@blamejs/exceptd-skills 0.16.0 → 0.16.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/bin/exceptd.js +1 -1
- package/data/_indexes/_meta.json +2 -2
- package/lib/collectors/crypto-codebase.js +22 -2
- package/lib/collectors/library-author.js +30 -14
- package/lib/collectors/mcp.js +25 -3
- package/lib/collectors/sbom.js +6 -0
- package/lib/playbook-runner.js +36 -2
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +24 -24
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.16.2 — 2026-05-31
|
|
4
|
+
|
|
5
|
+
The default evidence bundle for the secrets, credential-store, runtime, and citation-hygiene playbooks is now a real structured-JSON document instead of an "Unknown format" placeholder, and `json` is a generally selectable bundle format for any playbook.
|
|
6
|
+
|
|
7
|
+
A crypto-codebase scan of a source repository no longer emits a spurious "precondition not met" warning for its source-tree check: the collector now attests that gate from the files it walked, matching how the supply-chain and library-author collectors already self-attest.
|
|
8
|
+
|
|
9
|
+
When a run is blocked on a precondition you submitted as false, the remediation now names the exact way to satisfy it — submit `precondition_checks {"<id>": true}` in your evidence, or pass the owning collector's attestation flag at collect time (for example `collect cicd-pipeline-compromise --attest-ownership`) — instead of an ambiguous hint that could be read as a flag on the wrong verb.
|
|
10
|
+
|
|
11
|
+
## 0.16.1 — 2026-05-31
|
|
12
|
+
|
|
13
|
+
Supply-chain, library-author, and MCP scans no longer emit a spurious "precondition not met" warning when the scanned directory clearly satisfies it: the collectors now attest the gates they can verify from what they collected (a lockfile satisfies the package-manager gate, a package manifest or publish workflow satisfies the publishable-artifact gate, a present assistant config satisfies the AI-assistant gate) — so a `collect --cwd <repo> | run` against a target directory reports them as met rather than unverified. The library-author publish-workflow detector no longer mis-classifies a CI workflow whose only mention of a publish command sits inside a comment. And a blocked run on an intent/ownership precondition (for example the CI/CD playbook's fleet-ownership gate) now states the specific gate and how to satisfy it, instead of guessing a platform mismatch.
|
|
14
|
+
|
|
3
15
|
## 0.16.0 — 2026-05-31
|
|
4
16
|
|
|
5
17
|
Supply-chain playbook gains reachability-aware triage and publisher-identity detection. A CVE-reachability demoter flags a matched-CVE dependency whose vulnerable module is never imported on a path from your own code, supporting exploit-priority triage of the runtime-vs-build-only distinction — it over-approximates toward reachable (any dynamic / plugin / reflective load counts as reachable) so it only demotes a match when reachability is explicitly attested, and the CVE matcher itself is unchanged. A publisher-identity-change detector flags an account-takeover precursor: a dependency whose publishing account, maintainer set, or provenance identity changed across an update while its capability surface stayed identical — the silent ownership-handoff release that precedes a payload, which the capability-creep detector cannot see.
|
package/bin/exceptd.js
CHANGED
|
@@ -3570,7 +3570,7 @@ function cmdRun(runner, args, runOpts, pretty) {
|
|
|
3570
3570
|
lines.push(` → ${obj.remediation}`);
|
|
3571
3571
|
} else {
|
|
3572
3572
|
const hints = {
|
|
3573
|
-
precondition: "→
|
|
3573
|
+
precondition: "→ A required precondition is unmet — the reason above names the specific gate. It may be a platform mismatch, OR an attestation/evidence the run needs (submit it in your evidence JSON's precondition_checks). For a platform mismatch, list applicable playbooks: exceptd brief --all",
|
|
3574
3574
|
mutex: "→ Another run holds this playbook's mutex. Wait for it to finish, then retry.",
|
|
3575
3575
|
currency: "→ Threat intel is stale. Refresh sources (exceptd refresh) or re-run with --force-stale to override.",
|
|
3576
3576
|
catalog_corrupt: "→ The CVE catalog failed to load. Reinstall the package or run: exceptd doctor",
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-31T13:45:27.995Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "09e4b71506de2c73f64372d2e4359a24082402240ba86e3a34fcc6299c9e08e2",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
9
|
"data/attack-techniques.json": "318bf8e9c5aee1d0a4a1dc37c4b211f2fbc937bf332a401a22483cc7d0547252",
|
|
10
10
|
"data/cve-catalog.json": "1aac7e75eae24ece2ef09d1c63977bdd7a1f81a9f11609ebb966109be316426c",
|
|
@@ -41,6 +41,17 @@ const SOURCE_EXTS = new Set([
|
|
|
41
41
|
".m", ".mm",
|
|
42
42
|
]);
|
|
43
43
|
|
|
44
|
+
// The exact marker set the crypto-codebase playbook's `repo-has-source-tree`
|
|
45
|
+
// gate evaluates (data/playbooks/crypto-codebase.json: exists_any([...])).
|
|
46
|
+
// The collector attests the gate by mirroring this predicate against the
|
|
47
|
+
// scanned cwd — NOT by counting SOURCE_EXTS files — so a valid package repo
|
|
48
|
+
// whose only marker is a manifest or an empty src/ dir (no extension-matched
|
|
49
|
+
// source yet) still attests true, matching what the gate would compute.
|
|
50
|
+
const SOURCE_TREE_MARKERS = [
|
|
51
|
+
"package.json", "pyproject.toml", "go.mod", "Cargo.toml",
|
|
52
|
+
"pom.xml", "build.gradle", "src", "lib", "crates",
|
|
53
|
+
];
|
|
54
|
+
|
|
44
55
|
const TEST_PATH_SEGMENTS = [
|
|
45
56
|
"/test/", "/tests/", "/spec/", "/specs/", "/__tests__/",
|
|
46
57
|
"/fixtures/", "/fixture/", "/examples/", "/example/",
|
|
@@ -471,14 +482,23 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
|
|
|
471
482
|
|
|
472
483
|
return {
|
|
473
484
|
precondition_checks: {
|
|
474
|
-
|
|
485
|
+
// Auto-attest the crypto-codebase playbook's own `repo-has-source-tree`
|
|
486
|
+
// gate by mirroring the gate's own exists_any(SOURCE_TREE_MARKERS)
|
|
487
|
+
// predicate against the scanned cwd. The runner's autoDetectPreconditions
|
|
488
|
+
// probes the run process's cwd (not the collected --cwd) and has no
|
|
489
|
+
// exists_any() branch, so a repo with a recognizable source tree would
|
|
490
|
+
// otherwise surface a spurious precondition_unverified warning. Keying to
|
|
491
|
+
// the gate's exact id + predicate mirrors the sbom / library-author
|
|
492
|
+
// collectors; `repo-context` is not a precondition this playbook
|
|
493
|
+
// references.
|
|
494
|
+
"repo-has-source-tree": SOURCE_TREE_MARKERS.some((m) => fs.existsSync(path.join(cwd, m))),
|
|
475
495
|
},
|
|
476
496
|
artifacts,
|
|
477
497
|
signal_overrides,
|
|
478
498
|
...(Object.keys(evidence_locations).length ? { evidence_locations } : {}),
|
|
479
499
|
collector_meta: {
|
|
480
500
|
collector_id: COLLECTOR_ID,
|
|
481
|
-
collector_version: "2026-05-
|
|
501
|
+
collector_version: "2026-05-31",
|
|
482
502
|
platform: process.platform,
|
|
483
503
|
captured_at: new Date().toISOString(),
|
|
484
504
|
cwd: root,
|
|
@@ -82,33 +82,41 @@ function looksLikePublishWorkflow(name, content) {
|
|
|
82
82
|
// Filename prefix signals: only the canonical publish words.
