@blamejs/exceptd-skills 0.15.42 → 0.15.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/data/_indexes/_meta.json +5 -5
- package/data/attack-techniques.json +2 -2
- package/data/cve-catalog.json +32 -12
- package/data/zeroday-lessons.json +88 -32
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +18 -18
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.43 — 2026-05-30
|
|
4
|
+
|
|
5
|
+
Draft-curation pass 40 — supply-chain embedded malicious code. Two CISA KEV-listed CVEs where malicious code shipped through a trusted distribution channel are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: the ASUS Live Update updater (CVE-2025-59374), which executes attacker code in the trusted context of the vendor update utility, and the eslint-config-prettier npm package (CVE-2025-54313), where a maintainer-account compromise published versions carrying a malicious install-time payload that runs on developer and CI machines. Both map T1195.002 (Compromise Software Supply Chain). The lessons frame the defense as enforced signature and provenance verification (code signing, Sigstore/in-toto, SLSA), dependency pinning, and publishing-account protections — not patching — and note that response is environment-wide because the tainted code reaches every host that installed it.
|
|
6
|
+
|
|
3
7
|
## 0.15.42 — 2026-05-29
|
|
4
8
|
|
|
5
9
|
Draft-curation pass 39 — sensitive data exposure. Three CISA KEV-listed CVEs that leak credentials and plaintext data through diagnostic surfaces are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: the two TeleMessage TM SGNL flaws — a core-dump file exposed to an unauthorized control sphere (CVE-2025-48928) and an insecure-default Spring Boot Actuator `/heapdump` endpoint (CVE-2025-48927), which together leaked plaintext messages and credentials from the Signal-clone server — and the Wing FTP error-message disclosure (CVE-2025-47813). All map T1190 and T1552. The lessons make the point that an encryption-in-transit posture is undermined when the server holds and leaks plaintext through memory dumps and diagnostic endpoints, that least-functionality (disabling Actuator and core-dump generation in production) is the durable control, and that response must rotate every exposed secret and treat the disclosed data's confidentiality as already breached — a patch cannot recall data the attacker has.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-30T07:08:37.048Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "970c197defcefa117bffcd713b167e14c90f36506e496794485d7bcb2e1789b0",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "6255e929454291c9f2ab48b600bbedf68a1678c5eb04504e5323a2d6ff5f3e36",
|
|
10
|
+
"data/cve-catalog.json": "6a081bf58b2aafc37b7c297b63edb8bca7db6ee93ec69014d34ab9fc764cbb98",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "5337ae234da930e89a31d185d739f081cd95086223006ae7b5121f1ab7674791",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
@@ -1132,7 +1132,6 @@
|
|
|
1132
1132
|
"CVE-2025-54236",
|
|
1133
1133
|
"CVE-2025-54253",
|
|
1134
1134
|
"CVE-2025-54309",
|
|
1135
|
-
"CVE-2025-54313",
|
|
1136
1135
|
"CVE-2025-54948",
|
|
1137
1136
|
"CVE-2025-55177",
|
|
1138
1137
|
"CVE-2025-55182",
|
|
@@ -1142,7 +1141,6 @@
|
|
|
1142
1141
|
"CVE-2025-58034",
|
|
1143
1142
|
"CVE-2025-58360",
|
|
1144
1143
|
"CVE-2025-59287",
|
|
1145
|
-
"CVE-2025-59374",
|
|
1146
1144
|
"CVE-2025-59389",
|
|
1147
1145
|
"CVE-2025-59689",
|
|
1148
1146
|
"CVE-2025-59718",
|
|
@@ -1325,6 +1323,8 @@
|
|
|
1325
1323
|
"CVE-2025-32434",
|
|
1326
1324
|
"CVE-2025-33236",
|
|
1327
1325
|
"CVE-2025-51480",
|
|
1326
|
+
"CVE-2025-54313",
|
|
1327
|
+
"CVE-2025-59374",
|
|
1328
1328
|
"CVE-2025-8747",
|
|
1329
1329
|
"CVE-2026-31229",
|
|
1330
1330
|
"CVE-2026-33634",
|
package/data/cve-catalog.json
CHANGED
|
@@ -27374,7 +27374,7 @@
|
|
|
27374
27374
|
},
|
|
27375
27375
|
"atlas_refs": [],
|
|
27376
27376
|
"attack_refs": [
|
|
27377
|
-
"
|
|
27377
|
+
"T1195.002"
|
|
27378
27378
|
],
|
|
27379
27379
|
"rwep_score": 77,
|
|
27380
27380
|
"rwep_factors": {
|
|
@@ -27395,7 +27395,7 @@
|
|
|
27395
27395
|
"cwe_refs": [
|
|
27396
27396
|
"CWE-506"
|
|
27397
27397
|
],
|
|
27398
|
-
"source_verified": "2026-05-
|
|
27398
|
+
"source_verified": "2026-05-30",
|
|
27399
27399
|
"verification_sources": [
|
|
27400
27400
|
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
|
|
27401
27401
|
"https://www.npmjs.com/package/eslint-config-prettier?activeTab=versions",
|
|
@@ -27425,11 +27425,21 @@
|
|
|
27425
27425
|
"published_date": "2026-01-22"
|
|
27426
27426
|
}
|
|
27427
27427
|
],
|
|
27428
|
-
"last_updated": "2026-05-
|
|
27428
|
+
"last_updated": "2026-05-30",
|
|
27429
27429
|
"discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2026-01-22; due date 2026-02-12. Notes reference: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https",
|
|
27430
|
-
"_auto_imported":
|
|
27431
|
-
"_intake_method": "
|
|
27432
|
-
"_kev_short_description": "Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows."
|
|
27430
|
+
"_auto_imported": false,
|
|
27431
|
+
"_intake_method": "manual-verified-curation",
|
|
27432
|
+
"_kev_short_description": "Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.",
|
|
27433
|
+
"iocs": {
|
|
27434
|
+
"behavioral": [
|
|
27435
|
+
"A tainted version of eslint-config-prettier (or a sibling package compromised in the same incident) present in a project's lockfile or node_modules.",
|
|
27436
|
+
"The package's install/post-install step executing unexpected code (e.g. launching a Windows DLL/payload) during npm install on developer or CI machines.",
|
|
27437
|
+
"Outbound connections or process execution from an npm install step with no legitimate cause (KEV-confirmed in-the-wild exploitation)."
|
|
27438
|
+
],
|
|
27439
|
+
"_ioc_source_note": "Anchored to NVD CVE-2025-54313, CISA KEV (added 2026-01-22), and the vendor security advisory recorded in vendor_advisories."
|
|
27440
|
+
},
|
|
27441
|
+
"_draft": false,
|
|
27442
|
+
"curation_note": "Promoted from KEV-import draft on 2026-05-30: ATT&CK enrichment (T1195.002 software supply-chain compromise) + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
|
|
27433
27443
|
},
|
|
27434
27444
|
"CVE-2026-20045": {
|
|
27435
27445
|
"name": "Cisco Unified Communications Products Code Injection Vulnerability",
|
|
@@ -28216,7 +28226,7 @@
|
|
|
28216
28226
|
},
|
|
28217
28227
|
"atlas_refs": [],
|
|
28218
28228
|
"attack_refs": [
|
|
28219
|
-
"
|
|
28229
|
+
"T1195.002"
|
|
28220
28230
|
],
|
|
28221
28231
|
"rwep_score": 77,
|
|
28222
28232
|
"rwep_factors": {
|
|
@@ -28237,7 +28247,7 @@
|
|
|
28237
28247
|
"cwe_refs": [
|
|
28238
28248
|
"CWE-506"
|
|
28239
28249
|
],
|
|
28240
|
-
"source_verified": "2026-05-
|
|
28250
|
+
"source_verified": "2026-05-30",
|
|
28241
28251
|
"verification_sources": [
|
|
28242
28252
|
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
|
|
28243
28253
|
"https://www.asus.com/support/faq/1018727/",
|
|
@@ -28266,11 +28276,21 @@
|
|
|
28266
28276
|
"published_date": "2025-12-17"
|
|
28267
28277
|
}
|
|
28268
28278
|
],
|
|
28269
|
-
"last_updated": "2026-05-
|
|
28279
|
+
"last_updated": "2026-05-30",
|
|
28270
28280
|
"discovery_attribution_note": "Bulk-imported from CISA KEV catalog version 2026.05.15. KEV listing date 2025-12-17; due date 2026-01-07. Notes reference: https://www.asus.com/support/faq/1018727/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-59374",
|
|
28271
|
-
"_auto_imported":
|
|
28272
|
-
"_intake_method": "
|
|
28273
|
-
"_kev_short_description": "ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization."
