the QNAP security advisory cited in verification_sources."
+    }
   },
   "CVE-2025-59389": {
     "ai_assisted_weaponization": false,
@@ -3341,7 +3465,15 @@
     ],
     "last_updated": "2026-05-15",
     "discovery_attribution_note": "Pwn2Own Ireland 2025 — Sina Kheirkhah of Summoning Team chained a hardcoded-credential issue with an injection flaw against QNAP Hyper Data Protector ($20,000 award). Named-human researcher; no AI-tool credit. Source: https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results and https://www.qnap.com/en/security-advisory/qsa-25-48.",
-    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0."
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0.",
+    "iocs": {
+      "behavioral": [
+        "QNAP Hyper Data Protector below 2.1.4.0420 exposing its management surface.",
+        "Unauthenticated requests to the Hyper Data Protector management interface resulting in OS-command execution (CWE-78).",
+        "Command-shell or unexpected child processes spawned by the Hyper Data Protector backup-orchestration service without a preceding authenticated session."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-59389 and the QNAP / Pwn2Own Ireland 2025 advisory cited in verification_sources."
+    }
   },
   "CVE-2025-11837": {
     "ai_assisted_weaponization": false,
@@ -3401,7 +3533,15 @@
       "https://www.qnap.com/en/security-advisory/"
     ],
     "last_updated": "2026-05-15",
-    "discovery_attribution_note": "Pwn2Own Ireland 2025 — Chumy Tsai of CyCraft Technology demonstrated the code-injection on QNAP TS-453E ($20,000 award). Named-human researcher via ZDI credit; no AI-tool attribution. Source: https://www.qnap.com/en/security-advisory/qsa-25-47 and https://cybersecuritynews.com/qnap-zero-day-vulnerabilities-exploited/."
+    "discovery_attribution_note": "Pwn2Own Ireland 2025 — Chumy Tsai of CyCraft Technology demonstrated the code-injection on QNAP TS-453E ($20,000 award). Named-human researcher via ZDI credit; no AI-tool attribution. Source: https://www.qnap.com/en/security-advisory/qsa-25-47 and https://cybersecuritynews.com/qnap-zero-day-vulnerabilities-exploited/.",
+    "iocs": {
+      "behavioral": [
+        "QNAP Malware Remover below 6.6.8.20251023 fetching or applying malware-definition updates.",
+        "The definition-handling path processing a crafted/tampered definition update, leading to code execution within the security tool's process (CWE-94).",
+        "The malware-definition-fetch channel redirected/hijacked (download from an unexpected host or over a tampered channel) supplying attacker-controlled content."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-11837 and the QNAP security advisory cited in verification_sources."
+    }
   },
   "CVE-2026-42945": {
     "name": "NGINX Rift",
@@ -3478,7 +3618,16 @@
     ],
     "last_updated": "2026-05-15",
     "discovery_attribution_note": "Discovered by depthfirst's autonomous vulnerability-analysis platform; flagged the heap-buffer-overflow in nginx ngx_http_rewrite_module (present since nginx 0.6.27, 2008) within six hours of scan time. First publicly-attributed AI-discovered nginx CVE; jointly disclosed by F5 + depthfirst on 2026-05-13. Source: https://depthfirst.com/nginx-rift and https://github.com/depthfirstdisclosures/nginx-rift.",
-    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields."
+    "rwep_correction_note": "v0.12.30: canonicalized rwep_factors to satisfy Shape B invariant (Σ factors === rwep_score). Prior values used non-canonical weights and/or blast_radius > 30 (over-cap). Stored rwep_score unchanged; factor block now reproducible from canonical RWEP_WEIGHTS + operational fields.",
+    "iocs": {
+      "behavioral": [
+        "nginx 0.6.27 through 1.30.0 or nginx Plus R32-R36 with a rewrite directive using unnamed PCRE captures in its configuration.",
+        "Single HTTP requests whose URI matches a rewrite rule using unnamed captures, triggering the out-of-bounds heap write (CWE-787) in PCRE handling.",
+        "nginx worker process crashes/segfaults/restarts correlated with requests matching unnamed-capture rewrite rules.",
+        "Crafted URIs designed to match unnamed-capture rewrite patterns reaching nginx instances on the affected version range."
+      ],
+      "_ioc_source_note": "Anchored to the F5 advisory K000150420 and the nginx.org security advisories cited in verification_sources."
+    }
   },
   "CVE-2026-0300": {
     "name": "PAN-UID — Palo Alto Networks PAN-OS User-ID Authentication Portal RCE",
@@ -4363,7 +4512,16 @@
     ],
     "_draft": false,
     "last_updated": "2026-05-17",
-    "discovery_attribution_note": "Qualys Threat Research Unit human research, publicly disclosed 2026-05-14. The underlying logic flaw was originally surfaced in a 2020 patch proposal by Jann Horn that was never merged; Qualys identified the exploitable consequence six years later. No AI involvement on either the discovery or weaponization side."
+    "discovery_attribution_note": "Qualys Threat Research Unit human research, publicly disclosed 2026-05-14. The underlying logic flaw was originally surfaced in a 2020 patch proposal by Jann Horn that was never merged; Qualys identified the exploitable consequence six years later. No AI involvement on either the discovery or weaponization side.",
+    "iocs": {
+      "behavioral": [
+        "A Linux host on a kernel built without the 2020 ptrace exit-race fix, running the setuid ssh-keysign helper.",
+        "A process ptrace-attaching to a privileged helper (ssh-keysign) during its shutdown window to exploit the exit_mm()/exit_files() race (CWE-362/CWE-672).",
+        "An unprivileged local user obtaining access to privileged file descriptors / key material via the ssh-keysign exit race.",
+        "Kernel/audit signatures of ptrace attach to a setuid binary immediately before its exit on an affected kernel."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-46333 and the public analysis cited in verification_sources."