|
|
83
83
|
if (/^(release|publish|deploy|promote|tag-and-release)/.test(lower)) return true;
|
|
84
84
|
|
|
85
|
+
// Strip YAML line-comments before the content-shape probes so a comment that
|
|
86
|
+
// merely MENTIONS a publish verb (e.g. a ci.yml line "# … matches the npm
|
|
87
|
+
// publish workflow's depth.") can't masquerade as a publish command. The
|
|
88
|
+
// filename-prefix checks above are unaffected. A `#` inside a quoted string
|
|
89
|
+
// is rare in workflow YAML and not load-bearing for these command probes
|
|
90
|
+
// (stripping can only REMOVE comment text, never create a false match).
|
|
91
|
+
const code = content.replace(/#.*$/gm, '');
|
|
92
|
+
|
|
85
93
|
// Explicit publish-shape commands — these are commitments to push
|
|
86
94
|
// artifacts, not setup / scaffolding.
|
|
87
|
-
if (/\bnpm\s+publish\b/.test(
|
|
88
|
-
if (/pypa\/gh-action-pypi-publish/.test(
|
|
89
|
-
if (/\bcargo\s+publish\b/.test(
|
|
90
|
-
if (/goreleaser/.test(
|
|
91
|
-
if (/softprops\/action-gh-release/.test(
|
|
95
|
+
if (/\bnpm\s+publish\b/.test(code)) return true;
|
|
96
|
+
if (/pypa\/gh-action-pypi-publish/.test(code)) return true;
|
|
97
|
+
if (/\bcargo\s+publish\b/.test(code)) return true;
|
|
98
|
+
if (/goreleaser/.test(code)) return true;
|
|
99
|
+
if (/softprops\/action-gh-release/.test(code)) return true;
|
|
92
100
|
// `ko build` builds AND pushes container images by default (unless
|
|
93
101
|
// --push=false). All four sub-commands push to a registry.
|
|
94
|
-
if (/\bko\s+(?:publish|build|apply|resolve)\b/.test(
|
|
102
|
+
if (/\bko\s+(?:publish|build|apply|resolve)\b/.test(code)) return true;
|
|
95
103
|
// `cosign sign` (container signing — publish-shape). Exclude
|
|
96
104
|
// `cosign sign-blob` which signs arbitrary artifacts and shows
|
|
97
105
|
// up in verification / e2e tests as often as in publishes.
|
|
98
|
-
if (/\bcosign\s+sign\b(?!-)/.test(
|
|
99
|
-
if (/\bcrane\s+(?:push|copy|append)\b/.test(
|
|
100
|
-
if (/\boras\s+(?:push|copy)\b/.test(
|
|
101
|
-
if (/docker\/build-push-action/.test(
|
|
102
|
-
if (/\bdocker\s+push\b/.test(
|
|
106
|
+
if (/\bcosign\s+sign\b(?!-)/.test(code)) return true;
|
|
107
|
+
if (/\bcrane\s+(?:push|copy|append)\b/.test(code)) return true;
|
|
108
|
+
if (/\boras\s+(?:push|copy)\b/.test(code)) return true;
|
|
109
|
+
if (/docker\/build-push-action/.test(code)) return true;
|
|
110
|
+
if (/\bdocker\s+push\b/.test(code)) return true;
|
|
103
111
|
|
|
104
112
|
// Registry login actions — when a workflow logs into a registry,
|
|
105
113
|
// it's almost certainly publishing. Picks up Makefile / opaque
|
|
106
114
|
// publish paths (cosign's build.yaml uses make sign-ci-containers
|
|
107
115
|
// after docker/login-action). Does NOT match verification tests
|
|
108
116
|
// because those don't authenticate to a registry.
|
|
109
|
-
if (/docker\/login-action/.test(
|
|
110
|
-
if (/google-github-actions\/auth/.test(
|
|
111
|
-
if (/aws-actions\/configure-aws-credentials/.test(
|
|
117
|
+
if (/docker\/login-action/.test(code)) return true;
|
|
118
|
+
if (/google-github-actions\/auth/.test(code) && /gcloud auth configure-docker/.test(code)) return true;
|
|
119
|
+
if (/aws-actions\/configure-aws-credentials/.test(code) && /amazon-ecr/.test(code)) return true;
|
|
112
120
|
|
|
113
121
|
return false;
|
|
114
122
|
}
|
|
@@ -531,6 +539,14 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
|
|
|
531
539
|
return {
|
|
532
540
|
precondition_checks: {
|
|
533
541
|
"publisher-context": manifests.length > 0,
|
|
542
|
+
// Auto-attest the playbook's publishable-artifact-evidence gate from what
|
|
543
|
+
// we collected (a package manifest or a publish workflow): the runner
|
|
544
|
+
// can't probe the scanned --cwd, so otherwise a repo that clearly has a
|
|
545
|
+
// manifest surfaces a spurious precondition_unverified warning. (The
|
|
546
|
+
// repo-walk-access HALT gate is intentionally NOT attested here — it is
|
|
547
|
+
// resolved host-side and attesting it from the collector would turn a
|
|
548
|
+
// currently-passing run on a non-git dir into a fail-closed halt.)
|
|
549
|
+
"publishable-artifact-evidence": manifests.length > 0 || publishWorkflows.length > 0,
|
|
534
550
|
},
|
|
535
551
|
artifacts,
|
|
536
552
|
signal_overrides,
|
package/lib/collectors/mcp.js
CHANGED
|
@@ -285,10 +285,32 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
|
|
|
285
285
|
},
|
|
286
286
|
};
|
|
287
287
|
|
|
288
|
+
// Attest any-ai-coding-assistant-installed (skip_phase gate) ONLY when a
|
|
289
|
+
// client is confirmed present — an install directory the precondition itself
|
|
290
|
+
// recognises (exists($HOME/.cursor)||.codeium/windsurf||.config/claude||
|
|
291
|
+
// .config/Code||.gemini), OR a vendor config file we found. The runner can't
|
|
292
|
+
// resolve the exists() DSL against the scanned home, so without this a host
|
|
293
|
+
// that clearly has a client surfaces a spurious precondition_unverified.
|
|
294
|
+
// Crucially we NEVER submit false: the gate is skip_phase, so a false on a
|
|
295
|
+
// config-file-only absence would wrongly skip the detect phase even when an
|
|
296
|
+
// installed client directory or a project-level signal (e.g. a .vscode
|
|
297
|
+
// Copilot config) exists. When presence can't be confirmed, leave the gate
|
|
298
|
+
// unsubmitted and let the host-side resolver decide.
|
|
299
|
+
const assistantInstallDirs = [
|
|
300
|
+
".cursor",
|
|
301
|
+
path.join(".codeium", "windsurf"),
|
|
302
|
+
path.join(".config", "claude"),
|
|
303
|
+
path.join(".config", "Code"),
|
|
304
|
+
".gemini",
|
|
305
|
+
];
|
|
306
|
+
const assistantPresent =
|
|
307
|
+
Object.values(configsByVendor).some((files) => files.some(fileExists)) ||
|
|
308
|
+
assistantInstallDirs.some((d) => fs.existsSync(path.join(home, d)));
|
|
309
|
+
const precondition_checks = { "home-dir-readable": fs.existsSync(home) };
|
|
310
|
+
if (assistantPresent) precondition_checks["any-ai-coding-assistant-installed"] = true;
|
|
311
|
+
|
|
288
312
|
return {
|
|
289
|
-
precondition_checks
|
|
290
|
-
"home-dir-readable": fs.existsSync(home),
|
|
291
|
-
},
|
|
313
|
+
precondition_checks,
|
|
292
314
|
artifacts,
|
|
293
315
|
signal_overrides,
|
|
294
316
|
collector_meta: {
|
package/lib/collectors/sbom.js
CHANGED
|
@@ -398,6 +398,12 @@ function collect({ cwd = process.cwd(), env = process.env, args = {} } = {}) {
|
|
|
398
398
|
return {
|
|
399
399
|
precondition_checks: {
|
|
400
400
|
"sbom-tool-available": hasAnything,
|
|
401
|
+
// Auto-attest the playbook's any-package-manager-present gate from what
|
|
402
|
+
// we actually collected: the runner's autoDetectPreconditions can't probe
|
|
403
|
+
// the scanned --cwd (it sees the run process cwd, not the collected repo),
|
|
404
|
+
// so a lockfile we found here would otherwise surface a spurious
|
|
405
|
+
// precondition_unverified warning on a repo that clearly has one.
