npm - @blamejs/exceptd-skills - Versions diffs - 0.15.10 → 0.15.12 - Mend

@blamejs/exceptd-skills 0.15.10 → 0.15.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +8 -0
package/data/_indexes/_meta.json +5 -5
package/data/attack-techniques.json +16 -5
package/data/cve-catalog.json +267 -96
package/data/zeroday-lessons.json +613 -210
package/manifest.json +44 -44
package/package.json +1 -1
package/sbom.cdx.json +18 -18

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,13 @@
 # Changelog
+## 0.15.12 — 2026-05-29
+Draft-curation pass 10 — Zimbra mail server. Seven CISA KEV-listed Synacor Zimbra Collaboration Suite (ZCS) CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: the cross-site scripting cluster (CVE-2025-48700, CVE-2025-66376, CVE-2025-27915, CVE-2024-27443), the server-side request forgery pair (CVE-2020-7796, CVE-2019-9621), and the PHP remote-file-inclusion RCE (CVE-2025-68645). The lessons note ZCS is a recurring mass-exploited mail-server target where web-shell hunting and session-secret rotation are needed beyond the patch.
+## 0.15.11 — 2026-05-29
+Draft-curation pass 9 — Apple client-side zero-days. Nine CISA KEV-listed Apple memory-corruption CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons. They map T1203 (Exploitation for Client Execution) — and T1068 for the sandbox-escape steps that act as privilege links in a multi-stage chain — rather than the network-service T1190: improper locking (CVE-2025-43510), buffer overflows (CVE-2025-43520, CVE-2025-31277, CVE-2026-20700), use-after-frees (CVE-2023-43000, CVE-2023-41974), an integer overflow (CVE-2021-30952), and two code-execution flaws (CVE-2022-48503, CVE-2025-43200). The lessons frame these as targeted-spyware-chain components and stress same-day OS update vs. MDM change windows, with Lockdown Mode for high-risk users.
 ## 0.15.10 — 2026-05-29
 Draft-curation pass 8 — Microsoft server-side RCE. Six CISA KEV-listed CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Exchange Server deserialization (CVE-2023-21529), Configuration Manager SQL injection (CVE-2024-43468), Windows Server Update Services deserialization (CVE-2025-59287), and the SharePoint Server "ToolShell" chain — improper authentication (CVE-2025-49706), code injection (CVE-2025-49704), and deserialization (CVE-2025-53770). The lessons stress that for these deserialization RCEs patching alone is insufficient: stolen machine keys and dropped web shells survive the patch and require explicit key rotation and web-shell hunting.

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-29T19:28:44.044Z",
+  "generated_at": "2026-05-29T20:13:44.758Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "1bd5c8e6489d1a1b7ef67889b6fa5afbfb3d0780d0a5bf2699b1a5ca22164ec9",
+    "manifest.json": "3bacb8aa107312617e0a571f7120ca76409f003a0ad1f48841aa5963e0d31e71",
     "data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
-    "data/attack-techniques.json": "96e21dd277fe24598e8ae74b40009785757a71ed4fc98e456504cd04f441bc90",
-    "data/cve-catalog.json": "365fd70e7f02daff7ca5b2b4eeeeb4579621937b167ad2fc07914d1c36a36bc9",
+    "data/attack-techniques.json": "5c5f431f4764af9d1e3fa4fbc927df282d794c4ceef89ce65bb406dfac087e5d",
+    "data/cve-catalog.json": "a984c5200d64409419733ac577525b76308d0ed221142482f11defa0dd175a97",
     "data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
@@ -15,7 +15,7 @@
     "data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
-    "data/zeroday-lessons.json": "eecfcd270e8c6063511122374cfc2d5b56bdf5be769ad8e2a1556949ec682f0b",
+    "data/zeroday-lessons.json": "a06da4f17287974cf234a78a327ab6935cf71b65f61690773e50f2e499c3a4a1",
     "skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
     "skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
     "skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",

