@blamejs/exceptd-skills 0.15.11 → 0.15.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/data/_indexes/_meta.json +5 -5
  3. package/data/attack-techniques.json +14 -0
  4. package/data/cve-catalog.json +221 -77
  5. package/data/zeroday-lessons.json +541 -177
  6. package/manifest.json +44 -44
  7. package/package.json +1 -1
  8. package/sbom.cdx.json +18 -18
package/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.15.13 — 2026-05-29
4
+
5
+ Draft-curation pass 11 — Citrix. Six CISA KEV-listed Citrix CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: four NetScaler ADC/Gateway appliance flaws (CVE-2026-3055 and CVE-2025-5777 — the CitrixBleed-class out-of-bounds reads that disclose authenticated session material; CVE-2025-7775 and CVE-2025-6543 memory-corruption buffer flaws) and two Session Recording flaws (CVE-2024-8069 deserialization RCE and CVE-2024-8068 privilege escalation). The CitrixBleed entries map T1552 alongside T1190 to surface session-token theft, and the lessons stress session termination + secret rotation (memory-disclosure class) and appliance rebuild (RCE class) as required steps beyond the patch.
6
+
7
+ ## 0.15.12 — 2026-05-29
8
+
9
+ Draft-curation pass 10 — Zimbra mail server. Seven CISA KEV-listed Synacor Zimbra Collaboration Suite (ZCS) CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: the cross-site scripting cluster (CVE-2025-48700, CVE-2025-66376, CVE-2025-27915, CVE-2024-27443), the server-side request forgery pair (CVE-2020-7796, CVE-2019-9621), and the PHP remote-file-inclusion RCE (CVE-2025-68645). The lessons note ZCS is a recurring mass-exploited mail-server target where web-shell hunting and session-secret rotation are needed beyond the patch.
10
+
3
11
  ## 0.15.11 — 2026-05-29
4
12
 
5
13
  Draft-curation pass 9 — Apple client-side zero-days. Nine CISA KEV-listed Apple memory-corruption CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons. They map T1203 (Exploitation for Client Execution) — and T1068 for the sandbox-escape steps that act as privilege links in a multi-stage chain — rather than the network-service T1190: improper locking (CVE-2025-43510), buffer overflows (CVE-2025-43520, CVE-2025-31277, CVE-2026-20700), use-after-frees (CVE-2023-43000, CVE-2023-41974), an integer overflow (CVE-2021-30952), and two code-execution flaws (CVE-2022-48503, CVE-2025-43200). The lessons frame these as targeted-spyware-chain components and stress same-day OS update vs. MDM change windows, with Lockdown Mode for high-risk users.
package/data/_indexes/_meta.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
2
  "schema_version": "1.1.0",
3
- "generated_at": "2026-05-29T19:51:04.683Z",
3
+ "generated_at": "2026-05-29T20:35:07.738Z",
4
4
  "generator": "scripts/build-indexes.js",
5
5
  "source_count": 54,
6
6
  "source_hashes": {
7
- "manifest.json": "690cb7c701080f97144ae7df49c0fb2b2b017f6699859f6cfe1a2d07c2a1d32c",
7
+ "manifest.json": "8fe3f27879a535ce7242433d0a93dc71146f6a9f7fddc1fd9869c9f8270e1ea6",
8
8
  "data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
9
- "data/attack-techniques.json": "874c1693aa263ff5161cc96bd28efa6056c0e018847e2b55f575502b47a45fc5",
10
- "data/cve-catalog.json": "6787e2aea49819872301629954f5a5d3ce9c27d984ffd45835eb097cab95e98c",
9
+ "data/attack-techniques.json": "d139db4dc4cb4ec2be0ba517bbfa541215053aa6fa3aa1544dd061711d1acd8e",
10
+ "data/cve-catalog.json": "b24fe940b9752fd8ec37ec03954b0b99c8de523b1a5b6a7b79e2f55e3327baea",
11
11
  "data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
12
12