|
|
406
|
+
"any-package-manager-present": lockfiles.length > 0,
|
|
401
407
|
},
|
|
402
408
|
artifacts,
|
|
403
409
|
signal_overrides,
|
package/lib/playbook-runner.js
CHANGED
|
@@ -282,7 +282,16 @@ function preflight(playbook, runOpts = {}) {
|
|
|
282
282
|
}
|
|
283
283
|
if (submitted === false) {
|
|
284
284
|
if (pc.on_fail === 'halt') {
|
|
285
|
-
return {
|
|
285
|
+
return {
|
|
286
|
+
ok: false,
|
|
287
|
+
blocked_by: 'precondition',
|
|
288
|
+
reason: `Precondition ${pc.id} failed: ${pc.description}`,
|
|
289
|
+
// Explicit-false halts carry a specific remediation so the renderer
|
|
290
|
+
// prefers it over the generic platform-gate hint — an intent/ownership
|
|
291
|
+
// gate (e.g. operator-owns-ci-fleet) is not a platform mismatch.
|
|
292
|
+
remediation: `Precondition ${pc.id} was submitted as false: ${pc.description} Attest it as true and re-run — submit precondition_checks {"${pc.id}": true} in your evidence JSON, or pass the owning collector's attestation flag at collect time (for example: collect cicd-pipeline-compromise --attest-ownership).`,
|
|
293
|
+
issues
|
|
294
|
+
};
|
|
286
295
|
}
|
|
287
296
|
if (strict) {
|
|
288
297
|
// Warn-level + skip_phase outcomes escalate to halt under strict.
|
|
@@ -2953,6 +2962,31 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals,
|
|
|
2953
2962
|
return { format: 'markdown', body: lines.join('\n') };
|
|
2954
2963
|
}
|
|
2955
2964
|
|
|
2965
|
+
// Native structured-JSON bundle — a superset of `summary` carrying the full
|
|
2966
|
+
// finding record. This is the declared bundle_format for the secrets /
|
|
2967
|
+
// cred-stores / runtime / citation-hygiene playbooks; without an explicit
|
|
2968
|
+
// branch their default bundle fell through to the Unknown-format placeholder
|
|
2969
|
+
// below. Reuses the pinned `now` so multi-format builds stay
|
|
2970
|
+
// timestamp-consistent, and exposes the same finding fields the supported
|
|
2971
|
+
// csaf / markdown branches already surface — `json` is an intentional,
|
|
2972
|
+
// operator-selectable format, not the fallback leak path.
|
|
2973
|
+
if (format === 'json') {
|
|
2974
|
+
return {
|
|
2975
|
+
format: 'json',
|
|
2976
|
+
playbook: playbook._meta.id,
|
|
2977
|
+
playbook_version: playbook._meta.version,
|
|
2978
|
+
session_id: sessionId,
|
|
2979
|
+
generated: now,
|
|
2980
|
+
verdict: analyze.compliance_theater_check?.verdict || 'pending',
|
|
2981
|
+
matched_cves: analyze.matched_cves,
|
|
2982
|
+
rwep_adjusted: analyze.rwep?.adjusted || 0,
|
|
2983
|
+
rwep_threshold_escalate: analyze.rwep?.threshold?.escalate || null,
|
|
2984
|
+
blast_radius_score: analyze.blast_radius_score || 0,
|
|
2985
|
+
selected_remediation: validate.selected_remediation || null,
|
|
2986
|
+
residual_risk_statement: validate.residual_risk_statement || null,
|
|
2987
|
+
};
|
|
2988
|
+
}
|
|
2989
|
+
|
|
2956
2990
|
// The fallback must NOT leak raw analyze + validate internals (matched
|
|
2957
2991
|
// CVEs, framework gaps, residual-risk statements) under an arbitrary
|
|
2958
2992
|
// "format" name — operators piping output to logging or third-party
|
|
@@ -2961,7 +2995,7 @@ function buildEvidenceBundle(format, playbook, analyze, validate, agentSignals,
|
|
|
2961
2995
|
return {
|
|
2962
2996
|
format,
|
|
2963
2997
|
note: 'Unknown format',
|
|
2964
|
-
supported_formats: ['csaf-2.0', 'sarif', 'sarif-2.1.0', 'openvex', 'openvex-0.2.0', 'summary', 'markdown'],
|
|
2998
|
+
supported_formats: ['csaf-2.0', 'sarif', 'sarif-2.1.0', 'openvex', 'openvex-0.2.0', 'summary', 'markdown', 'json'],
|
|
2965
2999
|
};
|
|
2966
3000
|
}
|
|
2967
3001
|
|
package/manifest.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "exceptd-security",
|
|
3
|
-
"version": "0.16.
