@blamejs/exceptd-skills 0.16.25 → 0.16.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. package/AGENTS.md +5 -5
  2. package/ARCHITECTURE.md +3 -3
  3. package/CHANGELOG.md +14 -0
  4. package/CONTEXT.md +2 -2
  5. package/README.md +5 -5
  6. package/agents/threat-researcher.md +2 -2
  7. package/data/_indexes/_meta.json +39 -39
  8. package/data/_indexes/activity-feed.json +240 -240
  9. package/data/_indexes/catalog-summaries.json +3 -3
  10. package/data/_indexes/currency.json +64 -64
  11. package/data/_indexes/recipes.json +1 -1
  12. package/data/_indexes/section-offsets.json +510 -510
  13. package/data/_indexes/summary-cards.json +33 -33
  14. package/data/_indexes/token-budget.json +200 -200
  15. package/data/atlas-ttps.json +7 -7
  16. package/data/attack-techniques.json +5 -5
  17. package/data/framework-control-gaps.json +3 -3
  18. package/lib/auto-discovery.js +7 -9
  19. package/lib/cvss.js +108 -0
  20. package/lib/prefetch.js +97 -5
  21. package/lib/refresh-external.js +22 -11
  22. package/lib/schemas/manifest.schema.json +1 -1
  23. package/lib/schemas/skill-frontmatter.schema.json +1 -1
  24. package/lib/version-pins.js +3 -3
  25. package/manifest-snapshot.json +2 -2
  26. package/manifest-snapshot.sha256 +1 -1
  27. package/manifest.json +124 -124
  28. package/package.json +1 -1
  29. package/sbom.cdx.json +133 -118
  30. package/scripts/builders/catalog-summaries.js +1 -1
  31. package/scripts/builders/recipes.js +1 -1
  32. package/scripts/run-e2e-scenarios.js +48 -17
  33. package/skills/age-gates-child-safety/skill.md +3 -3
  34. package/skills/ai-attack-surface/skill.md +4 -4
  35. package/skills/ai-c2-detection/skill.md +5 -5
  36. package/skills/api-security/skill.md +2 -2
  37. package/skills/attack-surface-pentest/skill.md +4 -4
  38. package/skills/cloud-security/skill.md +3 -3
  39. package/skills/compliance-theater/skill.md +3 -3
  40. package/skills/container-runtime-security/skill.md +3 -3
  41. package/skills/coordinated-vuln-disclosure/skill.md +2 -2
  42. package/skills/defensive-countermeasure-mapping/skill.md +3 -3
  43. package/skills/dlp-gap-analysis/skill.md +5 -5
  44. package/skills/exploit-scoring/skill.md +2 -2
  45. package/skills/framework-gap-analysis/skill.md +4 -4
  46. package/skills/fuzz-testing-strategy/skill.md +2 -2
  47. package/skills/incident-response-playbook/skill.md +3 -3
  48. package/skills/mcp-agent-trust/skill.md +2 -2
  49. package/skills/mlops-security/skill.md +3 -3
  50. package/skills/ot-ics-security/skill.md +3 -3
  51. package/skills/policy-exception-gen/skill.md +3 -3
  52. package/skills/pqc-first/skill.md +2 -2
  53. package/skills/rag-pipeline-security/skill.md +4 -4
  54. package/skills/ransomware-response/skill.md +2 -2
  55. package/skills/sector-energy/skill.md +2 -2
  56. package/skills/sector-federal-government/skill.md +2 -2
  57. package/skills/sector-financial/skill.md +4 -4
  58. package/skills/sector-healthcare/skill.md +3 -3
  59. package/skills/security-maturity-tiers/skill.md +1 -1
  60. package/skills/skill-update-loop/skill.md +6 -6
  61. package/skills/supply-chain-integrity/skill.md +2 -2
  62. package/skills/threat-model-currency/skill.md +8 -8
  63. package/skills/threat-modeling-methodology/skill.md +2 -2
  64. package/skills/webapp-security/skill.md +2 -2
  65. package/skills/zeroday-gap-learn/skill.md +3 -3
  66. package/sources/validators/cve-validator.js +12 -13
package/manifest.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
2
  "name": "exceptd-security",
3
- "version": "0.16.25",
3
+ "version": "0.16.28",
4
4
  "description": "AI security skills grounded in mid-2026 threat reality, not stale framework documentation",
5
5
  "homepage": "https://exceptd.com",
6
6
  "license": "Apache-2.0",
7
- "atlas_version": "5.6.0",
8
- "atlas_version_date": "2026-05-08",
9
- "attack_version": "19.0",
10
- "attack_version_date": "2026-04-28",
7
+ "atlas_version": "2026.05",
8
+ "atlas_version_date": "2026-05-27",
9
+ "attack_version": "19.1",
10
+ "attack_version_date": "2026-05-12",
11
11
  "threat_review_date": "2026-05-15",
12
12
  "sources_dir": "sources/",
13
13
  "agents_dir": "agents/",
@@ -53,7 +53,7 @@
53
53
  ],
54
54
  "last_threat_review": "2026-05-15",
55
55
  "signature": "0H+JfyUVmo/pVFEi5rLENATHjlukPVUqnOWmNPEH77wm8svKGK0aNJ46k6QU5GdHb8c9X9pVJKiuhON6AxDjDw==",
56
- "signed_at": "2026-06-06T00:30:06.267Z",
56
+ "signed_at": "2026-06-10T16:36:56.066Z",
57
57
  "cwe_refs": [
58
58
  "CWE-125",
59
59
  "CWE-362",
@@ -78,7 +78,7 @@
78
78
  "name": "ai-attack-surface",