|
|
28281
|
+
"_auto_imported": false,
|
|
28282
|
+
"_intake_method": "manual-verified-curation",
|
|
28283
|
+
"_kev_short_description": "ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.",
|
|
28284
|
+
"iocs": {
|
|
28285
|
+
"behavioral": [
|
|
28286
|
+
"ASUS Live Update installed at a version flagged in the ASUS advisory on an ASUS endpoint.",
|
|
28287
|
+
"The ASUS Live Update process fetching or executing an unexpected/unsigned payload, or behaving anomalously (unexpected outbound connections, unexpected child processes).",
|
|
28288
|
+
"Execution of attacker code in the trusted context of the update utility with no corresponding legitimate ASUS update (KEV-confirmed in-the-wild exploitation)."
|
|
28289
|
+
],
|
|
28290
|
+
"_ioc_source_note": "Anchored to NVD CVE-2025-59374, CISA KEV (added 2025-12-17), and the vendor security advisory recorded in vendor_advisories."
|
|
28291
|
+
},
|
|
28292
|
+
"_draft": false,
|
|
28293
|
+
"curation_note": "Promoted from KEV-import draft on 2026-05-30: ATT&CK enrichment (T1195.002 software supply-chain compromise) + IOCs derived from the CWE/product, and a matching zero-day lesson added. CVSS/KEV/vendor_advisories retained from the verified import."
|
|
28274
28294
|
},
|
|
28275
28295
|
"CVE-2025-40602": {
|
|
28276
28296
|
"name": "SonicWall SMA1000 Missing Authorization Vulnerability",
|
|
@@ -14753,35 +14753,63 @@
|
|
|
14753
14753
|
},
|
|
14754
14754
|
"CVE-2025-54313": {
|
|
14755
14755
|
"name": "Prettier eslint-config-prettier Embedded Malicious Code Vulnerability",
|
|
14756
|
-
"lesson_date": "2026-05-
|
|
14756
|
+
"lesson_date": "2026-05-30",
|
|
14757
14757
|
"attack_vector": {
|
|
14758
|
-
"description": "
|
|
14759
|
-
"privileges_required": "
|
|
14760
|
-
"complexity": "
|
|
14761
|
-
"ai_factor": "
|
|
14758
|
+
"description": "embedded malicious code (CWE-506) published in compromised versions of the eslint-config-prettier npm package (maintainer-account compromise), executing on developer and CI machines that installed the tainted versions. CISA KEV-listed 2026-01-22 with confirmed in-the-wild exploitation.",
|
|
14759
|
+
"privileges_required": "none (the malicious code is delivered through a trusted update channel or package; no authentication to the victim is required)",
|
|
14760
|
+
"complexity": "low — KEV-listed, actively exploited; treat as weaponized",
|
|
14761
|
+
"ai_factor": "No AI involvement documented in discovery or weaponization."
|
|
14762
|
+
},
|
|
14763
|
+
"defense_chain": {
|
|
14764
|
+
"prevention": {
|
|
14765
|
+
"what_would_have_worked": "Enforce cryptographic integrity and provenance verification on all installed/updated code (code signing with verification, Sigstore/in-toto, SLSA provenance), pin dependencies to verified versions, and require multi-factor and review gates on package-publishing/maintainer accounts.",
|
|
14766
|
+
"was_this_required": true,
|
|
14767
|
+
"framework_requiring_it": "NIST 800-53 SR-11 / NIST SSDF 800-218 / SLSA",
|
|
14768
|
+
"adequacy": "Signature and provenance verification is the definitive control; the compromise succeeded precisely because the trusted channel was trusted without independent verification."
|
|
14769
|
+
},
|
|
14770
|
+
"detection": {
|
|
14771
|
+
"what_would_have_worked": "Monitoring for unexpected install/post-install script execution and outbound connections during npm install on developer/CI machines, and version-pinning alerts on dependency changes.",
|
|
14772
|
+
"was_this_required": false,
|
|
14773
|
+
"framework_requiring_it": null,
|
|
14774
|
+
"adequacy": "Necessary because supply-chain compromise runs in a trusted context — the anomaly is the unexpected code execution alongside the legitimate tool."
|
|
14775
|
+
},
|
|
14776
|
+
"response": {
|
|
14777
|
+
"what_would_have_worked": "Pin and upgrade to a clean eslint-config-prettier version, delete node_modules and reinstall from a verified lockfile, rotate any credentials reachable from developer/CI machines that installed the tainted version, and verify build artifacts produced during the exposure window.",
|
|
14778
|
+
"was_this_required": true,
|
|
14779
|
+
"framework_requiring_it": "NIST 800-53 IR-4",
|
|
14780
|
+
"adequacy": "Mandatory; supply-chain compromise propagates through every host that installed the tainted code, so response is environment-wide and includes build-artifact verification."
|
|
14781
|
+
}
|
|
14762
14782
|
},
|
|
14763
14783
|
"framework_coverage": {
|
|
14764
|
-
"NIST-800-53-
|
|
14784
|
+
"NIST-800-53-SR-11": {
|
|
14765
14785
|
"covered": true,
|
|
14766
14786
|
"adequate": false,
|
|
14767
|
-
"gap": "
|
|
14787
|
+
"gap": "Component authenticity / anti-counterfeit is named, but verification is not enforced at install/update time — the tainted code shipped through a trusted channel without consumer-side signature/provenance verification, so the control is paper unless signed-artifact verification (Sigstore/in-toto) is mandated."
|
|
14768
14788
|
},
|
|
14769
|
-
"
|
|
14789
|
+
"NIST-SSDF-800-218-PS.2": {
|
|
14770
14790
|
"covered": true,
|
|
14771
14791
|
"adequate": false,
|
|
14772
|
-
"gap": "
|
|
14792
|
+
"gap": "The SSDF calls for protecting release integrity and providing provenance, but downstream consumers had no enforced way to verify it; without signed releases plus provenance a consumer cannot detect maliciously-published or substituted code."
|
|
14793
|
+
},
|
|
14794
|
+
"SLSA-build-provenance": {
|
|
14795
|
+
"covered": true,
|
|
14796
|
+
"adequate": false,
|
|
14797
|
+
"gap": "SLSA build provenance and signed releases would let a consumer detect a maliciously-published version; absent enforced verification at the install/update step, a compromised maintainer account or update channel propagates the malicious code unchecked."
|
|
14798
|
+
},
|
|
14799
|
+
"EU-CRA-secure-update": {
|
|
14800
|
+
"covered": true,
|
|
14801
|
+
"adequate": false,
|
|
14802
|
+
"gap": "The EU Cyber Resilience Act requires secure update mechanisms and shipping without known exploitable defects; an update channel or package registry that ships embedded malicious code violates the secure-update and integrity expectations."