|
|
3
|
+
"version": "0.16.2",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
|
|
5
5
|
"homepage": "https://exceptd.com",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -53,7 +53,7 @@
|
|
|
53
53
|
],
|
|
54
54
|
"last_threat_review": "2026-05-15",
|
|
55
55
|
"signature": "0H+JfyUVmo/pVFEi5rLENATHjlukPVUqnOWmNPEH77wm8svKGK0aNJ46k6QU5GdHb8c9X9pVJKiuhON6AxDjDw==",
|
|
56
|
-
"signed_at": "2026-05-
|
|
56
|
+
"signed_at": "2026-05-31T13:44:05.263Z",
|
|
57
57
|
"cwe_refs": [
|
|
58
58
|
"CWE-125",
|
|
59
59
|
"CWE-362",
|
|
@@ -123,7 +123,7 @@
|
|
|
123
123
|
],
|
|
124
124
|
"last_threat_review": "2026-05-17",
|
|
125
125
|
"signature": "PHwHEsoy7ctBYOtlAfAdCDVfsq2Bpk9+qESSF+5dVkDcez2zp2v9Ihsv2vqMEs3QxMndyQ+t7NVezyt5VamSCg==",
|
|
126
|
-
"signed_at": "2026-05-
|
|
126
|
+
"signed_at": "2026-05-31T13:44:05.265Z",
|
|
127
127
|
"cwe_refs": [
|
|
128
128
|
"CWE-1039",
|
|
129
129
|
"CWE-1426",
|
|
@@ -196,7 +196,7 @@
|
|
|
196
196
|
],
|
|
197
197
|
"last_threat_review": "2026-05-17",
|
|
198
198
|
"signature": "dD4p7lcRtMyfITOncqLkpOeMy6x6gM0V7UlWHgLEdcxqODb1s75ar1cBtTqDWPbMv6ZAzVo2HJLDK1hVjjU2AQ==",
|
|
199
|
-
"signed_at": "2026-05-
|
|
199
|
+
"signed_at": "2026-05-31T13:44:05.265Z",
|
|
200
200
|
"cwe_refs": [
|
|
201
201
|
"CWE-22",
|
|
202
202
|
"CWE-345",
|
|
@@ -248,7 +248,7 @@
|
|
|
248
248
|
"framework_gaps": [],
|
|
249
249
|
"last_threat_review": "2026-05-22",
|
|
250
250
|
"signature": "wsw8Mlr/gyw6S7Iaao9BVHdU5LFPWl8WVymW17Lkq9J1Mui0+fCrTg6UbrsaeE3s7EW3TVgzBuK+8EFd1+H5AA==",
|
|
251
|
-
"signed_at": "2026-05-
|
|
251
|
+
"signed_at": "2026-05-31T13:44:05.265Z"
|
|
252
252
|
},
|
|
253
253
|
{
|
|
254
254
|
"name": "compliance-theater",
|
|
@@ -279,7 +279,7 @@
|
|
|
279
279
|
],
|
|
280
280
|
"last_threat_review": "2026-05-22",
|
|
281
281
|
"signature": "uVTc1QRKOKcIVDajBz+q2egjiEAyOQaDNsvVI2ghj5FD0VvquoUBBE5Naca2FkaZa790EHWCsVZ4hhdaSQs2DQ==",
|
|
282
|
-
"signed_at": "2026-05-
|
|
282
|
+
"signed_at": "2026-05-31T13:44:05.266Z"
|
|
283
283
|
},
|
|
284
284
|
{
|
|
285
285
|
"name": "exploit-scoring",
|
|
@@ -308,7 +308,7 @@
|
|
|
308
308
|
],
|
|
309
309
|
"last_threat_review": "2026-05-18",
|
|
310
310
|
"signature": "QuNpwnZ6HkCEAXTPC/jLbXSmMIc1JnBczqZAAIZmZj8OcEMVnw9mJYAnU3CxaEI7rvbcMkN2uS5E8yUCm/NiAg==",
|
|
311
|
-
"signed_at": "2026-05-
|
|
311
|
+
"signed_at": "2026-05-31T13:44:05.266Z"
|
|
312
312
|
},
|
|
313
313
|
{
|
|
314
314
|
"name": "rag-pipeline-security",
|
|
@@ -345,7 +345,7 @@
|
|
|
345
345
|
],
|
|
346
346
|
"last_threat_review": "2026-05-22",
|
|
347
347
|
"signature": "5rw2i39SxY2WphBbDLEP28wufnbPPE9+PWt54hmaGdwHXr9RLiVt5liL/5xp14sehlVgFsfpR/bg9vy//xV0DA==",
|
|
348
|
-
"signed_at": "2026-05-
|
|
348
|
+
"signed_at": "2026-05-31T13:44:05.267Z",
|
|
349
349
|
"cwe_refs": [
|
|
350
350
|
"CWE-1395",
|
|
351
351
|
"CWE-1426"
|
|
@@ -405,7 +405,7 @@
|
|
|
405
405
|
],
|
|
406
406
|
"last_threat_review": "2026-05-17",
|
|
407
407
|
"signature": "Vqu49nzntFWjn9A/QeJzm7q/2xk/cZJ6HFQKtiNi1zgcxzXKm+MlFdkaLgYHWj5/9HJohxyIDyBJQTvcJ20eDQ==",
|
|
408
|
-
"signed_at": "2026-05-
|
|
408
|
+
"signed_at": "2026-05-31T13:44:05.267Z",
|
|
409
409
|
"d3fend_refs": [
|
|
410
410
|
"D3-CA",
|
|
411
411
|
"D3-CSPP",
|
|
@@ -440,7 +440,7 @@
|
|
|
440
440
|
"framework_gaps": [],
|
|
441
441
|
"last_threat_review": "2026-05-22",
|
|
442
442
|
"signature": "W87VdyVdAxAdcRI6P/8StaV+MS8ZSPKM9HOCK9n/bBO6BM3ZSE3uImVoyJVpAXQlUpUGN+A3lCJZXv64LuxwDg==",
|
|
443
|
-
"signed_at": "2026-05-
|
|
443
|
+
"signed_at": "2026-05-31T13:44:05.267Z",
|
|
444
444
|
"cwe_refs": [
|
|
445
445
|
"CWE-1188"
|
|
446
446
|
],
|
|
@@ -474,7 +474,7 @@
|
|
|
474
474
|
"framework_gaps": [],
|
|
475
475
|
"last_threat_review": "2026-05-18",
|
|
476
476
|
"signature": "wdVX+edeNekpaIldqkhvtraV6DquLvIsKAjuZVwPQYn3l1vS99HXuFxmNsD7UeMlO3qgC6Dysfsto9EnuH0RBg==",
|
|
477
|
-
"signed_at": "2026-05-
|
|
477
|
+
"signed_at": "2026-05-31T13:44:05.268Z",
|
|
478
478
|
"forward_watch": [
|
|
479
479
|
"New AI attack classes as ATLAS v6 publishes",
|
|
480
480
|
"Post-quantum adversary capability timeline",
|
|
@@ -513,7 +513,7 @@
|
|
|
513
513
|
"framework_gaps": [],
|
|
514
514
|
"last_threat_review": "2026-05-01",
|
|
515
515
|
"signature": "b5miTiY0cnxETd2btxorfZBdJKt/fLnQx20sGYUb9zEqGqtm0LMLpghkW68j4/9k48KNyuGMtNWiKTSnodUGBw==",
|
|
516
|
-
"signed_at": "2026-05-
|
|
516
|
+
"signed_at": "2026-05-31T13:44:05.268Z"
|
|
517
517
|
},
|
|
518
518
|
{
|
|
519
519
|
"name": "zeroday-gap-learn",
|
|
@@ -540,7 +540,7 @@
|
|
|
540
540
|
"framework_gaps": [],
|
|
541
541
|
"last_threat_review": "2026-05-18",
|
|
542
542
|
"signature": "xbkip0AQtWQKAu+O6r/gYECNjezS6O9k9xkkJsYbMlr+j8CdqH3p5/0l+GZmDidImRC/DL07GCnKrk9HRR/yDQ==",
|
|
543
|
-
"signed_at": "2026-05-
|
|
543
|
+
"signed_at": "2026-05-31T13:44:05.268Z",
|
|
544
544
|
"forward_watch": [
|
|
545
545
|
"New CISA KEV entries",
|
|
546
546
|
"New ATLAS TTP additions in each ATLAS release",
|
|
@@ -604,7 +604,7 @@
|
|
|
604
604
|
],
|
|
605
605
|
"last_threat_review": "2026-05-22",
|
|
606
606
|
"signature": "li2NnC1oeVIr22ComP5QbcQoh5xpWITuaKpza1s2SsUkH6kGnnt4wFfFAzaC1ORmH9x2cr8hN8kaNANG/eIMBQ==",