  "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
13
13
  "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
@@ -15,7 +15,7 @@
15
15
  "data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
16
16
  "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
17
17
  "data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
18
- "data/zeroday-lessons.json": "775bcd4734117ccfc4d191f0a3ae337b43da6611a612c1e0074c3bb8e285bbbc",
18
+ "data/zeroday-lessons.json": "a127b709dee1473f21804a85150aabfe1072e95443292d853b1fc6de554b4825",
19
19
  "skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
20
20
  "skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
21
21
  "skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
package/data/attack-techniques.json CHANGED
@@ -298,6 +298,7 @@
298
298
  "CVE-2024-4889",
299
299
  "CVE-2024-50050",
300
300
  "CVE-2024-5565",
301
+ "CVE-2024-8069",
301
302
  "CVE-2025-10164",
302
303
  "CVE-2025-1094",
303
304
  "CVE-2025-11837",
@@ -325,6 +326,7 @@
325
326
  "CVE-2025-58034",
326
327
  "CVE-2025-60455",
327
328
  "CVE-2025-64496",
329
+ "CVE-2025-68645",
328
330
  "CVE-2025-68664",
329
331
  "CVE-2025-68665",
330
332
  "CVE-2025-68668",
@@ -912,9 +914,11 @@
912
914
  "CVE-2017-1000353",
913
915
  "CVE-2018-4063",
914
916
  "CVE-2019-6693",
917
+ "CVE-2019-9621",
915
918
  "CVE-2020-10148",
916
919
  "CVE-2020-25078",
917
920
  "CVE-2020-25079",
921
+ "CVE-2020-7796",
918
922
  "CVE-2021-22681",
919
923
  "CVE-2021-26828",
920
924
  "CVE-2022-1471",
@@ -947,6 +951,7 @@
947
951
  "CVE-2024-21575",
948
952
  "CVE-2024-21576",
949
953
  "CVE-2024-21762",
954
+ "CVE-2024-27443",
950
955
  "CVE-2024-2912",
951
956
  "CVE-2024-31462",
952
957
  "CVE-2024-37032",
@@ -961,6 +966,7 @@
961
966
  "CVE-2024-57726",
962
967
  "CVE-2024-6587",
963
968
  "CVE-2024-7694",
969
+ "CVE-2024-8068",
964
970
  "CVE-2024-8069",
965
971
  "CVE-2025-0282",
966
972
  "CVE-2025-10035",
@@ -992,6 +998,7 @@
992
998
  "CVE-2025-27520",
993
999
  "CVE-2025-2775",
994
1000
  "CVE-2025-2776",
1001
+ "CVE-2025-27915",
995
1002
  "CVE-2025-29635",
996
1003
  "CVE-2025-30165",
997
1004
  "CVE-2025-30202",
@@ -1023,6 +1030,7 @@
1023
1030
  "CVE-2025-47812",
1024
1031
  "CVE-2025-47827",
1025
1032
  "CVE-2025-48384",
1033
+ "CVE-2025-48700",
1026
1034
  "CVE-2025-48703",
1027
1035
  "CVE-2025-48927",
1028
1036
  "CVE-2025-48928",
@@ -1047,6 +1055,7 @@
1047
1055
  "CVE-2025-55177",
1048
1056
  "CVE-2025-55182",
1049
1057
  "CVE-2025-56520",
1058
+ "CVE-2025-5777",
1050
1059
  "CVE-2025-57819",
1051
1060
  "CVE-2025-58034",
1052
1061
  "CVE-2025-58360",
@@ -1067,8 +1076,10 @@
1067
1076
  "CVE-2025-64446",
1068
1077
  "CVE-2025-64496",
1069
1078
  "CVE-2025-64513",
1079
+ "CVE-2025-6543",
1070
1080
  "CVE-2025-6554",
1071
1081
  "CVE-2025-6558",
1082
+ "CVE-2025-66376",
1072
1083
  "CVE-2025-66644",
1073
1084
  "CVE-2025-67818",
1074
1085
  "CVE-2025-68613",
@@ -1123,6 +1134,7 @@
1123
1134
  "CVE-2026-25108",
1124
1135
  "CVE-2026-26015",
1125
1136
  "CVE-2026-26190",
1137
+ "CVE-2026-3055",
1126
1138
  "CVE-2026-3059",
1127
1139
  "CVE-2026-3060",
1128
1140
  "CVE-2026-30616",
@@ -1649,10 +1661,12 @@
1649
1661
  "CVE-2024-12450",
1650
1662
  "CVE-2025-30066",
1651
1663
  "CVE-2025-30154",
1664
+ "CVE-2025-5777",
1652
1665
  "CVE-2025-68664",
1653
1666
  "CVE-2025-68665",
1654
1667
  "CVE-2026-20128",
1655
1668
  "CVE-2026-22219",
1669
+ "CVE-2026-3055",
1656
1670
  "CVE-2026-48027",
1657
1671
  "MAL-2025-PYPI-COLORAMA-SOLANA-STEALER",
1658
1672
  "MAL-2026-RUBYGEMS-BUFFERZONECORP-SLEEPER"