|
|
14773
14803
|
}
|
|
14774
14804
|
},
|
|
14775
14805
|
"compliance_exposure_score": {
|
|
14776
|
-
"percent_audit_passing_orgs_still_exposed":
|
|
14777
|
-
"basis": "
|
|
14778
|
-
"theater_pattern": "
|
|
14806
|
+
"percent_audit_passing_orgs_still_exposed": 78,
|
|
14807
|
+
"basis": "eslint-config-prettier (npm) is trusted by default; audited organizations that install vendor updates or npm dependencies without enforcing signature/provenance verification or pinning are exposed to maliciously-published code, and the compromise reaches every host that installed it.",
|
|
14808
|
+
"theater_pattern": "maintainer_account_integrity_assumed_without_evidence"
|
|
14779
14809
|
},
|
|
14780
14810
|
"ai_discovered_zeroday": false,
|
|
14781
|
-
"ai_discovery_source": "
|
|
14782
|
-
"ai_assist_factor": "none"
|
|
14783
|
-
"_auto_imported": true,
|
|
14784
|
-
"_intake_method": "v0.13.17-bulk-cisa-kev-import"
|
|
14811
|
+
"ai_discovery_source": "vendor_research",
|
|
14812
|
+
"ai_assist_factor": "none"
|
|
14785
14813
|
},
|
|
14786
14814
|
"CVE-2026-20045": {
|
|
14787
14815
|
"name": "Cisco Unified Communications Products Code Injection Vulnerability",
|
|
@@ -15195,35 +15223,63 @@
|
|
|
15195
15223
|
},
|
|
15196
15224
|
"CVE-2025-59374": {
|
|
15197
15225
|
"name": "ASUS Live Update Embedded Malicious Code Vulnerability",
|
|
15198
|
-
"lesson_date": "2026-05-
|
|
15226
|
+
"lesson_date": "2026-05-30",
|
|
15199
15227
|
"attack_vector": {
|
|
15200
|
-
"description": "
|
|
15201
|
-
"privileges_required": "
|
|
15202
|
-
"complexity": "
|
|
15203
|
-
"ai_factor": "
|
|
15228
|
+
"description": "embedded malicious code (CWE-506) in the ASUS Live Update software/update channel, executing on the ASUS endpoint in the trusted context of the vendor update utility. CISA KEV-listed 2025-12-17 with confirmed in-the-wild exploitation.",
|
|
15229
|
+
"privileges_required": "none (the malicious code is delivered through a trusted update channel or package; no authentication to the victim is required)",
|
|
15230
|
+
"complexity": "low — KEV-listed, actively exploited; treat as weaponized",
|
|
15231
|
+
"ai_factor": "No AI involvement documented in discovery or weaponization."
|
|
15232
|
+
},
|
|
15233
|
+
"defense_chain": {
|
|
15234
|
+
"prevention": {
|
|
15235
|
+
"what_would_have_worked": "Enforce cryptographic integrity and provenance verification on all installed/updated code (code signing with verification, Sigstore/in-toto, SLSA provenance), pin dependencies to verified versions, and require multi-factor and review gates on package-publishing/maintainer accounts.",
|
|
15236
|
+
"was_this_required": true,
|
|
15237
|
+
"framework_requiring_it": "NIST 800-53 SR-11 / NIST SSDF 800-218 / SLSA",
|
|
15238
|
+
"adequacy": "Signature and provenance verification is the definitive control; the compromise succeeded precisely because the trusted channel was trusted without independent verification."
|
|
15239
|
+
},
|
|
15240
|
+
"detection": {
|
|
15241
|
+
"what_would_have_worked": "Monitoring for the update utility fetching/executing unsigned payloads and behaving anomalously, and version-pinning alerts on dependency changes.",
|
|
15242
|
+
"was_this_required": false,
|
|
15243
|
+
"framework_requiring_it": null,
|
|
15244
|
+
"adequacy": "Necessary because supply-chain compromise runs in a trusted context — the anomaly is the unexpected code execution alongside the legitimate tool."
|
|
15245
|
+
},
|
|
15246
|
+
"response": {
|
|
15247
|
+
"what_would_have_worked": "Remove or upgrade ASUS Live Update to a known-good signed version, verify the update-channel integrity, and audit ASUS endpoints that ran the tainted updater for follow-on payloads and credential theft.",
|
|
15248
|
+
"was_this_required": true,
|
|
15249
|
+
"framework_requiring_it": "NIST 800-53 IR-4",
|
|
15250
|
+
"adequacy": "Mandatory; supply-chain compromise propagates through every host that installed the tainted code, so response is environment-wide and includes build-artifact verification."
|
|
15251
|
+
}
|
|
15204
15252
|
},
|
|
15205
15253
|
"framework_coverage": {
|
|
15206
|
-
"NIST-800-53-
|
|
15254
|
+
"NIST-800-53-SR-11": {
|
|
15207
15255
|
"covered": true,
|
|
15208
15256
|
"adequate": false,
|
|
15209
|
-
"gap": "
|
|
15257
|
+
"gap": "Component authenticity / anti-counterfeit is named, but verification is not enforced at install/update time — the tainted code shipped through a trusted channel without consumer-side signature/provenance verification, so the control is paper unless signed-artifact verification (Sigstore/in-toto) is mandated."
|
|
15210
15258
|
},
|
|
15211
|
-
"
|
|
15259
|
+
"NIST-SSDF-800-218-PS.2": {
|
|
15212
15260
|
"covered": true,
|
|
15213
15261
|
"adequate": false,
|
|
15214
|
-
"gap": "
|
|
15262
|
+
"gap": "The SSDF calls for protecting release integrity and providing provenance, but downstream consumers had no enforced way to verify it; without signed releases plus provenance a consumer cannot detect maliciously-published or substituted code."
|
|
15263
|
+
},
|
|
15264
|
+
"SLSA-build-provenance": {
|
|
15265
|
+
"covered": true,
|
|
15266
|
+
"adequate": false,
|
|
15267
|
+
"gap": "SLSA build provenance and signed releases would let a consumer detect a maliciously-published version; absent enforced verification at the install/update step, a compromised maintainer account or update channel propagates the malicious code unchecked."
|
|
15268
|
+
},
|
|
15269
|
+
"EU-CRA-secure-update": {
|
|
15270
|
+
"covered": true,
|
|
15271
|
+
"adequate": false,
|
|
15272
|
+
"gap": "The EU Cyber Resilience Act requires secure update mechanisms and shipping without known exploitable defects; an update channel or package registry that ships embedded malicious code violates the secure-update and integrity expectations."
|
|
15215
15273
|
}
|
|
15216
15274
|
},
|
|
15217
15275
|
"compliance_exposure_score": {
|
|
15218
|
-
"percent_audit_passing_orgs_still_exposed":
|
|
15219
|
-
"basis": "
|
|
15220
|
-
"theater_pattern": "
|
|
15276
|
+
"percent_audit_passing_orgs_still_exposed": 78,
|
|
15277
|
+
"basis": "ASUS Live Update is trusted by default; audited organizations that install vendor updates or npm dependencies without enforcing signature/provenance verification or pinning are exposed to maliciously-published code, and the compromise reaches every host that installed it.",
|
|
15278
|
+
"theater_pattern": "update_channel_integrity_unverified"
|
|
15221
15279
|
},
|
|
15222
15280
|
"ai_discovered_zeroday": false,
|
|
15223
|
-
"ai_discovery_source": "
|
|
15224
|
-
"ai_assist_factor": "none"
|
|
15225
|
-
"_auto_imported": true,
|
|
15226
|
-
"_intake_method": "v0.13.17-bulk-cisa-kev-import"
|
|
15281
|
+
"ai_discovery_source": "vendor_research",
|
|
15282
|
+
"ai_assist_factor": "none"
|
|
15227
15283
|
},
|
|
15228
15284
|
"CVE-2025-40602": {
|
|
15229
15285
|
"name": "SonicWall SMA1000 Missing Authorization Vulnerability",
|
package/manifest.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "exceptd-security",
|
|
3
|
-
"version": "0.15.