|
|
607
|
-
"signed_at": "2026-05-
|
|
607
|
+
"signed_at": "2026-05-31T13:44:05.269Z",
|
|
608
608
|
"cwe_refs": [
|
|
609
609
|
"CWE-327"
|
|
610
610
|
],
|
|
@@ -652,7 +652,7 @@
|
|
|
652
652
|
],
|
|
653
653
|
"last_threat_review": "2026-05-22",
|
|
654
654
|
"signature": "sZHlJ7ueHPdtzVbR+yXQ5+wKgNyjWsa1LKVg9aWTmg/Onl71DvEILMyJiLpPQjseT56Mnr1DMYJE8xOGlffBAw==",
|
|
655
|
-
"signed_at": "2026-05-
|
|
655
|
+
"signed_at": "2026-05-31T13:44:05.269Z"
|
|
656
656
|
},
|
|
657
657
|
{
|
|
658
658
|
"name": "security-maturity-tiers",
|
|
@@ -689,7 +689,7 @@
|
|
|
689
689
|
],
|
|
690
690
|
"last_threat_review": "2026-05-01",
|
|
691
691
|
"signature": "3AwFnEJu6DukPPNep/3SnuPWEuV060fJEQIwThFm7ujmdbFk0/Ii0XwGv1dkvbbK7ymMdOQpp35l4aLONAucDA==",
|
|
692
|
-
"signed_at": "2026-05-
|
|
692
|
+
"signed_at": "2026-05-31T13:44:05.269Z",
|
|
693
693
|
"cwe_refs": [
|
|
694
694
|
"CWE-1188"
|
|
695
695
|
]
|
|
@@ -724,7 +724,7 @@
|
|
|
724
724
|
"framework_gaps": [],
|
|
725
725
|
"last_threat_review": "2026-05-11",
|
|
726
726
|
"signature": "iJWevUBurLvt2v8X+Ch2eHmZkPWpKeAtIpxTIP4MwbUHyco3igDeBywJCyaR2vURYRx8LkzzIMM8DxQM4LAXBQ==",
|
|
727
|
-
"signed_at": "2026-05-
|
|
727
|
+
"signed_at": "2026-05-31T13:44:05.270Z"
|
|
728
728
|
},
|
|
729
729
|
{
|
|
730
730
|
"name": "attack-surface-pentest",
|
|
@@ -796,7 +796,7 @@
|
|
|
796
796
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — Microsoft Edge 4-bug sandbox escape by Orange Tsai (DEVCORE); forward-watch only (browser sandbox, out of current playbook scope); track Microsoft Edge security advisory and KEV add"
|
|
797
797
|
],
|
|
798
798
|
"signature": "DDMzI+4En4aIkwBUCGW6nj1eEkCyLqHGn2LJ2rnwWfYatjPI1U5HrTZNAN/n9JqWtAzk8F3rmsKehaaz5iNWDA==",
|
|
799
|
-
"signed_at": "2026-05-
|
|
799
|
+
"signed_at": "2026-05-31T13:44:05.270Z"
|
|
800
800
|
},
|
|
801
801
|
{
|
|
802
802
|
"name": "fuzz-testing-strategy",
|
|
@@ -856,7 +856,7 @@
|
|
|
856
856
|
"OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
|
|
857
857
|
],
|
|
858
858
|
"signature": "dJB0iAstIUbyny+udl3OIkaLScEmqS97LNP73yQ8mxt+0bcqxZjpfXaWLzLuIQblGYvUvz75/H6rO2EJuGd4AQ==",
|
|
859
|
-
"signed_at": "2026-05-
|
|
859
|
+
"signed_at": "2026-05-31T13:44:05.270Z"
|
|
860
860
|
},
|
|
861
861
|
{
|
|
862
862
|
"name": "dlp-gap-analysis",
|
|
@@ -931,7 +931,7 @@
|
|
|
931
931
|
"Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
|
|
932
932
|
],
|
|
933
933
|
"signature": "KEAoMji3VcPX/ZXXqVe6OStxSkTssfY9fIRPyPcDYqh50GzOFQ6koNOTBVAiWOvjDjQ38g12xun5srbqgmvRAw==",
|
|
934
|
-
"signed_at": "2026-05-
|
|
934
|
+
"signed_at": "2026-05-31T13:44:05.271Z"
|
|
935
935
|
},
|
|
936
936
|
{
|
|
937
937
|
"name": "supply-chain-integrity",
|
|
@@ -1010,7 +1010,7 @@
|
|
|
1010
1010
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Megatron Bridge path traversal by haehae; AI training-stack file-system trust boundary; track patch and SBOM-attestation impact"
|
|
1011
1011
|
],
|
|
1012
1012
|
"signature": "zuW8T0EMbVV83GsUP/W20Use2gBTicBW021T0sY7qsRY/U5qsPWkXYIWp3SdiKLTIKqTEd/0T7LQebjIs2QKCA==",
|
|
1013
|
-
"signed_at": "2026-05-
|
|
1013
|
+
"signed_at": "2026-05-31T13:44:05.271Z"
|
|
1014
1014
|
},
|
|
1015
1015
|
{
|
|
1016
1016
|
"name": "defensive-countermeasure-mapping",
|
|
@@ -1067,7 +1067,7 @@
|
|
|
1067
1067
|
],
|
|
1068
1068
|
"last_threat_review": "2026-05-11",
|
|
1069
1069
|
"signature": "Qe0Hg9BrX3Zm5pj0n2z/oiHbAXWdA2Dq461zc4izkkUjEX2CZ02rODjCI2ELbrVOU3GC7edxqAxA+5U/ObnHDQ==",
|
|
1070
|
-
"signed_at": "2026-05-
|
|
1070
|
+
"signed_at": "2026-05-31T13:44:05.271Z"
|
|
1071
1071
|
},
|
|
1072
1072
|
{
|
|
1073
1073
|
"name": "identity-assurance",
|
|
@@ -1134,7 +1134,7 @@
|
|
|
1134
1134
|
"d3fend_refs": [],
|
|
1135
1135
|
"last_threat_review": "2026-05-11",
|
|
1136
1136
|
"signature": "UV3458QXSkEpenzrOmdlTTfPHUD4hNyKMDHoeZDq/kiFb4mAG0ghQGTTgI9Ru8cJbSmYM1++m9N5TFIJ6JJPBg==",
|
|
1137
|
-
"signed_at": "2026-05-
|
|
1137
|
+
"signed_at": "2026-05-31T13:44:05.272Z"
|
|
1138
1138
|
},
|
|
1139
1139
|
{
|
|
1140
1140
|
"name": "ot-ics-security",
|
|
@@ -1190,7 +1190,7 @@
|
|
|
1190
1190
|
"d3fend_refs": [],
|
|
1191
1191
|
"last_threat_review": "2026-05-11",
|
|
1192
1192
|
"signature": "kIVzsPsJ72PzzWQwTuvjoHHoVEDCday5I52M9ohjB3/Ak+zlA8oyWLO/BKb/XuYY4fOApjfxTErSWv5uHQ2zDw==",
|
|
1193
|
-
"signed_at": "2026-05-
|
|
1193
|
+
"signed_at": "2026-05-31T13:44:05.272Z"
|
|
1194
1194
|
},
|
|
1195
1195
|
{
|
|
1196
1196
|
"name": "coordinated-vuln-disclosure",
|
|
@@ -1242,7 +1242,7 @@
|
|
|
1242
1242
|
"NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
|
|
1243
1243
|
],
|
|
1244
1244
|
"signature": "bWr27Q1uN9xCe1ib4QulszBa7YIDNkGqo72k5nm2cK98LyPblicD+sO9MnGckAyB22BTN/cIB+FwFMcI5IxvBw==",
|
|
1245
|
-
"signed_at": "2026-05-
|
|
1245
|
+
"signed_at": "2026-05-31T13:44:05.272Z"
|
|
1246
1246
|
},
|
|
1247
1247
|
{
|
|
1248
1248
|
"name": "threat-modeling-methodology",
|
|
@@ -1292,7 +1292,7 @@
|
|
|
1292
1292
|
"PASTA v2 updates incorporating AI/ML application threats"
|
|
1293
1293
|
],
|
|
1294
1294
|
"signature": "Q854yzLqXdOazc6EyQbZzgAlivuq2vGFDVUCrxSldSvx/HX/ZM/uzmJyP7aBG7ZsMHxj6Lmj/H82YQoo1e+NCQ==",
