npm - @blamejs/exceptd-skills - Versions diffs - 0.15.30 → 0.15.32 - Mend

@blamejs/exceptd-skills 0.15.30 → 0.15.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +8 -0
package/data/_indexes/_meta.json +5 -5
package/data/attack-techniques.json +13 -0
package/data/cve-catalog.json +236 -83
package/data/zeroday-lessons.json +574 -182
package/manifest.json +44 -44
package/package.json +1 -1
package/sbom.cdx.json +18 -18

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,13 @@
 # Changelog
+## 0.15.32 — 2026-05-29
+Draft-curation pass 29 — network devices and edge appliances. Seven CISA KEV-listed unauthenticated CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons, spanning enterprise appliances — F5 BIG-IP stack overflow (CVE-2025-53521), HPE OneView code injection (CVE-2025-37164), Versa Concerto SD-WAN orchestrator authentication bypass (CVE-2025-34026) — and SOHO/embedded devices: ASUS router OS command injection (CVE-2023-39780) and authentication bypass (CVE-2021-32030), Digiever DVR missing authorization (CVE-2023-52163), and Sierra Wireless AirLink ALEOS unrestricted upload (CVE-2018-4063). All map T1190, with per-class T1059, T1078, or T1505.003. The lessons split remediation by device class: enterprise appliances must be rebuilt and re-keyed after compromise, while embedded/SOHO devices — often end-of-life and recruited into botnets — require firmware re-flash or replacement rather than patch-in-place.
+## 0.15.31 — 2026-05-29
+Draft-curation pass 28 — internet-facing server-side web applications. Seven CISA KEV-listed unauthenticated CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: server-side request forgery in GitLab (CVE-2021-22175, CVE-2021-39935) and Omnissa Workspace ONE UEM (CVE-2021-22054), PaperCut NG/MF authentication bypass (CVE-2023-27351), the Adobe Commerce/Magento "SessionReaper" session-takeover flaw (CVE-2025-54236), Adobe Experience Manager Forms code execution (CVE-2025-54253), and Sitecore ViewState deserialization via a known machine key (CVE-2025-53690). All map T1190, with per-class T1059 (code injection/deserialization) or T1078 (auth bypass/session takeover). The lessons separate the SSRF defense (egress filtering and cloud-metadata blocking as compensating controls) from the RCE/auth defense (web-shell hunting, machine-key rotation, and session invalidation beyond the patch).
 ## 0.15.30 — 2026-05-29
 Draft-curation pass 27 — software supply-chain code integrity. Three CISA KEV-listed CVEs where code is trusted without integrity verification are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: the TrueConf client and Notepad++ download code/updates without an integrity check (CVE-2026-3502, CVE-2025-15556), and a Trivy distribution shipped embedded malicious code that runs in the trusted context of the vulnerability scanner (CVE-2026-33634). All map T1195.002 (Compromise Software Supply Chain). The lessons frame the defense as enforced signature and provenance verification — code signing, Sigstore/in-toto, SLSA build provenance, TLS-pinned update channels — rather than patching, and note that response is environment-wide because a compromised updater or scanner reaches every host it runs on.

package/data/_indexes/_meta.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.1.0",
-  "generated_at": "2026-05-30T02:06:48.147Z",
+  "generated_at": "2026-05-30T02:46:03.958Z",
   "generator": "scripts/build-indexes.js",
   "source_count": 54,
   "source_hashes": {
-    "manifest.json": "9d7de7196220da889a9ebb3ef9cec5e01eb13a67df6295a75570b3af0a2e08ec",
+    "manifest.json": "bfb12203bc94fbd39b4c1343556482b87f365f89b77c0df1970ecc3f3f29a5e4",
     "data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
-    "data/attack-techniques.json": "0e1ecaf5f99fbe0a71a3bc95bd7b82fbcdbb0052b61a5a376a0c84aa9e12b29e",
-    "data/cve-catalog.json": "90f39afaa73551b6b747cf24e626265c5b876d7daf97e33783b746e6631cead2",
+    "data/attack-techniques.json": "287890d9363989eae37cc65cc32d2c7daeb9393c7c213c3acd0aa12bc5de6bc7",
+    "data/cve-catalog.json": "da1abcc2d3878253bf38e6bb1924b702e89ca2681aeb586100a85ec39e33ce3f",
     "data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
     "data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
     "data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
@@ -15,7 +15,7 @@
     "data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
     "data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
     "data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
-    "data/zeroday-lessons.json": "6fd07b3518e34880b2ca2b60eb151c673571e68a274ecde7b31b3b3c4b58ab74",
+    "data/zeroday-lessons.json": "78c717b5c3c9dab103447cac53fdacf966449f9e5450bff323967eaefdd4dbca",
     "skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
     "skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
     "skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",

package/data/attack-techniques.json CHANGED Viewed

@@ -276,6 +276,7 @@
       "CVE-2020-25079",
       "CVE-2022-1471",
       "CVE-2023-33538",
+      "CVE-2023-39780",
       "CVE-2023-43654",
       "CVE-2023-44467",
       "CVE-2023-48022",
@@ -321,6 +322,7 @@
       "CVE-2025-33236",
       "CVE-2025-34291",
       "CVE-2025-3466",
+      "CVE-2025-37164",
       "CVE-2025-40551",
       "CVE-2025-4428",
       "CVE-2025-47812",
@@ -329,9 +331,11 @@
       "CVE-2025-49704",
       "CVE-2025-5086",
       "CVE-2025-51480",
+      "CVE-2025-53690",
       "CVE-2025-53773",
       "CVE-2025-54068",
       "CVE-2025-54136",
+      "CVE-2025-54253",
       "CVE-2025-55319",
       "CVE-2025-58034",
       "CVE-2025-60455",
@@ -595,6 +599,7 @@
       "CVE-2023-27351",
       "CVE-2023-43791",
       "CVE-2023-50224",
+      "CVE-2023-52163",
       "CVE-2024-12776",
       "CVE-2024-1709",
       "CVE-2024-27199",
@@ -611,6 +616,7 @@
       "CVE-2025-3935",
       "CVE-2025-4427",
       "CVE-2025-49706",
+      "CVE-2025-54236",
       "CVE-2025-57819",
       "CVE-2025-61757",
       "CVE-2025-6205",
@@ -951,9 +957,13 @@
       "CVE-2020-25078",
       "CVE-2020-25079",
       "CVE-2020-7796",
+      "CVE-2021-22054",
+      "CVE-2021-22175",
       "CVE-2021-22681",
       "CVE-2021-26828",
       "CVE-2021-26829",
+      "CVE-2021-32030",
+      "CVE-2021-39935",
       "CVE-2021-43798",
       "CVE-2022-1471",
       "CVE-2022-20775",
@@ -962,6 +972,7 @@
       "CVE-2022-40799",
       "CVE-2023-21529",
       "CVE-2023-2533",
+      "CVE-2023-27351",
       "CVE-2023-33538",
       "CVE-2023-3519",
       "CVE-2023-39780",
@@ -1051,6 +1062,7 @@
       "CVE-2025-32975",
       "CVE-2025-33053",
       "CVE-2025-33073",
+      "CVE-2025-34026",
       "CVE-2025-34291",
       "CVE-2025-3466",
       "CVE-2025-35939",
@@ -12118,6 +12130,7 @@
     "_auto_imported": true,
     "_intake_method": "mitre-attack-stix",
     "cve_refs": [
+      "CVE-2018-4063",
       "CVE-2021-26828",
       "CVE-2024-1708",
       "CVE-2024-7399",