|
|
3
|
+
"version": "0.15.43",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
|
|
5
5
|
"homepage": "https://exceptd.com",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -53,7 +53,7 @@
|
|
|
53
53
|
],
|
|
54
54
|
"last_threat_review": "2026-05-15",
|
|
55
55
|
"signature": "0H+JfyUVmo/pVFEi5rLENATHjlukPVUqnOWmNPEH77wm8svKGK0aNJ46k6QU5GdHb8c9X9pVJKiuhON6AxDjDw==",
|
|
56
|
-
"signed_at": "2026-05-
|
|
56
|
+
"signed_at": "2026-05-30T07:05:14.670Z",
|
|
57
57
|
"cwe_refs": [
|
|
58
58
|
"CWE-125",
|
|
59
59
|
"CWE-362",
|
|
@@ -123,7 +123,7 @@
|
|
|
123
123
|
],
|
|
124
124
|
"last_threat_review": "2026-05-17",
|
|
125
125
|
"signature": "PHwHEsoy7ctBYOtlAfAdCDVfsq2Bpk9+qESSF+5dVkDcez2zp2v9Ihsv2vqMEs3QxMndyQ+t7NVezyt5VamSCg==",
|
|
126
|
-
"signed_at": "2026-05-
|
|
126
|
+
"signed_at": "2026-05-30T07:05:14.672Z",
|
|
127
127
|
"cwe_refs": [
|
|
128
128
|
"CWE-1039",
|
|
129
129
|
"CWE-1426",
|
|
@@ -196,7 +196,7 @@
|
|
|
196
196
|
],
|
|
197
197
|
"last_threat_review": "2026-05-17",
|
|
198
198
|
"signature": "dD4p7lcRtMyfITOncqLkpOeMy6x6gM0V7UlWHgLEdcxqODb1s75ar1cBtTqDWPbMv6ZAzVo2HJLDK1hVjjU2AQ==",
|
|
199
|
-
"signed_at": "2026-05-
|
|
199
|
+
"signed_at": "2026-05-30T07:05:14.672Z",
|
|
200
200
|
"cwe_refs": [
|
|
201
201
|
"CWE-22",
|
|
202
202
|
"CWE-345",
|
|
@@ -248,7 +248,7 @@
|
|
|
248
248
|
"framework_gaps": [],
|
|
249
249
|
"last_threat_review": "2026-05-22",
|
|
250
250
|
"signature": "wsw8Mlr/gyw6S7Iaao9BVHdU5LFPWl8WVymW17Lkq9J1Mui0+fCrTg6UbrsaeE3s7EW3TVgzBuK+8EFd1+H5AA==",
|
|
251
|
-
"signed_at": "2026-05-
|
|
251
|
+
"signed_at": "2026-05-30T07:05:14.673Z"
|
|
252
252
|
},
|
|
253
253
|
{
|
|
254
254
|
"name": "compliance-theater",
|
|
@@ -279,7 +279,7 @@
|
|
|
279
279
|
],
|
|
280
280
|
"last_threat_review": "2026-05-22",
|
|
281
281
|
"signature": "uVTc1QRKOKcIVDajBz+q2egjiEAyOQaDNsvVI2ghj5FD0VvquoUBBE5Naca2FkaZa790EHWCsVZ4hhdaSQs2DQ==",
|
|
282
|
-
"signed_at": "2026-05-
|
|
282
|
+
"signed_at": "2026-05-30T07:05:14.673Z"
|
|
283
283
|
},
|
|
284
284
|
{
|
|
285
285
|
"name": "exploit-scoring",
|
|
@@ -308,7 +308,7 @@
|
|
|
308
308
|
],
|
|
309
309
|
"last_threat_review": "2026-05-18",
|
|
310
310
|
"signature": "QuNpwnZ6HkCEAXTPC/jLbXSmMIc1JnBczqZAAIZmZj8OcEMVnw9mJYAnU3CxaEI7rvbcMkN2uS5E8yUCm/NiAg==",
|
|
311
|
-
"signed_at": "2026-05-
|
|
311
|
+
"signed_at": "2026-05-30T07:05:14.674Z"
|
|
312
312
|
},
|
|
313
313
|
{
|
|
314
314
|
"name": "rag-pipeline-security",
|
|
@@ -345,7 +345,7 @@
|
|
|
345
345
|
],
|
|
346
346
|
"last_threat_review": "2026-05-22",
|
|
347
347
|
"signature": "5rw2i39SxY2WphBbDLEP28wufnbPPE9+PWt54hmaGdwHXr9RLiVt5liL/5xp14sehlVgFsfpR/bg9vy//xV0DA==",
|
|
348
|
-
"signed_at": "2026-05-
|
|
348
|
+
"signed_at": "2026-05-30T07:05:14.674Z",
|
|
349
349
|
"cwe_refs": [
|
|
350
350
|
"CWE-1395",
|
|
351
351
|
"CWE-1426"
|
|
@@ -405,7 +405,7 @@
|
|
|
405
405
|
],
|
|
406
406
|
"last_threat_review": "2026-05-17",
|
|
407
407
|
"signature": "Vqu49nzntFWjn9A/QeJzm7q/2xk/cZJ6HFQKtiNi1zgcxzXKm+MlFdkaLgYHWj5/9HJohxyIDyBJQTvcJ20eDQ==",
|
|
408
|
-
"signed_at": "2026-05-
|
|
408
|
+
"signed_at": "2026-05-30T07:05:14.674Z",
|
|
409
409
|
"d3fend_refs": [
|
|
410
410
|
"D3-CA",
|
|
411
411
|
"D3-CSPP",
|
|
@@ -440,7 +440,7 @@
|
|
|
440
440
|
"framework_gaps": [],
|
|
441
441
|
"last_threat_review": "2026-05-22",
|
|
442
442
|
"signature": "W87VdyVdAxAdcRI6P/8StaV+MS8ZSPKM9HOCK9n/bBO6BM3ZSE3uImVoyJVpAXQlUpUGN+A3lCJZXv64LuxwDg==",
|
|
443
|
-
"signed_at": "2026-05-
|
|
443
|
+
"signed_at": "2026-05-30T07:05:14.675Z",
|
|
444
444
|
"cwe_refs": [
|
|
445
445
|
"CWE-1188"
|
|
446
446
|
],
|
|
@@ -474,7 +474,7 @@
|
|
|
474
474
|
"framework_gaps": [],
|
|
475
475
|
"last_threat_review": "2026-05-18",
|
|
476
476
|
"signature": "wdVX+edeNekpaIldqkhvtraV6DquLvIsKAjuZVwPQYn3l1vS99HXuFxmNsD7UeMlO3qgC6Dysfsto9EnuH0RBg==",
|
|
477
|
-
"signed_at": "2026-05-
|
|
477
|
+
"signed_at": "2026-05-30T07:05:14.675Z",
|
|
478
478
|
"forward_watch": [
|
|
479
479
|
"New AI attack classes as ATLAS v6 publishes",
|
|
480
480
|
"Post-quantum adversary capability timeline",
|
|
@@ -513,7 +513,7 @@
|
|
|
513
513
|
"framework_gaps": [],
|
|
514
514
|
"last_threat_review": "2026-05-01",
|
|
515
515
|
"signature": "b5miTiY0cnxETd2btxorfZBdJKt/fLnQx20sGYUb9zEqGqtm0LMLpghkW68j4/9k48KNyuGMtNWiKTSnodUGBw==",
|
|
516
|
-
"signed_at": "2026-05-
|
|
516
|
+
"signed_at": "2026-05-30T07:05:14.675Z"
|
|
517
517
|
},
|
|
518
518
|
{
|
|
519
519
|
"name": "zeroday-gap-learn",
|
|
@@ -540,7 +540,7 @@
|
|
|
540
540
|
"framework_gaps": [],
|
|
541
541
|
"last_threat_review": "2026-05-18",
|
|
542
542
|
"signature": "xbkip0AQtWQKAu+O6r/gYECNjezS6O9k9xkkJsYbMlr+j8CdqH3p5/0l+GZmDidImRC/DL07GCnKrk9HRR/yDQ==",
|
|
543
|
-
"signed_at": "2026-05-
|
|
543
|
+