|
|
1295
|
-
"signed_at": "2026-05-
|
|
1295
|
+
"signed_at": "2026-05-31T13:44:05.273Z"
|
|
1296
1296
|
},
|
|
1297
1297
|
{
|
|
1298
1298
|
"name": "webapp-security",
|
|
@@ -1366,7 +1366,7 @@
|
|
|
1366
1366
|
"d3fend_refs": [],
|
|
1367
1367
|
"last_threat_review": "2026-05-11",
|
|
1368
1368
|
"signature": "4ccahkJpGJZtwD7EBpnGcN0sEGPMEw8eqV+tvePVS04YAkLgYVWtlkasI/8n0be9xB+77x+Sjj3kIi2j2Lf9CA==",
|
|
1369
|
-
"signed_at": "2026-05-
|
|
1369
|
+
"signed_at": "2026-05-31T13:44:05.273Z",
|
|
1370
1370
|
"forward_watch": [
|
|
1371
1371
|
"NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; AI-assisted discovery angle; track for active-exploitation confirmation and patch advisory affecting front-door web app deployments"
|
|
1372
1372
|
]
|
|
@@ -1419,7 +1419,7 @@
|
|
|
1419
1419
|
"d3fend_refs": [],
|
|
1420
1420
|
"last_threat_review": "2026-05-15",
|
|
1421
1421
|
"signature": "SBB7c3wNYfIdkyOp4g4nW0WP7xS+YokMzg32aaeJdbf14LTGQRzQUvSqb2TCj2HFUSHESOyKT1JpkAfyHLSQBQ==",
|
|
1422
|
-
"signed_at": "2026-05-
|
|
1422
|
+
"signed_at": "2026-05-31T13:44:05.273Z"
|
|
1423
1423
|
},
|
|
1424
1424
|
{
|
|
1425
1425
|
"name": "sector-healthcare",
|
|
@@ -1479,7 +1479,7 @@
|
|
|
1479
1479
|
"d3fend_refs": [],
|
|
1480
1480
|
"last_threat_review": "2026-05-11",
|
|
1481
1481
|
"signature": "U04GNLyRas1VmfEsB8khH4iqFZPwx96sPY0Kw9iVsSPU+KTeEFqwgtWK1X1pzgb+T16Pc7HSrCaXDOpTFvQEDw==",
|
|
1482
|
-
"signed_at": "2026-05-
|
|
1482
|
+
"signed_at": "2026-05-31T13:44:05.274Z"
|
|
1483
1483
|
},
|
|
1484
1484
|
{
|
|
1485
1485
|
"name": "sector-financial",
|
|
@@ -1560,7 +1560,7 @@
|
|
|
1560
1560
|
"TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
|
|
1561
1561
|
],
|
|
1562
1562
|
"signature": "xbylLqNPBuEsFE/MNVeGy/01K6yiJXMxQbzC1F4RWU5aseDGbNy5HrAv2JWI2+Aft05ozreNPjccvu66yJ5EBw==",
|
|
1563
|
-
"signed_at": "2026-05-
|
|
1563
|
+
"signed_at": "2026-05-31T13:44:05.274Z"
|
|
1564
1564
|
},
|
|
1565
1565
|
{
|
|
1566
1566
|
"name": "sector-federal-government",
|
|
@@ -1629,7 +1629,7 @@
|
|
|
1629
1629
|
"Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
|
|
1630
1630
|
],
|
|
1631
1631
|
"signature": "C9c3JuBhUbwcb7uZpDdy+PNT8sYmYIxzD4uRHu421ePW1aSFJ8fkMvuTzSO8vD/F/jOOg5opM4kov/xSAn+qCg==",
|
|
1632
|
-
"signed_at": "2026-05-
|
|
1632
|
+
"signed_at": "2026-05-31T13:44:05.275Z"
|
|
1633
1633
|
},
|
|
1634
1634
|
{
|
|
1635
1635
|
"name": "sector-energy",
|
|
@@ -1694,7 +1694,7 @@
|
|
|
1694
1694
|
"ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
|
|
1695
1695
|
],
|
|
1696
1696
|
"signature": "oz8Q5WVaY8au4IjbaZahx/DSaC00Q44ylSL3mDkTerCEpW/EyPUeiLeGxSrWxBCwVFEKSSJvnhJjhvX5lDPcCg==",
|
|
1697
|
-
"signed_at": "2026-05-
|
|
1697
|
+
"signed_at": "2026-05-31T13:44:05.275Z"
|
|
1698
1698
|
},
|
|
1699
1699
|
{
|
|
1700
1700
|
"name": "sector-telecom",
|
|
@@ -1780,7 +1780,7 @@
|
|
|
1780
1780
|
"O-RAN SFG / WG11 security specifications"
|
|
1781
1781
|
],
|
|
1782
1782
|
"signature": "NAtyzfLPXlUuB78Snb9nWmbZalC1CNlIYN9rYhdEmtB/xQGC6vVnThgrEAHlm7v/jMCFuknvEpUHKdscUnUADw==",
|
|
1783
|
-
"signed_at": "2026-05-
|
|
1783
|
+
"signed_at": "2026-05-31T13:44:05.275Z"
|
|
1784
1784
|
},
|
|
1785
1785
|
{
|
|
1786
1786
|
"name": "api-security",
|
|
@@ -1849,7 +1849,7 @@
|
|
|
1849
1849
|
"d3fend_refs": [],
|
|
1850
1850
|
"last_threat_review": "2026-05-18",
|
|
1851
1851
|
"signature": "1UTjZNC5Lyrgw93LAizdXVeSmv3jS8YQNT1db5OKsldub50+o1FXmAH4+3MxZozaOGDCX3yXbdDJSJaaSmfuAA==",
|
|
1852
|
-
"signed_at": "2026-05-
|
|
1852
|
+
"signed_at": "2026-05-31T13:44:05.275Z",
|
|
1853
1853
|
"forward_watch": [
|
|
1854
1854
|
"NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; track for active-exploitation confirmation and patch advisory affecting API gateway / reverse-proxy deployments",
|
|
1855
1855
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM 3-bug SSRF + Code Injection chain by k3vg3n; LLM-proxy API surface; track upstream patch and CVE assignments",
|
|
@@ -1935,7 +1935,7 @@
|
|
|
1935
1935
|
"CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
|
|
1936
1936
|
],
|
|
1937
1937
|
"signature": "EdsY4xe7YA8X8m+KZUbq49JwoCXgRKEz2eg3m86O37rvBmpm8ppvl9hrsekygvpBh2VmCHL2dEYiOD8OM2n7CA==",
|
|
1938
|
-
"signed_at": "2026-05-
|
|
1938
|
+
"signed_at": "2026-05-31T13:44:05.276Z"
|
|
1939
1939
|
},
|
|
1940
1940
|
{
|
|
1941
1941
|
"name": "container-runtime-security",
|
|
@@ -1997,7 +1997,7 @@
|
|
|
1997
1997
|
"d3fend_refs": [],
|
|
1998
1998
|
"last_threat_review": "2026-05-15",
|
|
1999
1999
|
"signature": "fnLKPLkjjRCJ/F9wdmZ1w1lXmqEJvTYkv6Uu+9OTd5vZTWKz3QMuxKOsas+ctCdOvTaeloqPUUprXx+ZZdDpCg==",
|
|
2000
|
-
"signed_at": "2026-05-
|
|
2000
|
+
"signed_at": "2026-05-31T13:44:05.276Z",
|
|
2001
2001
|
"forward_watch": [
|
|
2002
2002
|
"Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Container Toolkit container escape ($50K award) by chompie / IBM X-Force XOR; high-severity container/hypervisor boundary break; track patch and KEV add post-embargo"
|
|
2003
2003
|
]
|
|
@@ -2071,7 +2071,7 @@
|
|
|
2071
2071
|
"MITRE ATLAS v5.6.0 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
|
|
2072
2072