79
79
  "version": "1.0.0",
80
80
  "path": "skills/ai-attack-surface/skill.md",
81
- "description": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v5.6.0 with gap flags",
81
+ "description": "Comprehensive AI/ML attack surface assessment mapped to MITRE ATLAS v2026.05 with gap flags",
82
82
  "triggers": [
83
83
  "ai attack surface",
84
84
  "prompt injection",
@@ -121,9 +121,9 @@
121
121
  "OWASP-LLM-Top-10-2025-LLM02",
122
122
  "SOC2-CC6-logical-access"
123
123
  ],
124
- "last_threat_review": "2026-05-17",
125
- "signature": "PHwHEsoy7ctBYOtlAfAdCDVfsq2Bpk9+qESSF+5dVkDcez2zp2v9Ihsv2vqMEs3QxMndyQ+t7NVezyt5VamSCg==",
126
- "signed_at": "2026-06-06T00:30:06.268Z",
124
+ "last_threat_review": "2026-06-10",
125
+ "signature": "WfqxU2x/feWgatYrCeO9PD3dIY0FAfs4nkVdQRac4fg5BDQPG/vhzhvYVN6Mg11oITACghbPOtZXvS37sACsCA==",
126
+ "signed_at": "2026-06-10T16:36:56.068Z",
127
127
  "cwe_refs": [
128
128
  "CWE-1039",
129
129
  "CWE-1426",
@@ -194,9 +194,9 @@
194
194
  "RFC-9421",
195
195
  "RFC-9700"
196
196
  ],
197
- "last_threat_review": "2026-05-17",
198
- "signature": "dD4p7lcRtMyfITOncqLkpOeMy6x6gM0V7UlWHgLEdcxqODb1s75ar1cBtTqDWPbMv6ZAzVo2HJLDK1hVjjU2AQ==",
199
- "signed_at": "2026-06-06T00:30:06.269Z",
197
+ "last_threat_review": "2026-06-10",
198
+ "signature": "9bNOW4MzmUlFgkXH5tIZkq8YpzhMM+r8YVcNEM39kdEZwfRNG4Bj+Dgr7v4Qgp9D4q7hGNFpK0ywX+dPd3VWAg==",
199
+ "signed_at": "2026-06-10T16:36:56.068Z",
200
200
  "cwe_refs": [
201
201
  "CWE-22",
202
202
  "CWE-345",
@@ -246,9 +246,9 @@
246
246
  "atlas_refs": [],
247
247
  "attack_refs": [],
248
248
  "framework_gaps": [],
249
- "last_threat_review": "2026-05-22",
250
- "signature": "wsw8Mlr/gyw6S7Iaao9BVHdU5LFPWl8WVymW17Lkq9J1Mui0+fCrTg6UbrsaeE3s7EW3TVgzBuK+8EFd1+H5AA==",
251
- "signed_at": "2026-06-06T00:30:06.269Z"
249
+ "last_threat_review": "2026-06-10",
250
+ "signature": "5A08+nAu5jwNQ1+vGbFgFAJA/kYD3oiaevhCxT4/2FeW++F070Pm4MD1+oXdv8R2DbtYr+7yXnCGM7UbUPR2AA==",
251
+ "signed_at": "2026-06-10T16:36:56.069Z"
252
252
  },
253
253
  {
254
254
  "name": "compliance-theater",
@@ -277,9 +277,9 @@
277
277
  "FedRAMP-Rev5-Moderate",
278
278
  "CMMC-2.0-Level-2"
279
279
  ],
280
- "last_threat_review": "2026-05-22",
281
- "signature": "uVTc1QRKOKcIVDajBz+q2egjiEAyOQaDNsvVI2ghj5FD0VvquoUBBE5Naca2FkaZa790EHWCsVZ4hhdaSQs2DQ==",
282
- "signed_at": "2026-06-06T00:30:06.270Z"
280
+ "last_threat_review": "2026-06-10",
281
+ "signature": "RCgbI0sMNTKAscXUtrVU25u7OuE64uQvO5JKsB8vIJFWguvT6nZyD7euKuIxIzYhLTyHBiD7Rhp70btlK+JkCg==",
282
+ "signed_at": "2026-06-10T16:36:56.070Z"
283
283
  },
284
284
  {
285
285
  "name": "exploit-scoring",
@@ -306,9 +306,9 @@
306
306
  "CWE-Top-25-2024-meta",
307
307
  "CIS-Controls-v8-Control7"
308
308
  ],
309
- "last_threat_review": "2026-05-18",
310
- "signature": "Vne6mNYAubRMzF8Fz6CrU/hbvV+UzkGbpmWQrRSGlqNTGPHgzKOhDcZ2cqgRAI9AGz4IBE79dMaQrXqsnni9AQ==",
311
- "signed_at": "2026-06-06T00:30:06.270Z"
309
+ "last_threat_review": "2026-06-10",
310
+ "signature": "JJrs+B22/hYxvdYs+abmoire5PbQXPb2uVYyjInZ3UbT8gEjs/5SyfGKx7z86jbtvB3ItApQVAx1AuseIgdyAQ==",
311
+ "signed_at": "2026-06-10T16:36:56.070Z"
312
312
  },
313
313
  {
314
314
  "name": "rag-pipeline-security",
@@ -343,9 +343,9 @@
343
343
  "NIST-AI-RMF-MEASURE-2.5",
344
344
  "OWASP-LLM-Top-10-2025-LLM08"
345
345
  ],
346
- "last_threat_review": "2026-05-22",
347
- "signature": "5rw2i39SxY2WphBbDLEP28wufnbPPE9+PWt54hmaGdwHXr9RLiVt5liL/5xp14sehlVgFsfpR/bg9vy//xV0DA==",
348
- "signed_at": "2026-06-06T00:30:06.271Z",
346
+ "last_threat_review": "2026-06-10",
347
+ "signature": "Z6WbTqG98bQVRd6+kXDb6xIEe0ZryAeGxVSuKKxdK1PoZqew7NJcMsa6sJVSq+0r7KMsFwfTEdKorp6UDdhpCA==",
348
+ "signed_at": "2026-06-10T16:36:56.070Z",
349
349
  "cwe_refs": [
350
350
  "CWE-1395",
351
351
  "CWE-1426"
@@ -403,9 +403,9 @@
403
403
  "RFC-9114",
404
404
  "RFC-9000"
405
405
  ],
406
- "last_threat_review": "2026-05-17",
407
- "signature": "Vqu49nzntFWjn9A/QeJzm7q/2xk/cZJ6HFQKtiNi1zgcxzXKm+MlFdkaLgYHWj5/9HJohxyIDyBJQTvcJ20eDQ==",
408
- "signed_at": "2026-06-06T00:30:06.271Z",
406
+ "last_threat_review": "2026-06-10",
407
+ "signature": "DLKcrgon+MZrqmivlFLBH4vlzZbJSW1531RsYDm9/KdW2CgcUUHwNMSzAfU1mAsFwFkAHjy/a8e1FbS9msTvDA==",
408
+ "signed_at": "2026-06-10T16:36:56.071Z",
409
409
  "cwe_refs": [
410
410
  "CWE-918"
411
411
  ],
@@ -441,9 +441,9 @@
441
441
  "atlas_refs": [],
442
442
  "attack_refs": [],
443
443
  "framework_gaps": [],
444
- "last_threat_review": "2026-05-22",
445
- "signature": "W87VdyVdAxAdcRI6P/8StaV+MS8ZSPKM9HOCK9n/bBO6BM3ZSE3uImVoyJVpAXQlUpUGN+A3lCJZXv64LuxwDg==",
446