"signed_at": "2026-05-30T07:05:14.676Z",
|
|
544
544
|
"forward_watch": [
|
|
545
545
|
"New CISA KEV entries",
|
|
546
546
|
"New ATLAS TTP additions in each ATLAS release",
|
|
@@ -604,7 +604,7 @@
|
|
|
604
604
|
],
|
|
605
605
|
"last_threat_review": "2026-05-22",
|
|
606
606
|
"signature": "li2NnC1oeVIr22ComP5QbcQoh5xpWITuaKpza1s2SsUkH6kGnnt4wFfFAzaC1ORmH9x2cr8hN8kaNANG/eIMBQ==",
|
|
607
|
-
"signed_at": "2026-05-
|
|
607
|
+
"signed_at": "2026-05-30T07:05:14.676Z",
|
|
608
608
|
"cwe_refs": [
|
|
609
609
|
"CWE-327"
|
|
610
610
|
],
|
|
@@ -652,7 +652,7 @@
|
|
|
652
652
|
],
|
|
653
653
|
"last_threat_review": "2026-05-22",
|
|
654
654
|
"signature": "sZHlJ7ueHPdtzVbR+yXQ5+wKgNyjWsa1LKVg9aWTmg/Onl71DvEILMyJiLpPQjseT56Mnr1DMYJE8xOGlffBAw==",
|
|
655
|
-
"signed_at": "2026-05-
|
|
655
|
+
"signed_at": "2026-05-30T07:05:14.676Z"
|
|
656
656
|
},
|
|
657
657
|
{
|
|
658
658
|
"name": "security-maturity-tiers",
|
|
@@ -689,7 +689,7 @@
|
|
|
689
689
|
],
|
|
690
690
|
"last_threat_review": "2026-05-01",
|
|
691
691
|
"signature": "3AwFnEJu6DukPPNep/3SnuPWEuV060fJEQIwThFm7ujmdbFk0/Ii0XwGv1dkvbbK7ymMdOQpp35l4aLONAucDA==",
|
|
692
|
-
"signed_at": "2026-05-
|
|
692
|
+
"signed_at": "2026-05-30T07:05:14.677Z",
|
|
693
693
|
"cwe_refs": [
|
|
694
694
|
"CWE-1188"
|
|
695
695
|
]
|
|
@@ -724,7 +724,7 @@
|
|
|
724
724
|
"framework_gaps": [],
|
|
725
725
|
"last_threat_review": "2026-05-11",
|
|
726
726
|
"signature": "iJWevUBurLvt2v8X+Ch2eHmZkPWpKeAtIpxTIP4MwbUHyco3igDeBywJCyaR2vURYRx8LkzzIMM8DxQM4LAXBQ==",
|
|
727
|
-
"signed_at": "2026-05-
|
|
727
|
+
"signed_at": "2026-05-30T07:05:14.677Z"
|
|
728
728
|
},
|
|
729
729
|
{
|
|
730
730
|
"name": "attack-surface-pentest",
|
|
@@ -796,7 +796,7 @@
|
|
|
796
796
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — Microsoft Edge 4-bug sandbox escape by Orange Tsai (DEVCORE); forward-watch only (browser sandbox, out of current playbook scope); track Microsoft Edge security advisory and KEV add"
|
|
797
797
|
],
|
|
798
798
|
"signature": "C7lv65/Ecm8JJgSKxrX5lxx0YFzKWtrIQSKp+vy50I5e8945s1JmifGUUrnQwRQhq/Pkv7EmfiH5XSO8h75bDg==",
|
|
799
|
-
"signed_at": "2026-05-
|
|
799
|
+
"signed_at": "2026-05-30T07:05:14.677Z"
|
|
800
800
|
},
|
|
801
801
|
{
|
|
802
802
|
"name": "fuzz-testing-strategy",
|
|
@@ -856,7 +856,7 @@
|
|
|
856
856
|
"OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
|
|
857
857
|
],
|
|
858
858
|
"signature": "dJB0iAstIUbyny+udl3OIkaLScEmqS97LNP73yQ8mxt+0bcqxZjpfXaWLzLuIQblGYvUvz75/H6rO2EJuGd4AQ==",
|
|
859
|
-
"signed_at": "2026-05-
|
|
859
|
+
"signed_at": "2026-05-30T07:05:14.678Z"
|
|
860
860
|
},
|
|
861
861
|
{
|
|
862
862
|
"name": "dlp-gap-analysis",
|
|
@@ -931,7 +931,7 @@
|
|
|
931
931
|
"Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
|
|
932
932
|
],
|
|
933
933
|
"signature": "KEAoMji3VcPX/ZXXqVe6OStxSkTssfY9fIRPyPcDYqh50GzOFQ6koNOTBVAiWOvjDjQ38g12xun5srbqgmvRAw==",
|
|
934
|
-
"signed_at": "2026-05-
|
|
934
|
+
"signed_at": "2026-05-30T07:05:14.678Z"
|
|
935
935
|
},
|
|
936
936
|
{
|
|
937
937
|
"name": "supply-chain-integrity",
|
|
@@ -1010,7 +1010,7 @@
|
|
|
1010
1010
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Megatron Bridge path traversal by haehae; AI training-stack file-system trust boundary; track patch and SBOM-attestation impact"
|
|
1011
1011
|
],
|
|
1012
1012
|
"signature": "UY3tBi0n1K/OtSrWPkHcOCSuHEwKuPmRqGIf3MyPVXGWS72elGTWGXt4AN/uStLmefeEody1LuhnJR9PWjr4Cg==",
|
|
1013
|
-
"signed_at": "2026-05-
|
|
1013
|
+
"signed_at": "2026-05-30T07:05:14.678Z"
|
|
1014
1014
|
},
|
|
1015
1015
|
{
|
|
1016
1016
|
"name": "defensive-countermeasure-mapping",
|
|
@@ -1067,7 +1067,7 @@
|
|
|
1067
1067
|
],
|
|
1068
1068
|
"last_threat_review": "2026-05-11",
|
|
1069
1069
|
"signature": "Qe0Hg9BrX3Zm5pj0n2z/oiHbAXWdA2Dq461zc4izkkUjEX2CZ02rODjCI2ELbrVOU3GC7edxqAxA+5U/ObnHDQ==",
|
|
1070
|
-
"signed_at": "2026-05-
|
|
1070
|
+
"signed_at": "2026-05-30T07:05:14.678Z"
|
|
1071
1071
|
},
|
|
1072
1072
|
{
|
|
1073
1073
|
"name": "identity-assurance",
|
|
@@ -1134,7 +1134,7 @@
|
|
|
1134
1134
|
"d3fend_refs": [],
|
|
1135
1135
|
"last_threat_review": "2026-05-11",
|
|
1136
1136
|
"signature": "UV3458QXSkEpenzrOmdlTTfPHUD4hNyKMDHoeZDq/kiFb4mAG0ghQGTTgI9Ru8cJbSmYM1++m9N5TFIJ6JJPBg==",
|
|
1137
|
-
"signed_at": "2026-05-
|
|
1137
|
+
"signed_at": "2026-05-30T07:05:14.679Z"
|
|
1138
1138
|
},
|
|
1139
1139
|
{
|
|
1140
1140
|
"name": "ot-ics-security",
|
|
@@ -1190,7 +1190,7 @@
|
|
|
1190
1190
|
"d3fend_refs": [],
|
|
1191
1191
|
"last_threat_review": "2026-05-11",
|
|
1192
1192
|
"signature": "kIVzsPsJ72PzzWQwTuvjoHHoVEDCday5I52M9ohjB3/Ak+zlA8oyWLO/BKb/XuYY4fOApjfxTErSWv5uHQ2zDw==",
|
|
1193
|
-
"signed_at": "2026-05-
|
|
1193
|
+
"signed_at": "2026-05-30T07:05:14.679Z"
|
|
1194
1194
|