|
],
|
|
2073
2073
|
"signature": "t3dkdpTX04zvjitEeOJThpgjurLd1UO9GOut4LXSZgY3ULhfknI4zT7G5+m2RSZZTo7yyeZrwpg+7vEg9K6mAw==",
|
|
2074
|
-
"signed_at": "2026-05-
|
|
2074
|
+
"signed_at": "2026-05-31T13:44:05.277Z"
|
|
2075
2075
|
},
|
|
2076
2076
|
{
|
|
2077
2077
|
"name": "incident-response-playbook",
|
|
@@ -2133,7 +2133,7 @@
|
|
|
2133
2133
|
"NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
|
|
2134
2134
|
],
|
|
2135
2135
|
"signature": "+1kmtA6rAvIyDjjy+cJHK6BcfylyVsa5cUjRFijlFR9GsQfB93JnmkEJOqML50pdlcxtJI3yUodHpL3/YJGtCA==",
|
|
2136
|
-
"signed_at": "2026-05-
|
|
2136
|
+
"signed_at": "2026-05-31T13:44:05.277Z"
|
|
2137
2137
|
},
|
|
2138
2138
|
{
|
|
2139
2139
|
"name": "ransomware-response",
|
|
@@ -2213,7 +2213,7 @@
|
|
|
2213
2213
|
],
|
|
2214
2214
|
"last_threat_review": "2026-05-22",
|
|
2215
2215
|
"signature": "h48ASCz63aBfHzLKxMVDADMuT4atriK0iE6bJeVzZTsx/e8+hyv4fLP7+zYxT9Oe0Gss3v/Xy+t+Wd9uwzV+Aw==",
|
|
2216
|
-
"signed_at": "2026-05-
|
|
2216
|
+
"signed_at": "2026-05-31T13:44:05.277Z"
|
|
2217
2217
|
},
|
|
2218
2218
|
{
|
|
2219
2219
|
"name": "email-security-anti-phishing",
|
|
@@ -2266,7 +2266,7 @@
|
|
|
2266
2266
|
"d3fend_refs": [],
|
|
2267
2267
|
"last_threat_review": "2026-05-18",
|
|
2268
2268
|
"signature": "FVBn4ex2qPIo9SHMVJ6tntoz4tVwjbIq3m6wDjjZyv2JODlS+90GBYCOkNamxxkmw/6de6SMs0YHQiF/xjo/DQ==",
|
|
2269
|
-
"signed_at": "2026-05-
|
|
2269
|
+
"signed_at": "2026-05-31T13:44:05.278Z"
|
|
2270
2270
|
},
|
|
2271
2271
|
{
|
|
2272
2272
|
"name": "age-gates-child-safety",
|
|
@@ -2334,7 +2334,7 @@
|
|
|
2334
2334
|
"US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
|
|
2335
2335
|
],
|
|
2336
2336
|
"signature": "ZHVdGWCcfG98tSVB0b9mwrsYwv71V3uUEl+6ss7omSQhmNvqV5s6MAZM5YladBt9MK/8T/zBrTYN4gAonOP+BQ==",
|
|
2337
|
-
"signed_at": "2026-05-
|
|
2337
|
+
"signed_at": "2026-05-31T13:44:05.278Z"
|
|
2338
2338
|
},
|
|
2339
2339
|
{
|
|
2340
2340
|
"name": "cloud-iam-incident",
|
|
@@ -2414,7 +2414,7 @@
|
|
|
2414
2414
|
],
|
|
2415
2415
|
"last_threat_review": "2026-05-15",
|
|
2416
2416
|
"signature": "r9ii4nb3HJELdtKCGF5qy9PHOiot3GC24yfxfGAKlLENHkdRvRkvvL99eV/6RXyfUaMyrnc2Te8tPQcNu5bsDg==",
|
|
2417
|
-
"signed_at": "2026-05-
|
|
2417
|
+
"signed_at": "2026-05-31T13:44:05.278Z",
|
|
2418
2418
|
"forward_watch": [
|
|
2419
2419
|
"AWS IAM Identity Center session-policy refresh and step-up-on-admin enforcement (anticipated 2026-H2 release)",
|
|
2420
2420
|
"GCP Workload Identity Federation principal-set attribute mapping tightening (post-2026 Q3 Federation hardening guide)",
|
|
@@ -2508,7 +2508,7 @@
|
|
|
2508
2508
|
],
|
|
2509
2509
|
"last_threat_review": "2026-05-15",
|
|
2510
2510
|
"signature": "9mfDtMApMAg9V/lmwpniNxo/6gNZoOEoYDfyFvyWvKrPMtc7H9F8uz06FVoARe/J49saAKTVXOurNE1D/KtpCQ==",
|
|
2511
|
-
"signed_at": "2026-05-
|
|
2511
|
+
"signed_at": "2026-05-31T13:44:05.279Z",
|
|
2512
2512
|
"forward_watch": [
|
|
2513
2513
|
"Entra ID conditional access evolution post-Midnight Blizzard — Microsoft's 2025-2026 commitments on legacy-tenant MFA enforcement and OAuth-app consent gating",
|
|
2514
2514
|
"Okta IPSIE (Interoperability Profile for Secure Identity in the Enterprise) OpenID Foundation working-group output and adoption timeline",
|
|
@@ -2526,6 +2526,6 @@
|
|
|
2526
2526
|
],
|
|
2527
2527
|
"manifest_signature": {
|
|
2528
2528
|
"algorithm": "Ed25519",
|
|
2529
|
-
"signature_base64": "
|
|
2529
|
+
"signature_base64": "9MIdPB08VWnw0f+NDDdxyGxHzDud1B7bKh254BjU2BiKwQJCZcPtPQW71uRis6dUEY0hw0wqO9qn22diOGW4DA=="
|
|
2530
2530
|
}
|
|
2531
2531
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@blamejs/exceptd-skills",
|
|
3
|
-
"version": "0.16.
|
|
3
|
+
"version": "0.16.2",
|
|
4
4
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ai-security",
|
package/sbom.cdx.json
CHANGED
|
@@ -1,22 +1,22 @@
|
|
|
1
1
|
{
|
|
2
2
|
"bomFormat": "CycloneDX",
|
|
3
3
|
"specVersion": "1.6",
|
|
4
|
-
"serialNumber": "urn:uuid:
|
|
4
|
+
"serialNumber": "urn:uuid:4752c4e2-772e-4f4c-9ed6-bedf928c0044",
|
|
5
5
|
"version": 1,
|
|
6
6
|
"metadata": {
|
|
7
|
-
"timestamp": "
|
|
7
|
+
"timestamp": "2063-12-02T14:44:50.000Z",
|
|
8
8
|
"tools": [
|
|
9
9
|
{
|
|
10
10
|
"vendor": "blamejs",
|
|
11
11
|
"name": "scripts/refresh-sbom.js",
|
|
12
|
-
"version": "0.16.
|
|
12
|
+
"version": "0.16.2"
|
|
13
13
|
}
|
|
14
14
|
],
|
|
15
15
|
"component": {
|
|
16
|
-
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.
|
|
16
|
+
"bom-ref": "pkg:npm/@blamejs/exceptd-skills@0.16.2",
|
|
17
17
|
"type": "application",
|
|
18
18
|
"name": "@blamejs/exceptd-skills",
|
|
19
|
-
"version": "0.16.
|
|
19
|
+
"version": "0.16.2",
|
|
20
20
|
"description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 42 skills, 11 catalogs (427 CVEs / 173 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate, real XML parser + canonical-form diff + content-pattern regression detection, Ed25519-signed.",
|
|
21
21
|
"licenses": [
|
|
22
22
|
{
|
|
@@ -25,17 +25,17 @@
|
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
27
|
],
|
|
28
|
-
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.