- "signed_at": "2026-06-06T00:30:06.271Z",
444
+ "last_threat_review": "2026-06-10",
445
+ "signature": "eWCOD+mR1c6B8vKDBot8y8UkQrKPCIEBHU3JRQET9xZnYGx8hrOyeRUElcKqCO5aG/2LISs9Atg1H+ehWDNbCw==",
446
+ "signed_at": "2026-06-10T16:36:56.071Z",
447
447
  "cwe_refs": [
448
448
  "CWE-1188"
449
449
  ],
@@ -475,9 +475,9 @@
475
475
  "atlas_refs": [],
476
476
  "attack_refs": [],
477
477
  "framework_gaps": [],
478
- "last_threat_review": "2026-05-18",
479
- "signature": "wdVX+edeNekpaIldqkhvtraV6DquLvIsKAjuZVwPQYn3l1vS99HXuFxmNsD7UeMlO3qgC6Dysfsto9EnuH0RBg==",
480
- "signed_at": "2026-06-06T00:30:06.272Z",
478
+ "last_threat_review": "2026-06-10",
479
+ "signature": "kZca725/+BFr1mpxL29+cGzjqsiYhChWScf7VjU6vCTBZrmCps6W9gYYjf4lVORXaM4DAg3UVBOXyhpTst0rAw==",
480
+ "signed_at": "2026-06-10T16:36:56.071Z",
481
481
  "forward_watch": [
482
482
  "New AI attack classes as ATLAS v6 publishes",
483
483
  "Post-quantum adversary capability timeline",
@@ -516,7 +516,7 @@
516
516
  "framework_gaps": [],
517
517
  "last_threat_review": "2026-05-01",
518
518
  "signature": "b5miTiY0cnxETd2btxorfZBdJKt/fLnQx20sGYUb9zEqGqtm0LMLpghkW68j4/9k48KNyuGMtNWiKTSnodUGBw==",
519
- "signed_at": "2026-06-06T00:30:06.272Z"
519
+ "signed_at": "2026-06-10T16:36:56.072Z"
520
520
  },
521
521
  {
522
522
  "name": "zeroday-gap-learn",
@@ -541,9 +541,9 @@
541
541
  "atlas_refs": [],
542
542
  "attack_refs": [],
543
543
  "framework_gaps": [],
544
- "last_threat_review": "2026-05-18",
545
- "signature": "xbkip0AQtWQKAu+O6r/gYECNjezS6O9k9xkkJsYbMlr+j8CdqH3p5/0l+GZmDidImRC/DL07GCnKrk9HRR/yDQ==",
546
- "signed_at": "2026-06-06T00:30:06.273Z",
544
+ "last_threat_review": "2026-06-10",
545
+ "signature": "NVBY4I5a+v2/nUeCYcy3LLVKk3Tg9gmz+sCKyvnf8t2fXMNSIGtoy+P8K4Gfos1rGzRRMaU01V7L4kh/IQ8UBQ==",
546
+ "signed_at": "2026-06-10T16:36:56.072Z",
547
547
  "forward_watch": [
548
548
  "New CISA KEV entries",
549
549
  "New ATLAS TTP additions in each ATLAS release",
@@ -605,9 +605,9 @@
605
605
  "HSM/TPM vendor PQC firmware support timelines",
606
606
  "New CRQC timeline estimates from academic cryptanalysis"
607
607
  ],
608
- "last_threat_review": "2026-05-22",
609
- "signature": "li2NnC1oeVIr22ComP5QbcQoh5xpWITuaKpza1s2SsUkH6kGnnt4wFfFAzaC1ORmH9x2cr8hN8kaNANG/eIMBQ==",
610
- "signed_at": "2026-06-06T00:30:06.273Z",
608
+ "last_threat_review": "2026-06-10",
609
+ "signature": "U54OxIjPT+W9yafjpeFgY7klXMltLYBuSCtu/AAlXxOIPehJrbf/vbGgnBn58nqOd7RjoKjmKz9WQs4DMqWcDw==",
610
+ "signed_at": "2026-06-10T16:36:56.072Z",
611
611
  "cwe_refs": [
612
612
  "CWE-327"
613
613
  ],
@@ -653,9 +653,9 @@
653
653
  "Framework publication updates (NIST SP updates, ISO amendments, NIS2 implementing acts)",
654
654
  "IETF RFC publications and draft status changes (datatracker.ietf.org, rfc-editor.org); run `npm run validate-rfcs` quarterly"
655
655
  ],
656
- "last_threat_review": "2026-05-22",
657
- "signature": "sZHlJ7ueHPdtzVbR+yXQ5+wKgNyjWsa1LKVg9aWTmg/Onl71DvEILMyJiLpPQjseT56Mnr1DMYJE8xOGlffBAw==",
658
- "signed_at": "2026-06-06T00:30:06.273Z"
656
+ "last_threat_review": "2026-06-10",
657
+ "signature": "QsJMwvnUJXHwoBPJ4BiUx3FO9giXfos/sMbx5tyO83AJ2JxdVskeC6g/WDfO+rVkWNXRgWi4h1eSYz6T8/tpAg==",
658
+ "signed_at": "2026-06-10T16:36:56.073Z"
659
659
  },
660
660
  {
661
661
  "name": "security-maturity-tiers",
@@ -691,8 +691,8 @@
691
691
  "PQC tooling maturity shifting overkill to practical"
692
692
  ],
693
693
  "last_threat_review": "2026-05-01",
694
- "signature": "3AwFnEJu6DukPPNep/3SnuPWEuV060fJEQIwThFm7ujmdbFk0/Ii0XwGv1dkvbbK7ymMdOQpp35l4aLONAucDA==",
695
- "signed_at": "2026-06-06T00:30:06.274Z",
694
+ "signature": "8KbLVVPI1QgYa+HAnEYvKf1cXnxQ3zsncqTGrAOrBP4rwUeZsxJm8KyFCwI0XytnZG35PZ830BFlG/okPW3sBQ==",
695
+ "signed_at": "2026-06-10T16:36:56.073Z",
696
696
  "cwe_refs": [
697
697
  "CWE-1188"
698
698
  ]
@@ -727,7 +727,7 @@
727
727
  "framework_gaps": [],
728
728
  "last_threat_review": "2026-05-11",
729
729
  "signature": "iJWevUBurLvt2v8X+Ch2eHmZkPWpKeAtIpxTIP4MwbUHyco3igDeBywJCyaR2vURYRx8LkzzIMM8DxQM4LAXBQ==",
730
- "signed_at": "2026-06-06T00:30:06.274Z"
730
+ "signed_at": "2026-06-10T16:36:56.073Z"
731
731
  },
732
732
  {
733
733
  "name": "attack-surface-pentest",
@@ -790,7 +790,7 @@
790
790
  "D3-EAL",
791
791
  "D3-NTA"
792
792
  ],
793
- "last_threat_review": "2026-05-11",
793
+ "last_threat_review": "2026-06-10",
794
794
  "forward_watch": [
795
795
  "NIST SP 800-115 successor publication (the 2008 original is the active gap)",
796
796
  "TIBER-EU scenario library refresh under DORA Year-2 supervisory cycle",
@@ -798,8 +798,8 @@