+    }
   },
   "MAL-2026-SHAI-HULUD-OSS": {
     "name": "Shai-Hulud worm framework (TeamPCP open-source release)",
@@ -4447,7 +4605,16 @@
       "https://snyk.io/blog/tanstack-npm-packages-compromised/"
     ],
     "last_updated": "2026-05-17",
-    "discovery_attribution_note": "TeamPCP threat-actor framework, not a vulnerability discovery. The framework was open-sourced 2026-05-12 on GitHub under MIT license by the same actor group responsible for the September 2025 / November 2025 / May 2026 Shai-Hulud npm-worm waves. TeamPCP self-describes the framework as \"vibe coded\" — AI-coding-assistant-mediated authoring. Adoption-side weaponization is accelerated by AI coding assistants + the BreachForums-hosted $1,000 USD bounty contest."
+    "discovery_attribution_note": "TeamPCP threat-actor framework, not a vulnerability discovery. The framework was open-sourced 2026-05-12 on GitHub under MIT license by the same actor group responsible for the September 2025 / November 2025 / May 2026 Shai-Hulud npm-worm waves. TeamPCP self-describes the framework as \"vibe coded\" — AI-coding-assistant-mediated authoring. Adoption-side weaponization is accelerated by AI coding assistants + the BreachForums-hosted $1,000 USD bounty contest.",
+    "iocs": {
+      "behavioral": [
+        "Any of the 170+ confirmed npm packages (May 2026 wave), the 2 confirmed PyPI packages, or the affected GitHub Action present in a lockfile/install.",
+        "Package postinstall OR require-time code reading cloud credentials, AI-assistant configs, and version-control tokens (the worm's credential-harvest phase).",
+        "Self-republication attempts from a package-install context and creation of attacker-controlled public repositories for exfiltration (worm propagation via maintainer-account pivot).",
+        "Outbound exfiltration of harvested secrets from a CI runner or developer host shortly after an affected dependency install."
+      ],
+      "_ioc_source_note": "Anchored to NVD/advisory references and the public Shai-Hulud worm analyses cited in verification_sources."
+    }
   },
   "CVE-2024-21762": {
     "ai_assisted_weaponization": false,
@@ -4565,7 +4732,15 @@
         "severity": "critical",
         "published_date": "2024-02-09"
       }
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "sslvpnd process crashes or segfaults on a FortiGate, and crafted unauthenticated HTTP requests to the SSL-VPN web surface (/remote/* endpoints).",
+        "Read-only symlinks left in the SSL-VPN language-file directory (the documented post-exploitation persistence that survives a firmware update).",
+        "An internet-facing FortiGate with SSL-VPN enabled on a FortiOS/FortiProxy build below the fixed version."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2024-21762, Fortinet FG-IR-24-015, and the CISA 2025-04 post-exploitation advisory."
+    }
   },
   "CVE-2025-10585": {
     "id": "CVE-2025-10585",
@@ -4633,7 +4808,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-843"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Google Chrome (and Chromium-based browsers) on a build below the emergency-patched version, exposed to attacker-controlled web content.",
+        "Renderer-process crashes consistent with a V8 type-confusion trigger, followed by anomalous child-process spawning from the browser.",
+        "Drive-by navigation to a malicious page delivering the V8 exploit as part of a sandbox-escape chain."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-10585 and the Google TAG / Chrome stable-channel security advisory."
+    }
   },
   "CVE-2025-14174": {
     "id": "CVE-2025-14174",
@@ -4706,7 +4889,15 @@
     "cwe_refs": [
       "CWE-787",
       "CWE-119"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Apple WebKit on an OS build below the patched version processing attacker-controlled web content (1-click delivery via message/link).",
+        "WebContent (WebKit) process memory-corruption crashes on targeted devices, consistent with a commercial-spyware delivery chain.",
+        "Indicators of targeted-spyware staging following web content rendering on a high-risk-user device (Lockdown Mode relevant)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-14174 and the Apple security update notes for the targeted-exploitation fix."
+    }
   },
   "CVE-2025-43529": {
     "id": "CVE-2025-43529",
@@ -4774,7 +4965,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-416"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "WebKit use-after-free crashes on an Apple device below the patched build, triggered by crafted web content in a 1-click chain.",
+        "Anomalous process activity following a WebKit crash on a targeted device (spyware sandbox-escape follow-on).",
+        "Delivery of a malicious link/page to a high-risk user as the chain's entry point."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-43529 and the Apple security update notes."
+    }
   },
   "CVE-2025-4919": {
     "id": "CVE-2025-4919",
@@ -4839,7 +5038,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-843"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Mozilla Firefox < 138.0.4, Firefox ESR < 128.10.1 / < 115.23.1, or Thunderbird < 138.0.2 exposed to attacker-controlled web content.",
+        "Renderer-process crashes consistent with a SpiderMonkey JIT type-confusion trigger (CWE-843).",
+        "Crafted JavaScript / WebAssembly compiled through the SpiderMonkey JIT granting renderer read/write primitives.",
+        "Drive-by navigation to a malicious page delivering the type-confusion exploit."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-4919 and the Mozilla security advisory (Pwn2Own Berlin) cited in verification_sources."