},
|
|
1195
1195
|
{
|
|
1196
1196
|
"name": "coordinated-vuln-disclosure",
|
|
@@ -1242,7 +1242,7 @@
|
|
|
1242
1242
|
"NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
|
|
1243
1243
|
],
|
|
1244
1244
|
"signature": "bWr27Q1uN9xCe1ib4QulszBa7YIDNkGqo72k5nm2cK98LyPblicD+sO9MnGckAyB22BTN/cIB+FwFMcI5IxvBw==",
|
|
1245
|
-
"signed_at": "2026-05-
|
|
1245
|
+
"signed_at": "2026-05-30T07:05:14.679Z"
|
|
1246
1246
|
},
|
|
1247
1247
|
{
|
|
1248
1248
|
"name": "threat-modeling-methodology",
|
|
@@ -1292,7 +1292,7 @@
|
|
|
1292
1292
|
"PASTA v2 updates incorporating AI/ML application threats"
|
|
1293
1293
|
],
|
|
1294
1294
|
"signature": "Q854yzLqXdOazc6EyQbZzgAlivuq2vGFDVUCrxSldSvx/HX/ZM/uzmJyP7aBG7ZsMHxj6Lmj/H82YQoo1e+NCQ==",
|
|
1295
|
-
"signed_at": "2026-05-
|
|
1295
|
+
"signed_at": "2026-05-30T07:05:14.680Z"
|
|
1296
1296
|
},
|
|
1297
1297
|
{
|
|
1298
1298
|
"name": "webapp-security",
|
|
@@ -1366,7 +1366,7 @@
|
|
|
1366
1366
|
"d3fend_refs": [],
|
|
1367
1367
|
"last_threat_review": "2026-05-11",
|
|
1368
1368
|
"signature": "4ccahkJpGJZtwD7EBpnGcN0sEGPMEw8eqV+tvePVS04YAkLgYVWtlkasI/8n0be9xB+77x+Sjj3kIi2j2Lf9CA==",
|
|
1369
|
-
"signed_at": "2026-05-
|
|
1369
|
+
"signed_at": "2026-05-30T07:05:14.680Z",
|
|
1370
1370
|
"forward_watch": [
|
|
1371
1371
|
"NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; AI-assisted discovery angle; track for active-exploitation confirmation and patch advisory affecting front-door web app deployments"
|
|
1372
1372
|
]
|
|
@@ -1419,7 +1419,7 @@
|
|
|
1419
1419
|
"d3fend_refs": [],
|
|
1420
1420
|
"last_threat_review": "2026-05-15",
|
|
1421
1421
|
"signature": "SBB7c3wNYfIdkyOp4g4nW0WP7xS+YokMzg32aaeJdbf14LTGQRzQUvSqb2TCj2HFUSHESOyKT1JpkAfyHLSQBQ==",
|
|
1422
|
-
"signed_at": "2026-05-
|
|
1422
|
+
"signed_at": "2026-05-30T07:05:14.680Z"
|
|
1423
1423
|
},
|
|
1424
1424
|
{
|
|
1425
1425
|
"name": "sector-healthcare",
|
|
@@ -1479,7 +1479,7 @@
|
|
|
1479
1479
|
"d3fend_refs": [],
|
|
1480
1480
|
"last_threat_review": "2026-05-11",
|
|
1481
1481
|
"signature": "U04GNLyRas1VmfEsB8khH4iqFZPwx96sPY0Kw9iVsSPU+KTeEFqwgtWK1X1pzgb+T16Pc7HSrCaXDOpTFvQEDw==",
|
|
1482
|
-
"signed_at": "2026-05-
|
|
1482
|
+
"signed_at": "2026-05-30T07:05:14.681Z"
|
|
1483
1483
|
},
|
|
1484
1484
|
{
|
|
1485
1485
|
"name": "sector-financial",
|
|
@@ -1560,7 +1560,7 @@
|
|
|
1560
1560
|
"TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
|
|
1561
1561
|
],
|
|
1562
1562
|
"signature": "QFKM76TdR408niqvDmF95HmmQuVmu9bLjOoQ9ydoBNPVOfFmF3AcpCv7zNWlLdLa2ZLxFqiBcND2qt9VDUn2Dg==",
|
|
1563
|
-
"signed_at": "2026-05-
|
|
1563
|
+
"signed_at": "2026-05-30T07:05:14.681Z"
|
|
1564
1564
|
},
|
|
1565
1565
|
{
|
|
1566
1566
|
"name": "sector-federal-government",
|
|
@@ -1629,7 +1629,7 @@
|
|
|
1629
1629
|
"Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
|
|
1630
1630
|
],
|
|
1631
1631
|
"signature": "C9c3JuBhUbwcb7uZpDdy+PNT8sYmYIxzD4uRHu421ePW1aSFJ8fkMvuTzSO8vD/F/jOOg5opM4kov/xSAn+qCg==",
|
|
1632
|
-
"signed_at": "2026-05-
|
|
1632
|
+
"signed_at": "2026-05-30T07:05:14.682Z"
|
|
1633
1633
|
},
|
|
1634
1634
|
{
|
|
1635
1635
|
"name": "sector-energy",
|
|
@@ -1694,7 +1694,7 @@
|
|
|
1694
1694
|
"ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
|
|
1695
1695
|
],
|
|
1696
1696
|
"signature": "oz8Q5WVaY8au4IjbaZahx/DSaC00Q44ylSL3mDkTerCEpW/EyPUeiLeGxSrWxBCwVFEKSSJvnhJjhvX5lDPcCg==",
|
|
1697
|
-
"signed_at": "2026-05-
|
|
1697
|
+
"signed_at": "2026-05-30T07:05:14.682Z"
|
|
1698
1698
|
},
|
|
1699
1699
|
{
|
|
1700
1700
|
"name": "sector-telecom",
|
|
@@ -1780,7 +1780,7 @@
|
|
|
1780
1780
|
"O-RAN SFG / WG11 security specifications"
|
|
1781
1781
|
],
|
|
1782
1782
|
"signature": "NAtyzfLPXlUuB78Snb9nWmbZalC1CNlIYN9rYhdEmtB/xQGC6vVnThgrEAHlm7v/jMCFuknvEpUHKdscUnUADw==",
|
|
1783
|
-
"signed_at": "2026-05-
|
|
1783
|
+
"signed_at": "2026-05-30T07:05:14.682Z"
|
|
1784
1784
|
},
|
|
1785
1785
|
{
|
|
1786
1786
|
"name": "api-security",
|
|
@@ -1849,7 +1849,7 @@
|
|
|
1849
1849
|
"d3fend_refs": [],
|
|
1850
1850
|
"last_threat_review": "2026-05-18",
|
|
1851
1851
|
"signature": "1UTjZNC5Lyrgw93LAizdXVeSmv3jS8YQNT1db5OKsldub50+o1FXmAH4+3MxZozaOGDCX3yXbdDJSJaaSmfuAA==",
|
|
1852
|
-
"signed_at": "2026-05-
|
|
1852
|
+
"signed_at": "2026-05-30T07:05:14.683Z",
|
|
1853
1853
|
"forward_watch": [
|
|
1854
1854
|
"NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; track for active-exploitation confirmation and patch advisory affecting API gateway / reverse-proxy deployments",
|
|
1855
1855
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM 3-bug SSRF + Code Injection chain by k3vg3n; LLM-proxy API surface; track upstream patch and CVE assignments",
|
|
@@ -1935,7 +1935,7 @@
|
|
|
1935
1935
|
"CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