798
798
  "PTES revision incorporating AI-surface enumeration",
799
799
  "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — Microsoft Edge 4-bug sandbox escape by Orange Tsai (DEVCORE); forward-watch only (browser sandbox, out of current playbook scope); track Microsoft Edge security advisory and KEV add"
800
800
  ],
801
- "signature": "DDMzI+4En4aIkwBUCGW6nj1eEkCyLqHGn2LJ2rnwWfYatjPI1U5HrTZNAN/n9JqWtAzk8F3rmsKehaaz5iNWDA==",
802
- "signed_at": "2026-06-06T00:30:06.274Z"
801
+ "signature": "ZnFi+Rk4CWrjFEVU4hC6Q66UbDmndNL/ICLWQNA1TQYFGSTnng+nboM4tfi6h0yMbbDj7dOXYqqeHNK+M5ZiBA==",
802
+ "signed_at": "2026-06-10T16:36:56.074Z"
803
803
  },
804
804
  {
805
805
  "name": "fuzz-testing-strategy",
@@ -851,15 +851,15 @@
851
851
  "D3-IOPR",
852
852
  "D3-PSEP"
853
853
  ],
854
- "last_threat_review": "2026-05-11",
854
+ "last_threat_review": "2026-06-10",
855
855
  "forward_watch": [
856
856
  "NIST SP 800-218A (AI-specific SSDF practices) for any explicit fuzz requirement on model-serving stacks",
857
857
  "OpenSSF Scorecard \"fuzzing\" check threshold evolution",
858
858
  "syzkaller eBPF and io_uring surface expansion as new kernel attack surfaces ship",
859
859
  "OSS-Fuzz-Gen / AI-assisted harness generation becoming the default expectation for OSS maintainers"
860
860
  ],
861
- "signature": "dJB0iAstIUbyny+udl3OIkaLScEmqS97LNP73yQ8mxt+0bcqxZjpfXaWLzLuIQblGYvUvz75/H6rO2EJuGd4AQ==",
862
- "signed_at": "2026-06-06T00:30:06.275Z"
861
+ "signature": "45ICz7vcnmHYE1+RIDv8wQjScKj6p8hqJQ5m6I0tDdKVnGdMXCYIgZnYqFJgHBDXYAXlGx7D7UxhFz6WOCDqAQ==",
862
+ "signed_at": "2026-06-10T16:36:56.074Z"
863
863
  },
864
864
  {
865
865
  "name": "dlp-gap-analysis",
@@ -925,7 +925,7 @@
925
925
  "D3-NTA",
926
926
  "D3-NTPM"
927
927
  ],
928
- "last_threat_review": "2026-05-15",
928
+ "last_threat_review": "2026-06-10",
929
929
  "forward_watch": [
930
930
  "EU AI Office secondary legislation under EU AI Act Art 10 / Art 15 that may operationalise inference-time data-flow controls",
931
931
  "ISO/IEC 42001 amendments expected 2026-2027 likely to add prescriptive data-flow guidance for AI systems",
@@ -933,8 +933,8 @@
933
933
  "MCP gateway / proxy standardisation (Anthropic enterprise MCP gateway, Portkey MCP) — tool-call argument inspection is the missing primary control",
934
934
  "Quebec Law 25, India DPDPA, KSA PDPL enforcement actions naming AI-tool prompt data as in-scope personal information"
935
935
  ],
936
- "signature": "KEAoMji3VcPX/ZXXqVe6OStxSkTssfY9fIRPyPcDYqh50GzOFQ6koNOTBVAiWOvjDjQ38g12xun5srbqgmvRAw==",
937
- "signed_at": "2026-06-06T00:30:06.275Z"
936
+ "signature": "k6A7QcFEzgGXYWftt/elhQe7kU4F67c0ol3a8DZfj1XW4UrH99SLhPHr6ih3R3EYCl/Ey/zXt/x3a9fDT3RmAw==",
937
+ "signed_at": "2026-06-10T16:36:56.074Z"
938
938
  },
939
939
  {
940
940
  "name": "supply-chain-integrity",
@@ -1001,7 +1001,7 @@
1001
1001
  "D3-EAL",
1002
1002
  "D3-EHB"
1003
1003
  ],
1004
- "last_threat_review": "2026-05-15",
1004
+ "last_threat_review": "2026-06-10",
1005
1005
  "forward_watch": [
1006
1006
  "SLSA v1.1 (draft) — adds attestation chain requirements above L3 and a hardened-builder profile; track for re-baselining",
1007
1007
  "CSAF 2.1 finalization — VEX status vocabulary expansion and machine-readable advisory pivoting",
@@ -1012,8 +1012,8 @@
1012
1012
  "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Megatron Bridge overly permissive allowed list by Satoki Tsuji; AI training-stack supply-chain exposure; track patch and SBOM-attestation impact",
1013
1013
  "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Megatron Bridge path traversal by haehae; AI training-stack file-system trust boundary; track patch and SBOM-attestation impact"
1014
1014
  ],
1015
- "signature": "zuW8T0EMbVV83GsUP/W20Use2gBTicBW021T0sY7qsRY/U5qsPWkXYIWp3SdiKLTIKqTEd/0T7LQebjIs2QKCA==",
1016
- "signed_at": "2026-06-06T00:30:06.275Z"
1015
+ "signature": "5shKqNcLC8Obt0EdvKnck8OwWIuRMgZuuZd12pvWqJIltsYMyTrw2M+lgbQfqg3x2KO6qsJljGAhTew5jM58DQ==",
1016
+ "signed_at": "2026-06-10T16:36:56.075Z"
1017
1017
  },
1018
1018
  {
1019
1019
  "name": "defensive-countermeasure-mapping",
@@ -1068,9 +1068,9 @@
1068
1068
  "D3-RPA",
1069
1069
  "D3-SCP"
1070
1070
  ],
1071
- "last_threat_review": "2026-05-11",
1072
- "signature": "Qe0Hg9BrX3Zm5pj0n2z/oiHbAXWdA2Dq461zc4izkkUjEX2CZ02rODjCI2ELbrVOU3GC7edxqAxA+5U/ObnHDQ==",
1073
- "signed_at": "2026-06-06T00:30:06.276Z"
1071
+ "last_threat_review": "2026-06-10",
1072
+ "signature": "lfa5Wgep26mK3o2ZSe5qN2vVxg+xRRURRpmnqP4JdQvvecW3T2+PxHqjT48DegXJHRXJ6DPzyIElFc7no86TAg==",
1073