+    }
   },
   "CVE-2025-24201": {
     "id": "CVE-2025-24201",
@@ -4910,7 +5118,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "WebKit out-of-bounds write on an Apple device below the patched build, used to break out of the Web Content sandbox.",
+        "Web Content process crashes followed by privilege/sandbox-boundary anomalies on iOS/macOS.",
+        "Targeted delivery of malicious web content as part of a multi-stage exploit chain."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-24201 and the Apple security update notes (supplementary fix for a previously-mitigated attack)."
+    }
   },
   "CVE-2025-43300": {
     "id": "CVE-2025-43300",
@@ -4981,7 +5197,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "ImageIO processing a malformed DNG / JPEG-lossless image triggering an out-of-bounds write (zero-click delivery via a received image).",
+        "imagent / Messages / preview pipelines crashing on image decode on a device below the patched build.",
+        "Indicators of a zero-click spyware chain on a targeted device following inbound media."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-43300 and the Apple security update notes for the in-the-wild ImageIO fix."
+    }
   },
   "CVE-2025-38352": {
     "id": "CVE-2025-38352",
@@ -5053,7 +5277,15 @@
     "discovery_attribution_note": "Google Android Security Bulletin September 2025 attribution; no AI-tool credit. Source: https://nvd.nist.gov/vuln/detail/CVE-2025-38352",
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "A Linux/Android host below the patched kernel exhibiting a race on POSIX CPU timers (posix_cpu_timer teardown vs. expiry) leading to a use-after-free.",
+        "A sandboxed Android app or low-privileged process escalating to kernel context via the timer race.",
+        "Kernel crash/oops signatures referencing posix_cpu_timer on an affected build."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-38352 and the Android Security Bulletin / upstream kernel fix."
+    }
   },
   "CVE-2025-55241": {
     "id": "CVE-2025-55241",
@@ -5122,7 +5354,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Requests presenting an undocumented 'Actor' token to the legacy Azure AD Graph endpoint in a target Entra ID tenant.",
+        "Cross-tenant access where the originating-tenant claim is not validated by the legacy Azure AD Graph API.",
+        "Entra ID sign-in / audit-log entries showing cross-tenant impersonation via Azure AD Graph (observable in historical logs; Microsoft fixed server-side).",
+        "Tenants still exposing the legacy Azure AD Graph endpoint as the precondition."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-55241 and the Microsoft / researcher analysis cited in verification_sources."
+    }
   },
   "CVE-2025-21085": {
     "id": "CVE-2025-21085",
@@ -5187,7 +5428,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Cisco Duo Authentication Proxy below 6.5.3 with debug-level logging enabled.",
+        "Cleartext credentials present in authproxy.log emitted during LDAP/AD password-change operations (CWE-1395).",
+        "A local authenticated user or post-compromise lateral mover reading authproxy.log to recover credentials.",
+        "Debug-level Auth Proxy logging retained on disk where lower-privilege accounts can read it."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-21085 and the Cisco security advisory cited in verification_sources."
+    }
   },
   "CVE-2025-1094": {
     "id": "CVE-2025-1094",
@@ -5260,7 +5510,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "psql (or libpq client) processing input containing invalid UTF-8 byte sequences that survive quoting and enable SQL injection.",
+        "SQL injection escalating to arbitrary code execution via psql meta-commands (e.g. \\! shell execution) on the client host.",
+        "PostgreSQL/psql client below the patched version in a chain following an application-layer injection (the BeyondTrust RS exploitation pattern)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-1094 and the PostgreSQL project security advisory."
+    }
   },
   "CVE-2025-49844": {
     "id": "CVE-2025-49844",
@@ -5329,7 +5587,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-416"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "A network-reachable Redis instance (below the fixed 7.x/8.x builds) accepting EVAL/EVALSHA of attacker-supplied Lua from untrusted clients.",
+        "redis-server crashes or native code execution consistent with a use-after-free escape from the Lua sandbox (CWE-416).",
+        "Crafted Lua scripts submitted to a Redis instance exposed without authentication or network isolation.",
+        "Unexpected child processes or outbound connections originating from the redis-server process after a Lua EVAL."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-49844 and the Redis 'RediShell' advisory cited in verification_sources."
+    }
   },
   "CVE-2025-14847": {
     "id": "CVE-2025-14847",
@@ -5396,7 +5663,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "A MongoDB Server on an affected branch reachable to unauthenticated clients.",
+        "Crafted compressed wire-protocol messages with mismatched length fields sent to the server.",
+        "Server responses containing uninitialized heap memory (potentially prior request data) returned to an unauthenticated client (the 'MongoBleed' over-read).",
+        "Anomalous compressed-message traffic to MongoDB preceding memory-disclosure responses."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-14847 and the Bitsight 'MongoBleed' analysis cited in verification_sources."
+    }
   },
   "CVE-2025-8671": {
     "id": "CVE-2025-8671",
@@ -5467,7 +5743,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "An affected HTTP/2 server (e.g. Apache Tomcat, Netty, Varnish, and other enumerated implementations) reachable over HTTP/2.",
+        "Malformed HTTP/2 control frames over a single connection causing server-emitted stream resets while backend work stays in flight, bypassing the concurrency limit ('MadeYouReset').",
+        "Stream-reset storms and elevated backend resource consumption disproportionate to the visible request count on one connection.",
+        "Resource exhaustion / denial of service under crafted HTTP/2 control-frame load."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-8671 and the 'MadeYouReset' HTTP/2 advisory cited in verification_sources."