|
|
28
|
+
"purl": "pkg:npm/%40blamejs/exceptd-skills@0.16.2",
|
|
29
29
|
"hashes": [
|
|
30
30
|
{
|
|
31
31
|
"alg": "SHA-256",
|
|
32
|
-
"content": "
|
|
32
|
+
"content": "9ba5f84082546fa2a8523fa41a1f5caa9ce2978d7c16c943341f35b1686b73de"
|
|
33
33
|
}
|
|
34
34
|
],
|
|
35
35
|
"externalReferences": [
|
|
36
36
|
{
|
|
37
37
|
"type": "distribution",
|
|
38
|
-
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.
|
|
38
|
+
"url": "https://www.npmjs.com/package/@blamejs/exceptd-skills/v/0.16.2"
|
|
39
39
|
},
|
|
40
40
|
{
|
|
41
41
|
"type": "vcs",
|
|
@@ -116,11 +116,11 @@
|
|
|
116
116
|
"hashes": [
|
|
117
117
|
{
|
|
118
118
|
"alg": "SHA-256",
|
|
119
|
-
"content": "
|
|
119
|
+
"content": "a924b909abf3a042ff642ea9ad1cfbe07577dae879ca1f512459253cd3138bf3"
|
|
120
120
|
},
|
|
121
121
|
{
|
|
122
122
|
"alg": "SHA3-512",
|
|
123
|
-
"content": "
|
|
123
|
+
"content": "ea63d0e7fd908de2bf34f3cad9d1b9013d83eda82f16e13e5be4bc3369284a804c1577fd26675dc6c7d0cd46457e958cb5218cdfad49db70188761786f12b2ff"
|
|
124
124
|
}
|
|
125
125
|
]
|
|
126
126
|
},
|
|
@@ -281,11 +281,11 @@
|
|
|
281
281
|
"hashes": [
|
|
282
282
|
{
|
|
283
283
|
"alg": "SHA-256",
|
|
284
|
-
"content": "
|
|
284
|
+
"content": "7652b6863ed764de02edbed786010c58b850cf3557424fb80b97ac59fb002b88"
|
|
285
285
|
},
|
|
286
286
|
{
|
|
287
287
|
"alg": "SHA3-512",
|
|
288
|
-
"content": "
|
|
288
|
+
"content": "a49f8902aa16f1962c9fb174ee67d0e3498f62bd31e3cee283213a3165fe1c3ccef6ada82fa1814314181301efddd47795708c13e300d6542acea1f2f63d5b70"
|
|
289
289
|
}
|
|
290
290
|
]
|
|
291
291
|
},
|
|
@@ -986,11 +986,11 @@
|
|
|
986
986
|
"hashes": [
|
|
987
987
|
{
|
|
988
988
|
"alg": "SHA-256",
|
|
989
|
-
"content": "
|
|
989
|
+
"content": "89e1af2e38e973b4bcfbb243cb1a7d4e516b70a7532bc424ba8478b4bcefd38f"
|
|
990
990
|
},
|
|
991
991
|
{
|
|
992
992
|
"alg": "SHA3-512",
|
|
993
|
-
"content": "
|
|
993
|
+
"content": "62d28a0a92cd9d9ab406f8da199da9bffecdb658e2ed3e783eab65f6451d366a5efad08f457795013b6794e404d3e0769eef24b230693a6b253baf0695138d16"
|
|
994
994
|
}
|
|
995
995
|
]
|
|
996
996
|
},
|
|
@@ -1046,11 +1046,11 @@
|
|
|
1046
1046
|
"hashes": [
|
|
1047
1047
|
{
|
|
1048
1048
|
"alg": "SHA-256",
|
|
1049
|
-
"content": "
|
|
1049
|
+
"content": "abeebd15724807f2ef65f05d307ed494dc8eac0840253f609c8aca9bfca2bbeb"
|
|
1050
1050
|
},
|
|
1051
1051
|
{
|
|
1052
1052
|
"alg": "SHA3-512",
|
|
1053
|
-
"content": "
|
|
1053
|
+
"content": "21a8ece085ce531dcc42ce8fcdf15af902248f1d9c3fef23ecbfa3ea3954a221094bd444ba1550a5f0a3dc1047a9f2168285448bcb07e93f8c5d5a2b3fc0006a"
|
|
1054
1054
|
}
|
|
1055
1055
|
]
|
|
1056
1056
|
},
|
|
@@ -1061,11 +1061,11 @@
|
|
|
1061
1061
|
"hashes": [
|
|
1062
1062
|
{
|
|
1063
1063
|
"alg": "SHA-256",
|
|
1064
|
-
"content": "
|
|
1064
|
+
"content": "cf0e484c3408109e08bbffb39aa086a0aca4abc25755a9c552123932ac929732"
|
|
1065
1065
|
},
|
|
1066
1066
|
{
|
|
1067
1067
|
"alg": "SHA3-512",
|
|
1068
|
-
"content": "
|
|
1068
|
+
"content": "5dab01679ff6af54a6a0a4f99f7710c8ac1cc3a52c2f5c03276cfec864f9ff16dded4b038365542f21a23e0feb274bbdc15fd747ba75abdf4f662c3c415f7e93"
|
|
1069
1069
|
}
|
|
1070
1070
|
]
|
|
1071
1071
|
},
|
|
@@ -1091,11 +1091,11 @@
|
|
|
1091
1091
|
"hashes": [
|
|
1092
1092
|
{
|
|
1093
1093
|
"alg": "SHA-256",
|
|
1094
|
-
"content": "
|
|
1094
|
+
"content": "34fda7d5db51c9d2d7d876881718cea6c3708a6c1feac34e85d6c36b1095e77a"
|
|
1095
1095
|
},
|
|
1096
1096
|
{
|
|
1097
1097
|
"alg": "SHA3-512",
|
|
1098
|
-
"content": "
|
|
1098
|
+
"content": "fe4c34459bf018b82f1c852c7b70b0d4d1514f879db1c2b523e0bfde015b3c0acac446825b4b25b827e5d47139146eb1f99b39ba0dd921fe82c4c0542fab709b"
|
|
1099
1099
|
}
|
|
1100
1100
|
]
|
|
1101
1101
|
},
|
|
@@ -1316,11 +1316,11 @@
|
|
|
1316
1316
|
"hashes": [
|
|
1317
1317
|
{
|
|
1318
1318
|
"alg": "SHA-256",
|
|
1319
|
-
"content": "
|
|
1319
|
+
"content": "1c8816242c3d8457b5241f727af7dd34b7bd1e1e9b9494c8d09fe1931de19857"
|
|
1320
1320
|
},
|
|
1321
1321
|
{
|
|
1322
1322
|
"alg": "SHA3-512",
|
|
1323
|
-
"content": "
|
|
1323
|
+
"content": "01e84ca9d3b442b0c32075e5c6446b871abbb69e144c8413148074761274156706aaaac9ef8c5b78609db9f764a2d4d7cae9f10ac3502ee91dfee22da956d30c"
|
|
1324
1324
|
}
|
|
1325
1325
|
]
|
|
1326
1326
|
},
|
|
@@ -1751,11 +1751,11 @@
|
|
|
1751
1751
|
"hashes": [
|
|
1752
1752
|
{
|
|
1753
1753
|
"alg": "SHA-256",
|
|
1754
|
-
"content": "
|
|
1754
|
+
"content": "09e4b71506de2c73f64372d2e4359a24082402240ba86e3a34fcc6299c9e08e2"
|
|
1755
1755
|
},
|
|
1756
1756
|
{
|
|
1757
1757
|
"alg": "SHA3-512",
|
|
1758
|
-
"content": "
|
|
1758
|
+
"content": "748c105082a43ae8fa7a74c776764d2ba4306ae15989417968023bfb8a91198b0ffebbe8b4bfa0227b141f4f09ffa2dff4f772e700373712d5235aade63b6201"
|
|
1759
1759
|
}
|
|
1760
1760
|
]
|
|
1761
1761
|
},
|