npm - @blamejs/exceptd-skills - Versions diffs - 0.15.16 → 0.15.18 - Mend

@blamejs/exceptd-skills 0.15.16 → 0.15.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +8 -0
package/data/_indexes/_meta.json +5 -5
package/data/attack-techniques.json +12 -10
package/data/cve-catalog.json +193 -71
package/data/zeroday-lessons.json +434 -158
package/manifest.json +44 -44
package/package.json +1 -1
package/sbom.cdx.json +18 -18

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,13 @@
 # Changelog
+## 0.15.18 — 2026-05-29
+Draft-curation pass 16 — non-Windows kernel/driver LPE. Seven CISA KEV-listed local-privilege-escalation CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Qualcomm Adreno GPU / chipset flaws (CVE-2026-21385 integer overflow, CVE-2025-21479 and CVE-2025-21480 incorrect-authorization GPU flaws used in Android targeted chains, CVE-2025-27038 use-after-free) and Linux kernel flaws (CVE-2018-14634 "Mutagen Astronomy" integer overflow, CVE-2021-22555 netfilter heap out-of-bounds write, CVE-2023-0386 OverlayFS ownership). All map T1068 (Exploitation for Privilege Escalation). The lessons give platform-correct remediation — Android Security Bulletin OTA updates and MDM-enforced SLAs for the chipset entries, distribution kernel updates or live-patching plus kernel hardening for the Linux entries — and frame these as the escalation half of the attack chain.
+## 0.15.17 — 2026-05-29
+Draft-curation pass 15 — Chromium browser zero-days. Five CISA KEV-listed Google Chromium client-side CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: V8 JavaScript engine flaws (CVE-2025-13223 and CVE-2025-6554 type confusion, CVE-2025-5419 out-of-bounds read/write), a CSS use-after-free (CVE-2026-2441), and an ANGLE/GPU sandbox escape (CVE-2025-6558). All map T1203 (Exploitation for Client Execution); the sandbox-escape entry also maps T1068. The lessons stress same-day Chrome component-updater rollout — not gating browser updates behind a managed change window — as the load-bearing control, since these are weaponized within days in targeted-spyware and watering-hole chains.
 ## 0.15.16 — 2026-05-29
 Draft-curation pass 14 — web-application server-side RCE. Eight CISA KEV-listed unauthenticated web-app CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Kentico Xperience CMS (CVE-2025-2749 path-traversal + file upload, CVE-2025-2746 and CVE-2025-2747 alternate-channel authentication bypasses), Craft CMS code injection (CVE-2025-32432 and the related CVE-2024-56145), Roundcube Webmail deserialization (CVE-2025-49113), and SolarWinds Web Help Desk deserialization (CVE-2025-26399, CVE-2025-40551). All map T1190, with per-class T1059 (code injection / deserialization), T1078 (auth bypass), or T1505.003 (upload → web shell). The lessons stress web-shell hunting and application-secret rotation as required cleanup beyond the patch.

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-29T21:41:35.237Z",
+  "generated_at": "2026-05-29T22:14:58.611Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "1bf79bbc78662fe233ebd4ae9d66a6715054a144dbe6d414f145d6f895b6cdb2",
+    "manifest.json": "175f0a5e81ebf3bbbd46fb769f22bc7fd30488fd7d6711f042277a3506f12b93",
     "data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
-    "data/attack-techniques.json": "ab66fbbc079bec071f9f2d2e92f194ce95289f91a19a188e9d6d0489c4fafb97",
-    "data/cve-catalog.json": "369f3585bd52254f928ed322ab30b1cf3d207fed5d7e3b5c76c4de8cd89dc709",
+    "data/attack-techniques.json": "55986b1d7789325a6c98f80bf7eb376809048a3c4b50614788586560ff8fe26c",
+    "data/cve-catalog.json": "45ecfb7958ef642c8e7b5398463212677ee1ab6791db91320ccf8a27cb384c0c",
     "data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
@@ -15,7 +15,7 @@
     "data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
-    "data/zeroday-lessons.json": "549c3ef8ffd0b42743d9939ef0d2a083acbb6e61f0c6f83b4aac718d4c62e978",
+    "data/zeroday-lessons.json": "55f480045752946919250fef2e090fa556031ee427864e2706725383ec7dc969",
     "skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
     "skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
     "skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",

package/data/attack-techniques.json CHANGED Viewed

@@ -482,19 +482,25 @@
     "version": "v19",
     "cve_refs": [
       "BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
+      "CVE-2018-14634",
       "CVE-2020-17103-REREGRESSION-2026",
+      "CVE-2021-22555",
       "CVE-2021-30952",
       "CVE-2021-43226",
+      "CVE-2023-0386",
       "CVE-2023-36424",
       "CVE-2023-41974",
       "CVE-2023-43000",
       "CVE-2024-0769",
       "CVE-2024-8068",
       "CVE-2025-10725",
+      "CVE-2025-21479",
+      "CVE-2025-21480",
       "CVE-2025-22224",
       "CVE-2025-22225",
       "CVE-2025-24201",
       "CVE-2025-24990",
+      "CVE-2025-27038",
       "CVE-2025-31277",
       "CVE-2025-32701",
       "CVE-2025-38352",
@@ -505,9 +511,11 @@
       "CVE-2025-60710",
       "CVE-2025-62215",
       "CVE-2025-62849",
+      "CVE-2025-6558",
       "CVE-2026-0300",
       "CVE-2026-20122",
       "CVE-2026-20805",
+      "CVE-2026-21385",
       "CVE-2026-31431",
       "CVE-2026-31635",
       "CVE-2026-33825",
@@ -927,7 +935,6 @@
       "CVE-2022-36551",
       "CVE-2022-37055",
       "CVE-2022-40799",
-      "CVE-2023-0386",
       "CVE-2023-21529",
       "CVE-2023-2533",
       "CVE-2023-33538",
@@ -976,7 +983,6 @@
       "CVE-2025-11953",
       "CVE-2025-12480",
       "CVE-2025-12686",
-      "CVE-2025-13223",
       "CVE-2025-14611",
       "CVE-2025-14733",
       "CVE-2025-14847",
@@ -1081,8 +1087,6 @@
       "CVE-2025-64496",
       "CVE-2025-64513",
       "CVE-2025-6543",
-      "CVE-2025-6554",
-      "CVE-2025-6558",
       "CVE-2025-66376",
       "CVE-2025-66644",
       "CVE-2025-67818",
@@ -1316,19 +1320,15 @@
       "CVE-2011-3402",
       "CVE-2013-3918",
       "CVE-2014-3931",
-      "CVE-2018-14634",
       "CVE-2020-9715",
-      "CVE-2021-22555",
       "CVE-2021-30952",
       "CVE-2022-48503",
       "CVE-2023-41974",
       "CVE-2023-43000",
       "CVE-2025-10585",
+      "CVE-2025-13223",
       "CVE-2025-14174",
-      "CVE-2025-21479",
-      "CVE-2025-21480",
       "CVE-2025-24201",
-      "CVE-2025-27038",
       "CVE-2025-31277",
       "CVE-2025-32709",
       "CVE-2025-43200",
@@ -1337,8 +1337,10 @@
       "CVE-2025-43520",
       "CVE-2025-43529",
       "CVE-2025-4919",
+      "CVE-2025-5419",
+      "CVE-2025-6554",
+      "CVE-2025-6558",
       "CVE-2026-20700",
-      "CVE-2026-21385",
       "CVE-2026-2441",
       "CVE-2026-25592",
       "CVE-2026-34621",