+    }
   },
   "CVE-2025-6965": {
     "id": "CVE-2025-6965",
@@ -5537,7 +5822,16 @@
     "cwe_refs": [
       "CWE-787",
       "CWE-119"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "An application embedding SQLite below 3.50.2 that processes attacker-influenced SQL.",
+        "Injected SQL causing an integer overflow that yields an out-of-bounds array read (CWE-787/CWE-119).",
+        "Memory disclosure or corruption in a SQLite-backed component following injected SQL statements.",
+        "SQLite-backed services accepting untrusted SQL on an unpatched library version (broad embedded/downstream footprint)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-6965 and the SQLite / Big Sleep disclosure cited in verification_sources."
+    }
   },
   "CVE-2026-22778": {
     "id": "CVE-2026-22778",
@@ -5608,7 +5902,16 @@
     "cwe_refs": [
       "CWE-122",
       "CWE-787"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "A vLLM multimodal endpoint below 0.14.1 reachable to unauthenticated clients.",
+        "Submission of a malicious video URL to the vLLM multimodal API triggering the bundled FFmpeg JPEG2000 decoder heap overflow (CWE-122/CWE-787).",
+        "Code execution as the vLLM service user, or vLLM service crashes / unexpected child processes on multimodal decode.",
+        "vLLM (with bundled FFmpeg 5.1.x via OpenCV) processing untrusted media URLs."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-22778 and the vLLM security advisory cited in verification_sources."
+    }
   },
   "CVE-2026-7482": {
     "id": "CVE-2026-7482",
@@ -5676,7 +5979,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Ollama below 0.17.1 (Linux/macOS/Windows) reachable to unauthenticated clients.",
+        "Unauthenticated upload of a crafted file to the Ollama API where the quantization pipeline reads beyond allocated bounds.",
+        "Ollama API responses returning heap contents (the 'Bleeding Llama' over-read disclosure).",
+        "Anomalous crafted-file uploads to Ollama preceding memory-disclosure responses."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-7482 and the Ollama security advisory cited in verification_sources."
+    }
   },
   "CVE-2025-68664": {
     "id": "CVE-2025-68664",
@@ -5750,7 +6062,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-502"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "langchain-core below 1.2.5 (1.x) or below 0.3.81 (0.x) on a pipeline that serializes LLM responses with dumps()/dumpd().",
+        "Deserialization (loads/load) of LLM response content where attacker-controlled fields (additional_kwargs / response_metadata) carry the internal 'lc' key marker, rehydrating a free-form dict as a LangChain object.",
+        "Secret/credential values appearing in objects reconstructed from a dumps->loads round-trip of model output.",
+        "Prompt-injection-bearing model responses whose serialized form survives the dumps/loads cycle with the 'lc' marker unescaped."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-68664 and the Cyata 'LangGrinch' analysis cited in verification_sources."
+    }
   },
   "CVE-2025-22224": {
     "id": "CVE-2025-22224",
@@ -5823,7 +6144,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "VMX process crashes on an ESXi/Workstation host consistent with a VMCI TOCTOU heap overflow exploited from a guest VM.",
+        "Guest-to-host code execution as the VMX process (VM escape) on an unpatched ESXi build.",
+        "An attacker with administrative/root access inside a guest VM as the precondition for the escape (often post-initial-compromise, ransomware operators)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-22224 and the Broadcom/VMware VMSA security advisory (in-the-wild ESXi escape chain)."
+    }
   },
   "CVE-2025-22225": {
     "id": "CVE-2025-22225",
@@ -5893,7 +6222,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Arbitrary kernel writes on an ESXi host enabling a sandbox/VM escape, chained with the VMCI overflow.",
+        "Unexpected VMkernel modifications or crashes on an unpatched ESXi build following guest compromise.",
+        "Ransomware-operator activity pivoting from a guest VM to the hypervisor."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-22225 and the Broadcom/VMware VMSA security advisory."
+    }
   },
   "CVE-2025-22226": {
     "id": "CVE-2025-22226",
@@ -5963,7 +6300,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "HGFS (host-guest file system) memory-leak/out-of-bounds-read activity on an ESXi/Workstation host, used as an information-leak helper in the VM-escape chain.",
+        "VMX memory disclosure preceding the VMCI escape on an unpatched build.",
+        "Guest VM with admin access reading host memory via the HGFS path."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-22226 and the Broadcom/VMware VMSA security advisory."
+    }
   },
   "MAL-2024-PYPI-ULTRALYTICS-XMRIG": {
     "id": "MAL-2024-PYPI-ULTRALYTICS-XMRIG",
@@ -6038,7 +6383,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "ultralytics resolving to exactly 8.3.41 or 8.3.42 in a lockfile/requirements/site-packages (8.3.43 is clean).",
+        "Post-install / import-time download of an XMRig binary from attacker infrastructure following an ultralytics install.",
+        "Sustained high CPU and Monero-mining stratum/pool network traffic from a host or CI runner shortly after an ultralytics install step.",
+        "Injected downloader code in the installed wheel not present in the 8.3.43 source (GitHub Actions build-time tampering)."
+      ],
+      "_ioc_source_note": "Anchored to the ReversingLabs, Wiz, HiddenLayer analyses and the ultralytics advisory cited in verification_sources."