+ "signed_at": "2026-06-10T16:36:56.075Z"
1074
1074
  },
1075
1075
  {
1076
1076
  "name": "identity-assurance",
@@ -1137,7 +1137,7 @@
1137
1137
  "d3fend_refs": [],
1138
1138
  "last_threat_review": "2026-05-11",
1139
1139
  "signature": "UV3458QXSkEpenzrOmdlTTfPHUD4hNyKMDHoeZDq/kiFb4mAG0ghQGTTgI9Ru8cJbSmYM1++m9N5TFIJ6JJPBg==",
1140
- "signed_at": "2026-06-06T00:30:06.276Z"
1140
+ "signed_at": "2026-06-10T16:36:56.075Z"
1141
1141
  },
1142
1142
  {
1143
1143
  "name": "ot-ics-security",
@@ -1191,9 +1191,9 @@
1191
1191
  "CWE-1037"
1192
1192
  ],
1193
1193
  "d3fend_refs": [],
1194
- "last_threat_review": "2026-05-11",
1195
- "signature": "kIVzsPsJ72PzzWQwTuvjoHHoVEDCday5I52M9ohjB3/Ak+zlA8oyWLO/BKb/XuYY4fOApjfxTErSWv5uHQ2zDw==",
1196
- "signed_at": "2026-06-06T00:30:06.276Z"
1194
+ "last_threat_review": "2026-06-10",
1195
+ "signature": "afJ00EDXgARQJrbRqN6xe1+E/kbHF7O2fxQFVvrLLXdrKfK86RK/oJU1AwpxX6mclX9f+5ivy6FvFIuRMA4dBQ==",
1196
+ "signed_at": "2026-06-10T16:36:56.076Z"
1197
1197
  },
1198
1198
  {
1199
1199
  "name": "coordinated-vuln-disclosure",
@@ -1235,7 +1235,7 @@
1235
1235
  "CWE-1357"
1236
1236
  ],
1237
1237
  "d3fend_refs": [],
1238
- "last_threat_review": "2026-05-11",
1238
+ "last_threat_review": "2026-06-10",
1239
1239
  "forward_watch": [
1240
1240
  "EU CRA Art. 11 implementing regulations and ENISA single-reporting-platform rollout (target operational 2026-09; first manufacturer notifications due 2027-12 per CRA transition timeline)",
1241
1241
  "ISO/IEC 29147 and ISO/IEC 30111 revisions expected post-CRA to align \"method-neutral\" language with EU 24h-notification reality",
@@ -1244,8 +1244,8 @@
1244
1244
  "UK NCSC Vulnerability Disclosure Toolkit revisions and AU ISM CVD guidance updates",
1245
1245
  "NYDFS 23 NYCRR 500 amendments potentially adding explicit CVD program requirements"
1246
1246
  ],
1247
- "signature": "bWr27Q1uN9xCe1ib4QulszBa7YIDNkGqo72k5nm2cK98LyPblicD+sO9MnGckAyB22BTN/cIB+FwFMcI5IxvBw==",
1248
- "signed_at": "2026-06-06T00:30:06.277Z"
1247
+ "signature": "VzivMW82mRrG9+07ZX8sj4j9O9YjE/m07m1UHgSwEgex+FLaVPvIj3y1Vk6qeFOvDURmtVaztWlpSlk7iSn0DA==",
1248
+ "signed_at": "2026-06-10T16:36:56.076Z"
1249
1249
  },
1250
1250
  {
1251
1251
  "name": "threat-modeling-methodology",
@@ -1285,7 +1285,7 @@
1285
1285
  "rfc_refs": [],
1286
1286
  "cwe_refs": [],
1287
1287
  "d3fend_refs": [],
1288
- "last_threat_review": "2026-05-11",
1288
+ "last_threat_review": "2026-06-10",
1289
1289
  "forward_watch": [
1290
1290
  "ISO/IEC 27005 revision integrating AI-system threats",
1291
1291
  "OWASP Threat Modeling Manifesto v2 (post-2020)",
@@ -1294,8 +1294,8 @@
1294
1294
  "LINDDUN-GO and LINDDUN-PRO updates incorporating LLM privacy threats",
1295
1295
  "PASTA v2 updates incorporating AI/ML application threats"
1296
1296
  ],
1297
- "signature": "Q854yzLqXdOazc6EyQbZzgAlivuq2vGFDVUCrxSldSvx/HX/ZM/uzmJyP7aBG7ZsMHxj6Lmj/H82YQoo1e+NCQ==",
1298
- "signed_at": "2026-06-06T00:30:06.277Z"
1297
+ "signature": "Fk5LzzeS/bH5SQJNySgZqSdeQf1udwdRs3FVLwig5kuqyyKkuIJcF4HW+xHF/1e66HR+gjgRUoqWZGsv58lLAg==",
1298
+ "signed_at": "2026-06-10T16:36:56.076Z"
1299
1299
  },
1300
1300
  {
1301
1301
  "name": "webapp-security",
@@ -1367,9 +1367,9 @@
1367
1367
  "CWE-1188"
1368
1368
  ],
1369
1369
  "d3fend_refs": [],
1370
- "last_threat_review": "2026-05-11",
1371
- "signature": "4ccahkJpGJZtwD7EBpnGcN0sEGPMEw8eqV+tvePVS04YAkLgYVWtlkasI/8n0be9xB+77x+Sjj3kIi2j2Lf9CA==",
1372
- "signed_at": "2026-06-06T00:30:06.277Z",
1370
+ "last_threat_review": "2026-06-10",
1371
+ "signature": "1skHJsPPOIXLQdU5MGHirP/Q07aCYTirtDmfWDO7ZNuto58NlCttW5ZjCpyh37vASlMljIZx0/R+PIl2PfwTBw==",
1372
+ "signed_at": "2026-06-10T16:36:56.076Z",
1373
1373
  "forward_watch": [
1374
1374
  "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; AI-assisted discovery angle; track for active-exploitation confirmation and patch advisory affecting front-door web app deployments"
1375
1375
  ]
@@ -1422,7 +1422,7 @@
1422
1422
  "d3fend_refs": [],
1423
1423
  "last_threat_review": "2026-05-15",
1424
1424
  "signature": "SBB7c3wNYfIdkyOp4g4nW0WP7xS+YokMzg32aaeJdbf14LTGQRzQUvSqb2TCj2HFUSHESOyKT1JpkAfyHLSQBQ==",
1425
- "signed_at": "2026-06-06T00:30:06.278Z"
1425
+ "signed_at": "2026-06-10T16:36:56.077Z"
1426
1426
  },
1427
1427
  {
1428
1428
  "name": "sector-healthcare",
@@ -1480,9 +1480,9 @@
1480
1480
  "CWE-1426"
1481
1481
  ],
1482
1482
  "d3fend_refs": [],
1483
- "last_threat_review": "2026-05-11",
1484
- "signature": "U04GNLyRas1VmfEsB8khH4iqFZPwx96sPY0Kw9iVsSPU+KTeEFqwgtWK1X1pzgb+T16Pc7HSrCaXDOpTFvQEDw==",
1485