|
|
1936
1936
|
],
|
|
1937
1937
|
"signature": "EdsY4xe7YA8X8m+KZUbq49JwoCXgRKEz2eg3m86O37rvBmpm8ppvl9hrsekygvpBh2VmCHL2dEYiOD8OM2n7CA==",
|
|
1938
|
-
"signed_at": "2026-05-
|
|
1938
|
+
"signed_at": "2026-05-30T07:05:14.683Z"
|
|
1939
1939
|
},
|
|
1940
1940
|
{
|
|
1941
1941
|
"name": "container-runtime-security",
|
|
@@ -1997,7 +1997,7 @@
|
|
|
1997
1997
|
"d3fend_refs": [],
|
|
1998
1998
|
"last_threat_review": "2026-05-15",
|
|
1999
1999
|
"signature": "fnLKPLkjjRCJ/F9wdmZ1w1lXmqEJvTYkv6Uu+9OTd5vZTWKz3QMuxKOsas+ctCdOvTaeloqPUUprXx+ZZdDpCg==",
|
|
2000
|
-
"signed_at": "2026-05-
|
|
2000
|
+
"signed_at": "2026-05-30T07:05:14.683Z",
|
|
2001
2001
|
"forward_watch": [
|
|
2002
2002
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Container Toolkit container escape ($50K award) by chompie / IBM X-Force XOR; high-severity container/hypervisor boundary break; track patch and KEV add post-embargo"
|
|
2003
2003
|
]
|
|
@@ -2071,7 +2071,7 @@
|
|
|
2071
2071
|
"MITRE ATLAS v5.6.0 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
|
|
2072
2072
|
],
|
|
2073
2073
|
"signature": "t3dkdpTX04zvjitEeOJThpgjurLd1UO9GOut4LXSZgY3ULhfknI4zT7G5+m2RSZZTo7yyeZrwpg+7vEg9K6mAw==",
|
|
2074
|
-
"signed_at": "2026-05-
|
|
2074
|
+
"signed_at": "2026-05-30T07:05:14.684Z"
|
|
2075
2075
|
},
|
|
2076
2076
|
{
|
|
2077
2077
|
"name": "incident-response-playbook",
|
|
@@ -2133,7 +2133,7 @@
|
|
|
2133
2133
|
"NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
|
|
2134
2134
|
],
|
|
2135
2135
|
"signature": "+1kmtA6rAvIyDjjy+cJHK6BcfylyVsa5cUjRFijlFR9GsQfB93JnmkEJOqML50pdlcxtJI3yUodHpL3/YJGtCA==",
|
|
2136
|
-
"signed_at": "2026-05-
|
|
2136
|
+
"signed_at": "2026-05-30T07:05:14.684Z"
|
|
2137
2137
|
},
|
|
2138
2138
|
{
|
|
2139
2139
|
"name": "ransomware-response",
|
|
@@ -2213,7 +2213,7 @@
|
|
|
2213
2213
|
],
|
|
2214
2214
|
"last_threat_review": "2026-05-22",
|
|
2215
2215
|
"signature": "h48ASCz63aBfHzLKxMVDADMuT4atriK0iE6bJeVzZTsx/e8+hyv4fLP7+zYxT9Oe0Gss3v/Xy+t+Wd9uwzV+Aw==",
|
|
2216
|
-
"signed_at": "2026-05-
|
|
2216
|
+
"signed_at": "2026-05-30T07:05:14.684Z"
|
|
2217
2217
|
},
|
|
2218
2218
|
{
|
|
2219
2219
|
"name": "email-security-anti-phishing",
|
|
@@ -2266,7 +2266,7 @@
|
|
|
2266
2266
|
"d3fend_refs": [],
|
|
2267
2267
|
"last_threat_review": "2026-05-18",
|
|
2268
2268
|
"signature": "FVBn4ex2qPIo9SHMVJ6tntoz4tVwjbIq3m6wDjjZyv2JODlS+90GBYCOkNamxxkmw/6de6SMs0YHQiF/xjo/DQ==",
|
|
2269
|
-
"signed_at": "2026-05-
|
|
2269
|
+
"signed_at": "2026-05-30T07:05:14.685Z"
|
|
2270
2270
|
},
|
|
2271
2271
|
{
|
|
2272
2272
|
"name": "age-gates-child-safety",
|
|
@@ -2334,7 +2334,7 @@
|
|
|
2334
2334
|
"US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
|
|
2335
2335
|
],
|
|
2336
2336
|
"signature": "ZHVdGWCcfG98tSVB0b9mwrsYwv71V3uUEl+6ss7omSQhmNvqV5s6MAZM5YladBt9MK/8T/zBrTYN4gAonOP+BQ==",
|
|
2337
|
-
"signed_at": "2026-05-
|
|
2337
|
+
"signed_at": "2026-05-30T07:05:14.685Z"
|
|
2338
2338
|
},
|
|
2339
2339
|
{
|
|
2340
2340
|
"name": "cloud-iam-incident",
|
|
@@ -2414,7 +2414,7 @@
|
|
|
2414
2414
|
],
|
|
2415
2415
|
"last_threat_review": "2026-05-15",
|
|
2416
2416
|
"signature": "e/kij7GtKaytROyIj7V5RH+FC9WtmVFzrmG2kIlNDNn29ep/CRNlIQKwXLpzo/81AIf634pmdr1qy/+vwIuUDA==",
|
|
2417
|
-
"signed_at": "2026-05-
|
|
2417
|
+
"signed_at": "2026-05-30T07:05:14.685Z",
|
|
2418
2418
|
"forward_watch": [
|
|
2419
2419
|
"AWS IAM Identity Center session-policy refresh and step-up-on-admin enforcement (anticipated 2026-H2 release)",
|
|
2420
2420
|
"GCP Workload Identity Federation principal-set attribute mapping tightening (post-2026 Q3 Federation hardening guide)",
|
|
@@ -2508,7 +2508,7 @@
|
|
|
2508
2508
|
],
|
|
2509
2509
|
"last_threat_review": "2026-05-15",
|
|
2510
2510
|
"signature": "9mfDtMApMAg9V/lmwpniNxo/6gNZoOEoYDfyFvyWvKrPMtc7H9F8uz06FVoARe/J49saAKTVXOurNE1D/KtpCQ==",
|
|
2511
|
-
"signed_at": "2026-05-
|
|
2511
|
+
"signed_at": "2026-05-30T07:05:14.686Z",
|
|
2512
2512
|
"forward_watch": [
|
|
2513
2513
|
"Entra ID conditional access evolution post-Midnight Blizzard — Microsoft's 2025-2026 commitments on legacy-tenant MFA enforcement and OAuth-app consent gating",
|
|
2514
2514
|
"Okta IPSIE (Interoperability Profile for Secure Identity in the Enterprise) OpenID Foundation working-group output and adoption timeline",
|
|
@@ -2526,6 +2526,6 @@
|
|
|
2526
2526
|
],
|
|
2527
2527
|
"manifest_signature": {
|
|
2528
2528
|
"algorithm": "Ed25519",
|
|
2529
|
-
"signature_base64": "
|
|
2529
|
+
"signature_base64": "/jogeZGNJrOwDQSqjhiRxTgipHyD5dKGMLC8R7jn5yH5KOhyU08ngwCfG79LZnAJ6sw7Cx8pihl3Exk8RaHzAg=="
|
|
2530
2530
|
}
|
|
2531
2531
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@blamejs/exceptd-skills",
|
|
3
|
-
"version": "0.15.