+    }
   },
   "MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER": {
     "id": "MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER",
@@ -6116,7 +6470,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Any BufferZoneCorp-published gem/module impersonating activesupport-logger, devise-jwt, go-retryablehttp, grpc-client, or config-loader in a Gemfile.lock / go.mod / go.sum.",
+        "A newly-published-then-silently-updated package (clean at first publish, malicious payload in a later version) pulled into CI — the sleeper-to-payload pattern.",
+        "Install/CI-time reads of env vars, ~/.ssh keys, AWS credentials, .npmrc, .netrc, GitHub CLI config, and RubyGems credentials followed by exfiltration.",
+        "Go-build tampering: writes to GITHUB_ENV, a poisoned GOPROXY, weakened go.sum checksums, or a fake `go` wrapper on the workflow PATH."
+      ],
+      "_ioc_source_note": "Anchored to the Socket and The Hacker News analyses cited in verification_sources."
+    }
   },
   "MAL-2025-PYPI-COLORAMA-SOLANA-STEALER": {
     "id": "MAL-2025-PYPI-COLORAMA-SOLANA-STEALER",
@@ -6193,7 +6556,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Any colorama typosquat (coloramapkgsw, coloramapkgsdow, coloramashowtemp, coloramapkgs, readmecolorama, colorizator, coloraiz) resolving where the intended dependency was the legitimate colorama.",
+        "Install-time code reading browser-stored credentials/cookies and Solana wallet artifacts, then exfiltrating them.",
+        "Access at install time to Facebook / Telegram / Roblox session material and crypto-wallet files by the Python install process.",
+        "PyPI packages from the 2025-05-04 to 2025-05-24 window matching the colorama-typosquat naming pattern in resolved dependencies."
+      ],
+      "_ioc_source_note": "Anchored to the Imperva, Checkmarx, Check Point, and The Hacker News analyses cited in verification_sources."
+    }
   },
   "CVE-2025-0133": {
     "id": "CVE-2025-0133",
@@ -6264,7 +6636,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "PAN-OS GlobalProtect portal/gateway on an affected build (11.2 < 11.2.7, 11.1 < 11.1.11, 10.2 < 10.2.17, any 10.1 EoL, or Cloud NGFW).",
+        "Crafted captive-portal links containing reflected XSS payloads in request parameters echoed back unescaped into the portal response.",
+        "JavaScript executing inside the GlobalProtect portal origin driving session-token theft or credential-phishing prompts that appear to originate from the legitimate VPN portal."
+      ],
+      "_ioc_source_note": "Anchored to the Palo Alto Networks advisory for CVE-2025-0133 and the XBOW writeup cited in verification_sources."
+    }
   },
   "CVE-2025-59529": {
     "id": "CVE-2025-59529",
@@ -6331,7 +6711,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "avahi-daemon with the Simple Protocol Server enabled (pre-fix) on a Linux/IoT/embedded host.",
+        "A client opening repeated Simple Protocol connections to avahi-daemon beyond the configured connection cap without the cap engaging.",
+        "Growing avahi-daemon file-descriptor count and memory footprint correlated with repeated Simple Protocol connection bursts, leading to mDNS/DNS-SD service-discovery denial."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-59529, the ZeroPath writeup, and the Avahi security advisory cited in verification_sources."
+    }
   },
   "CVE-2025-55319": {
     "id": "CVE-2025-55319",
@@ -6403,7 +6791,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-77"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "VS Code agentic-AI surface (Copilot Chat / MCP-integrated agents) on a pre-fix build on a developer workstation.",
+        "Adversarial content embedded in an AI tool response or external MCP server message reaching a shell-execution primitive inside the agentic integration.",
+        "Shell commands spawned by the VS Code agentic/Copilot process whose argument content traces to model/tool/MCP response text rather than explicit developer input.",
+        "Connection to an untrusted/external MCP server immediately followed by unexpected command execution under the developer's user context."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-55319 and the MSRC advisory / ZeroPath writeup cited in verification_sources."
+    }
   },
   "CVE-2025-53767": {
     "id": "CVE-2025-53767",
@@ -6475,7 +6872,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Azure OpenAI in its pre-2025-08-19 state (Microsoft fixed server-side before this date).",
+        "An authenticated low-privilege tenant user issuing requests that induce server-side SSRF crossing the cloud-tenant boundary in the Azure OpenAI control plane.",
+        "Outbound fetches initiated by the Azure OpenAI control plane toward internal/metadata or other-tenant endpoints on behalf of a low-privilege caller (observable in historical logs only; server-side patched)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-53767 and the MSRC advisory / ZeroPath writeup cited in verification_sources."
+    }
   },
   "CVE-2025-10725": {
     "id": "CVE-2025-10725",
@@ -6545,7 +6950,15 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "Red Hat OpenShift AI on a pre-fix release in a managed-Kubernetes environment.",
+        "Kubernetes RBAC/audit events showing a low-privilege OpenShift AI tenant principal gaining cluster/control-plane-scoped permissions it was not granted.",
+        "Privilege transitions in the OpenShift AI control plane originating from a tenant-scoped service account or user rather than a cluster-admin."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2025-10725 and the Red Hat advisory / ZeroPath writeup cited in verification_sources."