- "signed_at": "2026-06-06T00:30:06.278Z"
1483
+ "last_threat_review": "2026-06-10",
1484
+ "signature": "yyAGG3nUC6/XWQGRF2ufzILfiJitMFczqWNY83lZShCgYSxfFCul0UsICClOc7Xjw76052uydm8kLH9gIzhsAg==",
1485
+ "signed_at": "2026-06-10T16:36:56.077Z"
1486
1486
  },
1487
1487
  {
1488
1488
  "name": "sector-financial",
@@ -1547,7 +1547,7 @@
1547
1547
  "CWE-352"
1548
1548
  ],
1549
1549
  "d3fend_refs": [],
1550
- "last_threat_review": "2026-05-15",
1550
+ "last_threat_review": "2026-06-10",
1551
1551
  "forward_watch": [
1552
1552
  "PSD3 + PSR (Payment Services Regulation) trilogue and final adoption (expected 2026-2027); track agent-initiated payment treatment in final text",
1553
1553
  "DORA Art. 26 TLPT first full cycle completion mid-2027; ESAs publishing aggregate findings under JC 2024/40 RTS",
@@ -1562,8 +1562,8 @@
1562
1562
  "OSFI B-13 (Technology and Cyber Risk Management) post-2024 examination findings",
1563
1563
  "TIBER-EU framework v2.0 alignment with DORA TLPT RTS (JC 2024/40); cross-recognition with CBEST and iCAST"
1564
1564
  ],
1565
- "signature": "xbylLqNPBuEsFE/MNVeGy/01K6yiJXMxQbzC1F4RWU5aseDGbNy5HrAv2JWI2+Aft05ozreNPjccvu66yJ5EBw==",
1566
- "signed_at": "2026-06-06T00:30:06.279Z"
1565
+ "signature": "/+df91Qhl1TIxEAqzgqB7+YJ6mneX6Dif+h6RaCbxOLGE6KRTFst1Q/Fu5SStt8Zx5JI62bkQ2BBrNOKfUlPBg==",
1566
+ "signed_at": "2026-06-10T16:36:56.078Z"
1567
1567
  },
1568
1568
  {
1569
1569
  "name": "sector-federal-government",
@@ -1618,7 +1618,7 @@
1618
1618
  "CWE-829"
1619
1619
  ],
1620
1620
  "d3fend_refs": [],
1621
- "last_threat_review": "2026-05-11",
1621
+ "last_threat_review": "2026-06-10",
1622
1622
  "forward_watch": [
1623
1623
  "CMMC 2.0 phased rollout milestones through 2028 — Phase 1 (self-assessment) effective Dec 2024, Phase 2 (C3PAO assessments) ramping in 2025-2026, Phase 3 (DIBCAC-level assessments) and Phase 4 (full enforcement in all contracts) push into 2028",
1624
1624
  "NIST SP 800-171 Rev 3 (May 2024) replacing Rev 2 in contracts — three-year transition; track which DoD / civilian agency contracts have crossed the Rev 3 boundary",
@@ -1631,8 +1631,8 @@
1631
1631
  "EU Cybersecurity Certification Scheme on Common Criteria (EUCC) operational — first certificates issued 2024; high-assurance level for government use cases ramping",
1632
1632
  "Australia PSPF 2024 revision and ISM quarterly updates — track for Essential Eight Maturity Level requirements for federal entities"
1633
1633
  ],
1634
- "signature": "C9c3JuBhUbwcb7uZpDdy+PNT8sYmYIxzD4uRHu421ePW1aSFJ8fkMvuTzSO8vD/F/jOOg5opM4kov/xSAn+qCg==",
1635
- "signed_at": "2026-06-06T00:30:06.279Z"
1634
+ "signature": "k6MAPS8HJivu0DNwC1azPvyKeig2xLGz/hcqYd8T+s5GvIypPGfkeYRRKmdqMgHUe24f7bQeRZ7AxcQ9Bi6SCg==",
1635
+ "signed_at": "2026-06-10T16:36:56.078Z"
1636
1636
  },
1637
1637
  {
1638
1638
  "name": "sector-energy",
@@ -1685,7 +1685,7 @@
1685
1685
  "CWE-1037"
1686
1686
  ],
1687
1687
  "d3fend_refs": [],
1688
- "last_threat_review": "2026-05-11",
1688
+ "last_threat_review": "2026-06-10",
1689
1689
  "forward_watch": [
1690
1690
  "NERC CIP v7 final FERC order (anticipated 2026–2027) — additions for low-impact BES Cyber Systems, supply chain, and INSM (internal network security monitoring)",
1691
1691
  "CISA + EPA joint guidance evolution for water/wastewater following the 2023 Unitronics campaign and the 2024 EPA enforcement memorandum",
@@ -1696,8 +1696,8 @@
1696
1696
  "MadIoT-class research on consumer-IoT-driven grid frequency manipulation moving from proof-of-concept to attributed campaigns",
1697
1697
  "ICS-CERT advisory feed (https://www.cisa.gov/news-events/cybersecurity-advisories/ics-advisories) for vendor CVEs in Siemens, Rockwell, Schneider Electric, ABB, GE Vernova, Hitachi Energy, AVEVA / OSIsoft PI"
1698
1698
  ],
1699
- "signature": "oz8Q5WVaY8au4IjbaZahx/DSaC00Q44ylSL3mDkTerCEpW/EyPUeiLeGxSrWxBCwVFEKSSJvnhJjhvX5lDPcCg==",
1700
- "signed_at": "2026-06-06T00:30:06.280Z"
1699
+ "signature": "IYKXn009jfhpKdQKiGB4xb7VgxsJXa6PZawoguP42khU6S/TTemp/YsK1YQCUyabE+2biElL/PP1Hi8zCkSSBw==",
1700
+ "signed_at": "2026-06-10T16:36:56.078Z"
1701
1701
  },
1702
1702
  {
1703
1703
  "name": "sector-telecom",
@@ -1783,7 +1783,7 @@
1783
1783
  "O-RAN SFG / WG11 security specifications"
1784
1784
  ],
1785
1785
  "signature": "NAtyzfLPXlUuB78Snb9nWmbZalC1CNlIYN9rYhdEmtB/xQGC6vVnThgrEAHlm7v/jMCFuknvEpUHKdscUnUADw==",
1786
- "signed_at": "2026-06-06T00:30:06.280Z"
1786
+ "signed_at": "2026-06-10T16:36:56.079Z"
1787
1787
  },
1788
1788
  {
1789
1789
  "name": "api-security",
@@ -1850,9 +1850,9 @@
1850
1850
  "CWE-1188"