|
|
3
|
+
"version": "0.15.43",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ai-security",
|
package/sbom.cdx.json
CHANGED
|
@@ -1,22 +1,22 @@
|
|
|
1
1
|
{
|
|
2
2
|
"bomFormat": "CycloneDX",
|
|
3
3
|
"specVersion": "1.6",
|
|
4
|
-
"serialNumber": "urn:uuid:
|
|
4
|
+
"serialNumber": "urn:uuid:f5bb0fdc-9421-4e40-a1a9-0d43b119c40d",
|
|
5
5
|
"version": 1,
|
|
6
6
|
"metadata": {
|
|
7
|
-
"timestamp": "
|
|
7
|
+
"timestamp": "2156-08-23T04:06:52.000Z",
|
|
8
8
|
"tools": [
|
|
9
9
|
{
|
|
10
10
|
"vendor": "blamejs",
|
|
11
11
|
"name": "scripts/refresh-sbom.js",
|
|
12
|
-
"version": "0.15.
|
|
12
|
+
"version": "0.15.43"
|
|
13
13
|
}
|
|
14
14
|
],
|
|
15
15
|
"component": {
|
|
16
|
-
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.15.
|
|
16
|
+
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.15.43",
|
|
17
17
|
"type": "application",
|
|
18
18
|
"name": "@blamejs/exceptd-skills",
|
|
19
|
-
"version": "0.15.
|
|
19
|
+
"version": "0.15.43",
|
|
20
20
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
|
|
21
21
|
"licenses": [
|
|
22
22
|
{
|
|
@@ -25,17 +25,17 @@
|
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
27
|
],
|
|
28
|
-
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.15.
|
|
28
|
+
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.15.43",
|
|
29
29
|
"hashes": [
|
|
30
30
|
{
|
|
31
31
|
"alg": "SHA-256",
|
|
32
|
-
"content": "
|
|
32
|
+
"content": "6b34970deebc7e8329ba28443ce5adb1c3ebb7ad13262e27449ef67a7c5d0c88"
|
|
33
33
|
}
|
|
34
34
|
],
|
|
35
35
|
"externalReferences": [
|
|
36
36
|
{
|
|
37
37
|
"type": "distribution",
|
|
38
|
-
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.15.
|
|
38
|
+
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.15.43"
|
|
39
39
|
},
|
|
40
40
|
{
|
|
41
41
|
"type": "vcs",
|
|
@@ -116,11 +116,11 @@
|
|
|
116
116
|
"hashes": [
|
|
117
117
|
{
|
|
118
118
|
"alg": "SHA-256",
|
|
119
|
-
"content": "
|
|
119
|
+
"content": "72bb63e47aab4d3fa469984cf47438ec8ec411a4d34f2b2a3f27ade296da70b8"
|
|
120
120
|
},
|
|
121
121
|
{
|
|
122
122
|
"alg": "SHA3-512",
|
|
123
|
-
"content": "
|
|
123
|
+
"content": "fea95bfaa603f1f4a4a3659afc20dee6edea7187c46982a50fc2ef385adf3157a65a6302fd56207e3e3960bdcd8cb3058ce137dce80af57a3a0277903ab1867d"
|
|
124
124
|
}
|
|
125
125
|
]
|
|
126
126
|
},
|
|
@@ -311,11 +311,11 @@
|
|
|
311
311
|
"hashes": [
|
|
312
312
|
{
|
|
313
313
|
"alg": "SHA-256",
|
|
314
|
-
"content": "
|
|
314
|
+
"content": "6255e929454291c9f2ab48b600bbedf68a1678c5eb04504e5323a2d6ff5f3e36"
|
|
315
315
|
},
|
|
316
316
|
{
|
|
317
317
|
"alg": "SHA3-512",
|
|
318
|
-
"content": "
|
|
318
|
+
"content": "3bc61a0597c460b77b58a06f8158e0c3713b7b2f25d56c01103e147813d74e1fd5d985e7944c297b30973053c2e83ab5337ebd2c492af197989148ffd6884aba"
|
|
319
319
|
}
|
|
320
320
|
]
|
|
321
321
|
},
|
|
@@ -326,11 +326,11 @@
|
|
|
326
326
|
"hashes": [
|
|
327
327
|
{
|
|
328
328
|
"alg": "SHA-256",
|
|
329
|
-
"content": "
|
|
329
|
+
"content": "6a081bf58b2aafc37b7c297b63edb8bca7db6ee93ec69014d34ab9fc764cbb98"
|
|
330
330
|
},
|
|
331
331
|
{
|
|
332
332
|
"alg": "SHA3-512",
|
|
333
|
-
"content": "
|
|
333
|
+
"content": "67c46b09e3aab8a772e148f16094b29b435156012c390c91be1649a17250aa9ff6933716514f5662cdb3e7cd3ac5a8deae874377b66257259df07750a3c10ca6"
|
|
334
334
|
}
|
|
335
335
|
]
|
|
336
336
|
},
|
|
@@ -806,11 +806,11 @@
|
|
|
806
806
|
"hashes": [
|
|
807
807
|
{
|
|
808
808
|
"alg": "SHA-256",
|
|
809
|
-
"content": "
|
|
809
|
+
"content": "5337ae234da930e89a31d185d739f081cd95086223006ae7b5121f1ab7674791"
|
|
810
810
|
},
|
|
811
811
|
{
|
|
812
812
|
"alg": "SHA3-512",
|
|
813
|
-
"content": "
|
|
813
|
+
"content": "64bd92f7027966cce31da50524a641f76ef4f04b714f2c8eb311d330924f96ef70534429fb4a0f205790775095b6aa86ac863613e2560da79e09bbda47ee7342"
|
|
814
814
|
}
|
|
815
815
|
]
|
|
816
816
|
},
|
|
@@ -1751,11 +1751,11 @@
|
|
|
1751
1751
|
"hashes": [
|
|
1752
1752
|
{
|
|
1753
1753
|
"alg": "SHA-256",
|
|
1754
|
-
"content": "
|
|
1754
|
+
"content": "970c197defcefa117bffcd713b167e14c90f36506e496794485d7bcb2e1789b0"
|
|
1755
1755
|
},
|
|
1756
1756
|
{
|
|
1757
1757
|
"alg": "SHA3-512",
|
|
1758
|
-
"content": "
|
|
1758
|
+
"content": "9763760a19aba6737d68b677997036a9adbe11283ddcb38c20aa0f7ae0940403bb74b75406147b993b0ee27df29196700645e54a7e405ff05280ffb1c123127d"
|
|
1759
1759
|
}
|
|
1760
1760
|
]
|
|
1761
1761
|
},
|