+    }
   },
   "MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP": {
     "id": "MAL-2025-AI-FOUND-FFMPEG-BIGSLEEP",
@@ -6617,7 +7030,16 @@
     "live_patch_tools": [],
     "cwe_refs": [
       "CWE-1395"
-    ]
+    ],
+    "iocs": {
+      "behavioral": [
+        "FFmpeg or ImageMagick on a pre-tranche-fix build (the August 2025 Big Sleep disclosure set) processing untrusted media files.",
+        "Crafted media files passed through a vulnerable decoder/library API triggering memory corruption.",
+        "Crashes / abnormal termination of FFmpeg/ImageMagick (or processes embedding them) when decoding specific attacker-supplied inputs prior to the upstream tranche patches.",
+        "An unpatched library version from the enumerated Big Sleep tranche in a media-processing service's dependency inventory."
+      ],
+      "_ioc_source_note": "Anchored to the Google Project Zero / Big Sleep disclosure posts cited in verification_sources."
+    }
   },
   "CVE-2026-31635": {
     "name": "DirtyDecrypt (rxgk page-cache write)",
@@ -6709,7 +7131,16 @@
       }
     ],
     "last_updated": "2026-05-18",
-    "intake_gap_note": "Catalog entry added 2026-05-18 via manual operator triage AFTER public PoC. The daily exceptd-threat-intake routine missed this CVE — kernel.org Atom feed window had rolled past the 2026-04-25 silent-patch commit by the time the PoC published on 2026-05-17, and the V12 rediscovery report went to maintainers privately rather than to oss-security@openwall. The v0.13.14 release adds a vendor-security-blog source (Microsoft / Sysdig / Trail of Bits) to close this class of gap. See feeds_into supply-chain-recovery + framework playbooks for the chained handling."
+    "intake_gap_note": "Catalog entry added 2026-05-18 via manual operator triage AFTER public PoC. The daily exceptd-threat-intake routine missed this CVE — kernel.org Atom feed window had rolled past the 2026-04-25 silent-patch commit by the time the PoC published on 2026-05-17, and the V12 rediscovery report went to maintainers privately rather than to oss-security@openwall. The v0.13.14 release adds a vendor-security-blog source (Microsoft / Sysdig / Trail of Bits) to close this class of gap. See feeds_into supply-chain-recovery + framework playbooks for the chained handling.",
+    "iocs": {
+      "behavioral": [
+        "A Linux kernel >= 6.13 (when rxgk landed) and pre-2026-04-24 with CONFIG_RXGK enabled (distros tracking upstream master; older LTS kernels without rxgk are not affected).",
+        "An unprivileged local process driving the rxgk_decrypt_skb page-cache write primitive to corrupt page-cache pages backing privileged binaries (missing copy-on-write guard).",
+        "Page-cache contents of privileged/setuid binaries diverging from their on-disk backing without a legitimate write (the Dirty-COW-bypass primitive class).",
+        "An unprivileged user gaining root on an rxgk-enabled host (matching the published PoC)."
+      ],
+      "_ioc_source_note": "Anchored to the public reporting and PoC cited in verification_sources."
+    }
   },
   "CVE-2020-17103-REREGRESSION-2026": {
     "name": "MiniPlasma — Windows cldflt.sys Cloud Files Mini Filter SYSTEM EoP (re-regression of CVE-2020-17103)",
@@ -8547,7 +8978,8 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1190"
+      "T1190",
+      "T1059"
     ],
     "rwep_score": 77,
     "rwep_factors": {
@@ -8569,7 +9001,7 @@
       "CWE-20",
       "CWE-94"
     ],
-    "source_verified": "2026-05-18",
+    "source_verified": "2026-05-29",
     "verification_sources": [
       "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
       "https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt",
@@ -8598,11 +9030,21 @@
         "published_date": "2026-04-16"
       }
     ],
-    "last_updated": "2026-05-18",
+    "last_updated": "2026-05-29",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-16; due date 2026-04-30. Notes reference: https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197",
-    "_auto_imported": true,
-    "_intake_method": "v0.13.17-bulk-cisa-kev-import",
-    "_kev_short_description": "Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection."
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.",
+    "iocs": {
+      "behavioral": [
+        "Apache ActiveMQ reachable on the network at a release below the fixed version named in the vendor advisory.",
+        "Unauthenticated requests to the broker consistent with improper input validation leading to code execution (CWE-20/CWE-94) reachable by an unauthenticated network attacker against the message broker.",
+        "Unexpected command/code execution, child-process spawning, or web shells on the broker with no corresponding administrative action (KEV-confirmed in-the-wild exploitation)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-34197, CISA KEV (added 2026-04-16), and the vendor advisory recorded in vendor_advisories."
+    },
+    "_draft": false,
+    "curation_note": "Promoted from KEV-import draft on 2026-05-29: ATT&CK enrichment + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
   },
   "CVE-2009-0238": {
     "name": "Microsoft Office Remote Code Execution",
@@ -9336,7 +9778,7 @@
     "cwe_refs": [
       "CWE-89"
     ],
-    "source_verified": "2026-05-18",
+    "source_verified": "2026-05-29",
     "verification_sources": [
       "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
       "https://fortiguard.fortinet.com/psirt/FG-IR-25-1142",
@@ -9365,11 +9807,21 @@
         "published_date": "2026-04-13"
       }
     ],
-    "last_updated": "2026-05-18",
+    "last_updated": "2026-05-29",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-13; due date 2026-04-16. Notes reference: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643",
-    "_auto_imported": true,
-    "_intake_method": "v0.13.17-bulk-cisa-kev-import",
-    "_kev_short_description": "Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests."