1851
1851
  ],
1852
1852
  "d3fend_refs": [],
1853
- "last_threat_review": "2026-05-18",
1854
- "signature": "1UTjZNC5Lyrgw93LAizdXVeSmv3jS8YQNT1db5OKsldub50+o1FXmAH4+3MxZozaOGDCX3yXbdDJSJaaSmfuAA==",
1855
- "signed_at": "2026-06-06T00:30:06.280Z",
1853
+ "last_threat_review": "2026-06-10",
1854
+ "signature": "HUjhPGpZeZeVi1nzBIsEAYh18x5ltlIXnt1yQ5YKz+jC2Dvxw7vV/Clx1/1gDBLAuBvRW9wcNtDr4c0RxhfGDQ==",
1855
+ "signed_at": "2026-06-10T16:36:56.079Z",
1856
1856
  "forward_watch": [
1857
1857
  "NGINX Rift CVE-2026-42945 (disclosed 2026-05-13, source depthfirst) — KEV-watch predicted CISA KEV listing by 2026-05-29; track for active-exploitation confirmation and patch advisory affecting API gateway / reverse-proxy deployments",
1858
1858
  "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — LiteLLM 3-bug SSRF + Code Injection chain by k3vg3n; LLM-proxy API surface; track upstream patch and CVE assignments",
@@ -1920,7 +1920,7 @@
1920
1920
  "CWE-798"
1921
1921
  ],
1922
1922
  "d3fend_refs": [],
1923
- "last_threat_review": "2026-05-11",
1923
+ "last_threat_review": "2026-06-10",
1924
1924
  "forward_watch": [
1925
1925
  "CSA CCM v5 (in development) for AI-workload-aware control objectives and shared-responsibility refinement on managed AI services (Bedrock, Azure OpenAI, Vertex)",
1926
1926
  "FedRAMP 20x continuous authorization transition through 2026 — machine-readable OSCAL controls, automated significant-change review, impact on commercial CSP authorizations",
@@ -1937,8 +1937,8 @@
1937
1937
  "eBPF-based runtime detection coverage of confidential-computing enclaves (AWS Nitro Enclaves, Azure Confidential VMs, GCP Confidential Space) — partial visibility is a tracked detection gap",
1938
1938
  "CISA KEV additions for cloud-control-plane CVEs (IMDSv1 abuses, federation token mishandling, cross-tenant boundary failures); CISA Cybersecurity Advisories for cross-cloud advisories"
1939
1939
  ],
1940
- "signature": "EdsY4xe7YA8X8m+KZUbq49JwoCXgRKEz2eg3m86O37rvBmpm8ppvl9hrsekygvpBh2VmCHL2dEYiOD8OM2n7CA==",
1941
- "signed_at": "2026-06-06T00:30:06.281Z"
1940
+ "signature": "xa1kr/92/0fBds7LVtRy9aCM2tQRWAfNSFoC6ygbOU7QjamUo8Wt2h2n9W+nZT34STN3woYhXqtfmm8NSjXdBQ==",
1941
+ "signed_at": "2026-06-10T16:36:56.079Z"
1942
1942
  },
1943
1943
  {
1944
1944
  "name": "container-runtime-security",
@@ -1998,9 +1998,9 @@
1998
1998
  "CWE-1395"
1999
1999
  ],
2000
2000
  "d3fend_refs": [],
2001
- "last_threat_review": "2026-05-15",
2002
- "signature": "fnLKPLkjjRCJ/F9wdmZ1w1lXmqEJvTYkv6Uu+9OTd5vZTWKz3QMuxKOsas+ctCdOvTaeloqPUUprXx+ZZdDpCg==",
2003
- "signed_at": "2026-06-06T00:30:06.281Z",
2001
+ "last_threat_review": "2026-06-10",
2002
+ "signature": "60hyXAiYfY9lI+EpHG3iFFxa+oF5n71c0tTMa6iXFLNjBJKPevTsdNgQlQsBEnmRJ+dWtOjb/GNBW1KiBx4XAQ==",
2003
+ "signed_at": "2026-06-10T16:36:56.080Z",
2004
2004
  "forward_watch": [
2005
2005
  "Pwn2Own Berlin 2026 (disclosed 2026-05-14, embargo ends 2026-08-12) — NVIDIA Container Toolkit container escape ($50K award) by chompie / IBM X-Force XOR; high-severity container/hypervisor boundary break; track patch and KEV add post-embargo"
2006
2006
  ]
@@ -2064,17 +2064,17 @@
2064
2064
  "CWE-502"
2065
2065
  ],
2066
2066
  "d3fend_refs": [],
2067
- "last_threat_review": "2026-05-22",
2067
+ "last_threat_review": "2026-06-10",
2068
2068
  "forward_watch": [
2069
2069
  "CycloneDX 1.7 ML-BOM enrichment — training-data lineage fields and model-card embedding stabilize; re-baseline ML-BOM coverage when published",
2070
2070
  "SPDX 3.1 AI / Dataset profile maturation — dataset provenance schema firms up; re-audit training-data lineage attestations",
2071
2071
  "OpenSSF model-signing emergence to v1.0 — Sigstore-based model-weight signing; track for production adoption and admission-control integration",
2072
2072
  "SLSA v1.1 ML profile (draft) — model-provenance extension for training-run attestation chains; track ID and section changes",
2073
2073
  "EU AI Act high-risk technical-file implementing acts (2026-2027) — operational requirements for Article 10 / 13 / 15 documentation may pin ML-BOM or model-signing",
2074
- "MITRE ATLAS v5.6.0 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
2074
+ "MITRE ATLAS v2026.05 (released May 2026) shipped the AML.T0010 sub-technique expansion this forecast tracked plus new techniques (\"Publish Poisoned AI Agent Tool\", \"Escape to Host\"); inventory now 16 tactics, 84 techniques, 56 sub-techniques. Forward watch: subsequent ATLAS minor and major releases — track next-cadence updates to agentic-AI TTPs and MLOps-pipeline-specific techniques"