package/data/attack-techniques.json CHANGED Viewed

@@ -325,6 +325,7 @@
       "CVE-2025-58034",
       "CVE-2025-60455",
       "CVE-2025-64496",
+      "CVE-2025-68645",
       "CVE-2025-68664",
       "CVE-2025-68665",
       "CVE-2025-68668",
@@ -476,7 +477,10 @@
     "cve_refs": [
       "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
       "CVE-2020-17103-REREGRESSION-2026",
+      "CVE-2021-30952",
       "CVE-2021-43226",
+      "CVE-2023-41974",
+      "CVE-2023-43000",
       "CVE-2024-0769",
       "CVE-2024-8068",
       "CVE-2025-10725",
@@ -484,6 +488,7 @@
       "CVE-2025-22225",
       "CVE-2025-24201",
       "CVE-2025-24990",
+      "CVE-2025-31277",
       "CVE-2025-32701",
       "CVE-2025-38352",
       "CVE-2025-40602",
@@ -908,9 +913,11 @@
       "CVE-2017-1000353",
       "CVE-2018-4063",
       "CVE-2019-6693",
+      "CVE-2019-9621",
       "CVE-2020-10148",
       "CVE-2020-25078",
       "CVE-2020-25079",
+      "CVE-2020-7796",
       "CVE-2021-22681",
       "CVE-2021-26828",
       "CVE-2022-1471",
@@ -918,7 +925,6 @@
       "CVE-2022-36551",
       "CVE-2022-37055",
       "CVE-2022-40799",
-      "CVE-2022-48503",
       "CVE-2023-0386",
       "CVE-2023-21529",
       "CVE-2023-2533",
@@ -944,6 +950,7 @@
       "CVE-2024-21575",
       "CVE-2024-21576",
       "CVE-2024-21762",
+      "CVE-2024-27443",
       "CVE-2024-2912",
       "CVE-2024-31462",
       "CVE-2024-37032",
@@ -989,6 +996,7 @@
       "CVE-2025-27520",
       "CVE-2025-2775",
       "CVE-2025-2776",
+      "CVE-2025-27915",
       "CVE-2025-29635",
       "CVE-2025-30165",
       "CVE-2025-30202",
@@ -1015,14 +1023,12 @@
       "CVE-2025-40551",
       "CVE-2025-41244",
       "CVE-2025-42999",
-      "CVE-2025-43200",
-      "CVE-2025-43510",
-      "CVE-2025-43520",
       "CVE-2025-4427",
       "CVE-2025-4428",
       "CVE-2025-47812",
       "CVE-2025-47827",
       "CVE-2025-48384",
+      "CVE-2025-48700",
       "CVE-2025-48703",
       "CVE-2025-48927",
       "CVE-2025-48928",
@@ -1069,6 +1075,7 @@
       "CVE-2025-64513",
       "CVE-2025-6554",
       "CVE-2025-6558",
+      "CVE-2025-66376",
       "CVE-2025-66644",
       "CVE-2025-67818",
       "CVE-2025-68613",
@@ -1094,7 +1101,6 @@
       "CVE-2026-20131",
       "CVE-2026-20133",
       "CVE-2026-20182",
-      "CVE-2026-20700",
       "CVE-2026-20963",
       "CVE-2026-21509",
       "CVE-2026-21510",
@@ -1299,6 +1305,7 @@
       "CVE-2020-9715",
       "CVE-2021-22555",
       "CVE-2021-30952",
+      "CVE-2022-48503",
       "CVE-2023-41974",
       "CVE-2023-43000",
       "CVE-2025-10585",
@@ -1309,9 +1316,13 @@
       "CVE-2025-27038",
       "CVE-2025-31277",
       "CVE-2025-32709",
+      "CVE-2025-43200",
       "CVE-2025-43300",
+      "CVE-2025-43510",
+      "CVE-2025-43520",
       "CVE-2025-43529",
       "CVE-2025-4919",
+      "CVE-2026-20700",
       "CVE-2026-21385",
       "CVE-2026-2441",
       "CVE-2026-25592",