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.",
+    "iocs": {
+      "behavioral": [
+        "Fortinet FortiClient EMS reachable on the network at a release below the fixed version named in the vendor advisory.",
+        "Unauthenticated requests to the EMS management server consistent with SQL injection (CWE-89) on the FortiClient EMS management surface escalating to remote code execution.",
+        "Unexpected command/code execution, child-process spawning, or web shells on the EMS management server with no corresponding administrative action (KEV-confirmed in-the-wild exploitation)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-21643, CISA KEV (added 2026-04-13), and the vendor advisory recorded in vendor_advisories."
+    },
+    "_draft": false,
+    "curation_note": "Promoted from KEV-import draft on 2026-05-29: ATT&CK enrichment + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
   },
   "CVE-2026-34621": {
     "name": "Adobe Acrobat and Reader Prototype Pollution Vulnerability",
@@ -9507,7 +9959,8 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1190"
+      "T1190",
+      "T1059"
     ],
     "rwep_score": 77,
     "rwep_factors": {
@@ -9528,7 +9981,7 @@
     "cwe_refs": [
       "CWE-94"
     ],
-    "source_verified": "2026-05-18",
+    "source_verified": "2026-05-29",
     "verification_sources": [
       "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
       "https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US",
@@ -9559,11 +10012,21 @@
         "published_date": "2026-04-08"
       }
     ],
-    "last_updated": "2026-05-18",
+    "last_updated": "2026-05-29",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-04-08; due date 2026-04-11. Notes reference: Please adhere to Ivanti's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any",
-    "_auto_imported": true,
-    "_intake_method": "v0.13.17-bulk-cisa-kev-import",
-    "_kev_short_description": "Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution."
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.",
+    "iocs": {
+      "behavioral": [
+        "Ivanti Endpoint Manager Mobile (EPMM) reachable on the network at a release below the fixed version named in the vendor advisory.",
+        "Unauthenticated requests to the EPMM server consistent with code injection (CWE-94) yielding unauthenticated remote code execution on the EPMM management surface.",
+        "Unexpected command/code execution, child-process spawning, or web shells on the EPMM server with no corresponding administrative action (KEV-confirmed in-the-wild exploitation)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-1340, CISA KEV (added 2026-04-08), and the vendor advisory recorded in vendor_advisories."
+    },
+    "_draft": false,
+    "curation_note": "Promoted from KEV-import draft on 2026-05-29: ATT&CK enrichment + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
   },
   "CVE-2026-35616": {
     "name": "Fortinet FortiClient EMS Improper Access Control Vulnerability",
@@ -20526,7 +20989,7 @@
     "cwe_refs": [
       "CWE-502"
     ],
-    "source_verified": "2026-05-18",
+    "source_verified": "2026-05-29",
     "verification_sources": [
       "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
       "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh",
@@ -20555,11 +21018,21 @@
         "published_date": "2026-03-19"
       }
     ],
-    "last_updated": "2026-05-18",
+    "last_updated": "2026-05-29",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-19; due date 2026-03-22. Notes reference: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh ; https://nvd.nist.gov/vuln/detail/CVE-2026-20131",
-    "_auto_imported": true,
-    "_intake_method": "v0.13.17-bulk-cisa-kev-import",
-    "_kev_short_description": "Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device."
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.",
+    "iocs": {
+      "behavioral": [
+        "Cisco Secure Firewall Management Center (FMC) reachable on the network at a release below the fixed version named in the vendor advisory.",
+        "Unauthenticated requests to the FMC management plane consistent with deserialization of untrusted data (CWE-502) yielding unauthenticated remote code execution on the firewall management plane.",
+        "Unexpected command/code execution, child-process spawning, or web shells on the FMC management plane with no corresponding administrative action (KEV-confirmed in-the-wild exploitation)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-20131, CISA KEV (added 2026-03-19), and the vendor advisory recorded in vendor_advisories."
+    },
+    "_draft": false,
+    "curation_note": "Promoted from KEV-import draft on 2026-05-29: ATT&CK enrichment + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
   },
   "CVE-2025-66376": {
     "name": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability",
@@ -20717,7 +21190,7 @@
     "cwe_refs": [
       "CWE-502"
     ],
-    "source_verified": "2026-05-18",
+    "source_verified": "2026-05-29",
     "verification_sources": [
       "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
       "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963",
@@ -20746,11 +21219,21 @@
         "published_date": "2026-03-18"
       }
     ],
-    "last_updated": "2026-05-18",
+    "last_updated": "2026-05-29",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-18; due date 2026-03-21. Notes reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20963",
-    "_auto_imported": true,
-    "_intake_method": "v0.13.17-bulk-cisa-kev-import",
-    "_kev_short_description": "Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network."
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.",
+    "iocs": {
+      "behavioral": [
+        "Microsoft SharePoint reachable on the network at a release below the fixed version named in the vendor advisory.",
+        "Unauthenticated requests to the SharePoint server consistent with deserialization of untrusted data (CWE-502) yielding unauthenticated remote code execution on the SharePoint web surface.",
+        "Unexpected command/code execution, child-process spawning, or web shells on the SharePoint server with no corresponding administrative action (KEV-confirmed in-the-wild exploitation)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-20963, CISA KEV (added 2026-03-18), and the vendor advisory recorded in vendor_advisories."
+    },
+    "_draft": false,
+    "curation_note": "Promoted from KEV-import draft on 2026-05-29: ATT&CK enrichment + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
   },
   "CVE-2025-47813": {
     "name": "Wing FTP Server Information Disclosure Vulnerability",
@@ -21948,7 +22431,8 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1190"
+      "T1190",
+      "T1059"
     ],
     "rwep_score": 77,
     "rwep_factors": {
@@ -21969,7 +22453,7 @@
     "cwe_refs": [
       "CWE-77"
     ],
-    "source_verified": "2026-05-18",
+    "source_verified": "2026-05-29",
     "verification_sources": [
       "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
       "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947",
@@ -21999,11 +22483,21 @@
         "published_date": "2026-03-03"
       }
     ],
-    "last_updated": "2026-05-18",
+    "last_updated": "2026-05-29",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-03-03; due date 2026-03-24. Notes reference: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/det",
-    "_auto_imported": true,
-    "_intake_method": "v0.13.17-bulk-cisa-kev-import",
-    "_kev_short_description": "Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support‑assisted product migration."
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support‑assisted product migration.",
+    "iocs": {
+      "behavioral": [
+        "Broadcom VMware Aria Operations reachable on the network at a release below the fixed version named in the vendor advisory.",
+        "Unauthenticated requests to the Aria Operations consistent with command injection (CWE-77) giving command execution on the Aria Operations management surface.",
+        "Unexpected command/code execution, child-process spawning, or web shells on the Aria Operations with no corresponding administrative action (KEV-confirmed in-the-wild exploitation)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-22719, CISA KEV (added 2026-03-03), and the vendor advisory recorded in vendor_advisories."
+    },
+    "_draft": false,
+    "curation_note": "Promoted from KEV-import draft on 2026-05-29: ATT&CK enrichment + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
   },
   "CVE-2026-21385": {
     "name": "Qualcomm Multiple Chipsets Memory Corruption Vulnerability",
@@ -22336,7 +22830,8 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1190"
+      "T1190",
+      "T1059"
     ],
     "rwep_score": 77,
     "rwep_factors": {
@@ -22357,7 +22852,7 @@
     "cwe_refs": [
       "CWE-78"
     ],
-    "source_verified": "2026-05-18",
+    "source_verified": "2026-05-29",
     "verification_sources": [
       "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
       "https://jvn.jp/en/jp/JVN84622767/",
@@ -22386,11 +22881,21 @@
         "published_date": "2026-02-24"
       }
     ],
-    "last_updated": "2026-05-18",
+    "last_updated": "2026-05-29",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-24; due date 2026-03-17. Notes reference: https://jvn.jp/en/jp/JVN84622767/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-25108",
-    "_auto_imported": true,
-    "_intake_method": "v0.13.17-bulk-cisa-kev-import",
-    "_kev_short_description": "Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request."
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request.",
+    "iocs": {
+      "behavioral": [
+        "Soliton FileZen reachable on the network at a release below the fixed version named in the vendor advisory.",
+        "Unauthenticated requests to the FileZen file-transfer appliance consistent with OS command injection (CWE-78) giving an unauthenticated attacker command execution on the managed-file-transfer appliance.",
+        "Unexpected command/code execution, child-process spawning, or web shells on the FileZen file-transfer appliance with no corresponding administrative action (KEV-confirmed in-the-wild exploitation)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-25108, CISA KEV (added 2026-02-24), and the vendor advisory recorded in vendor_advisories."
+    },
+    "_draft": false,
+    "curation_note": "Promoted from KEV-import draft on 2026-05-29: ATT&CK enrichment + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
   },
   "CVE-2025-49113": {
     "name": "RoundCube Webmail Deserialization of Untrusted Data Vulnerability",
@@ -23204,7 +23709,8 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1190"
+      "T1190",
+      "T1059"
     ],
     "rwep_score": 83,
     "rwep_factors": {
@@ -23225,7 +23731,7 @@
     "cwe_refs": [
       "CWE-78"
     ],
-    "source_verified": "2026-05-18",
+    "source_verified": "2026-05-29",
     "verification_sources": [
       "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
       "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02",
@@ -23254,11 +23760,21 @@
         "published_date": "2026-02-13"
       }
     ],
-    "last_updated": "2026-05-18",
+    "last_updated": "2026-05-29",
     "discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-02-13; due date 2026-02-16. Notes reference: Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. ",
-    "_auto_imported": true,
-    "_intake_method": "v0.13.17-bulk-cisa-kev-import",
-    "_kev_short_description": "BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption."
+    "_auto_imported": false,
+    "_intake_method": "manual-verified-curation",
+    "_kev_short_description": "BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.",
+    "iocs": {
+      "behavioral": [
+        "BeyondTrust Remote Support (RS) / Privileged Remote Access (PRA) reachable on the network at a release below the fixed version named in the vendor advisory.",
+        "Unauthenticated requests to the remote-support appliance consistent with OS command injection (CWE-78) giving an unauthenticated attacker command execution on the remote-support/PRA appliance.",
+        "Unexpected command/code execution, child-process spawning, or web shells on the remote-support appliance with no corresponding administrative action (KEV-confirmed in-the-wild exploitation)."
+      ],
+      "_ioc_source_note": "Anchored to NVD CVE-2026-1731, CISA KEV (added 2026-02-13), and the vendor advisory recorded in vendor_advisories."
+    },
+    "_draft": false,
+    "curation_note": "Promoted from KEV-import draft on 2026-05-29: ATT&CK enrichment + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
   },
   "CVE-2026-20700": {
     "name": "Apple Multiple Buffer Overflow Vulnerability",