2075
2075
  ],
2076
- "signature": "t3dkdpTX04zvjitEeOJThpgjurLd1UO9GOut4LXSZgY3ULhfknI4zT7G5+m2RSZZTo7yyeZrwpg+7vEg9K6mAw==",
2077
- "signed_at": "2026-06-06T00:30:06.281Z"
2076
+ "signature": "IEECw5lO6ZdpkE/j7Hv6/3Jg2vj9fpXlozY+h85Hrn9QYOJuI0gfBjHoBEchJ2GUTmPwUKoiBoI72PBAQw9RCQ==",
2077
+ "signed_at": "2026-06-10T16:36:56.080Z"
2078
2078
  },
2079
2079
  {
2080
2080
  "name": "incident-response-playbook",
@@ -2124,7 +2124,7 @@
2124
2124
  "rfc_refs": [],
2125
2125
  "cwe_refs": [],
2126
2126
  "d3fend_refs": [],
2127
- "last_threat_review": "2026-05-22",
2127
+ "last_threat_review": "2026-06-10",
2128
2128
  "forward_watch": [
2129
2129
  "NIST 800-61r3 minor revisions (expected 2026-2027) aligning incident-handling language with the in-force EU CRA Art. 11 24h clock and EU AI Act Art. 73 serious-incident reporting",
2130
2130
  "ISO/IEC 27035-3:2026 (technical incident response operations) — final publication expected Q3 2026, expected to formalize AI-class incident sub-types currently absent from 27035-1/-2",
@@ -2135,8 +2135,8 @@
2135
2135
  "IL INCD Incident Response Process v4 (slated for 2026-2027) consolidating AI-incident sub-class",
2136
2136
  "NYDFS 23 NYCRR 500.17 amendments tightening ransom-payment 24h disclosure operationalization"
2137
2137
  ],
2138
- "signature": "+1kmtA6rAvIyDjjy+cJHK6BcfylyVsa5cUjRFijlFR9GsQfB93JnmkEJOqML50pdlcxtJI3yUodHpL3/YJGtCA==",
2139
- "signed_at": "2026-06-06T00:30:06.282Z"
2138
+ "signature": "pN1Qa5NRyNJ6h0pmbbqpy3xWdkMANDMUbBst5SKR5fmmqMFopmyrzwIGagiiNgqxjjCunj9J9Wbzs1sL48sMCQ==",
2139
+ "signed_at": "2026-06-10T16:36:56.080Z"
2140
2140
  },
2141
2141
  {
2142
2142
  "name": "ransomware-response",
@@ -2214,9 +2214,9 @@
2214
2214
  "No More Ransom Project decryptor releases — affiliate-takedown decryptor drops (Operation Cronos LockBit decryptor, BlackCat post-exit-scam decryptors)",
2215
2215
  "SCOTUS or circuit-court rulings on ransomware payment, sanctions liability, and insurance-policy enforcement"
2216
2216
  ],
2217
- "last_threat_review": "2026-05-22",
2218
- "signature": "h48ASCz63aBfHzLKxMVDADMuT4atriK0iE6bJeVzZTsx/e8+hyv4fLP7+zYxT9Oe0Gss3v/Xy+t+Wd9uwzV+Aw==",
2219
- "signed_at": "2026-06-06T00:30:06.282Z"
2217
+ "last_threat_review": "2026-06-10",
2218
+ "signature": "sXPA1lvWvZpf5sHxZXRkO0Kcs6gnXiYq0mWA53y1HeBwQGJ+viSPMt5IMobkjd5qLFYchg0CpW/nBUIvUE6/DA==",
2219
+ "signed_at": "2026-06-10T16:36:56.081Z"
2220
2220
  },
2221
2221
  {
2222
2222
  "name": "email-security-anti-phishing",
@@ -2269,7 +2269,7 @@
2269
2269
  "d3fend_refs": [],
2270
2270
  "last_threat_review": "2026-05-18",
2271
2271
  "signature": "FVBn4ex2qPIo9SHMVJ6tntoz4tVwjbIq3m6wDjjZyv2JODlS+90GBYCOkNamxxkmw/6de6SMs0YHQiF/xjo/DQ==",
2272
- "signed_at": "2026-06-06T00:30:06.283Z"
2272
+ "signed_at": "2026-06-10T16:36:56.081Z"
2273
2273
  },
2274
2274
  {
2275
2275
  "name": "age-gates-child-safety",
@@ -2323,7 +2323,7 @@
2323
2323
  "CWE-862"
2324
2324
  ],
2325
2325
  "d3fend_refs": [],
2326
- "last_threat_review": "2026-05-11",
2326
+ "last_threat_review": "2026-06-10",
2327
2327
  "forward_watch": [
2328
2328
  "KOSA (Kids Online Safety Act) federal enactment status — reintroduced 2024-2025 with bipartisan support; if enacted, duty-of-care + safest-defaults + age-appropriate-design obligations become US federal floor",
2329
2329
  "Ofcom UK Online Safety Act child-safety codes — illegal-content codes live July 2025; child-safety codes phasing through 2026 with iterative enforcement guidance",
@@ -2336,8 +2336,8 @@
2336
2336
  "France SREN (Securing and Regulating the Digital Space) Act 2024 — ARCOM age-verification referential for adult content services; double-anonymity model under deployment",
2337
2337
  "US state adult-site age-verification laws — 19+ states by mid-2026 (TX HB 18 upheld by SCOTUS June 2025 in Free Speech Coalition v. Paxton); track ongoing challenges in remaining states"
2338
2338
  ],
2339
- "signature": "ZHVdGWCcfG98tSVB0b9mwrsYwv71V3uUEl+6ss7omSQhmNvqV5s6MAZM5YladBt9MK/8T/zBrTYN4gAonOP+BQ==",
2340
- "signed_at": "2026-06-06T00:30:06.283Z"
2339
+ "signature": "7Wdii9uwYmDrzQohoWRWDa5A4aDRKOmdLPq5Jsql86O0Gm7pQANnj9tX+cHpQcQ/Ui8VLuNVP8UFdKxxHeDnBg==",
2340
+ "signed_at": "2026-06-10T16:36:56.081Z"
2341
2341
  },
2342
2342
  {
2343
2343
  "name": "cloud-iam-incident",
@@ -2417,7 +2417,7 @@
2417
2417
  ],
2418
2418
  "last_threat_review": "2026-05-15",
2419
2419
  "signature": "r9ii4nb3HJELdtKCGF5qy9PHOiot3GC24yfxfGAKlLENHkdRvRkvvL99eV/6RXyfUaMyrnc2Te8tPQcNu5bsDg==",
2420
- "signed_at": "2026-06-06T00:30:06.284Z",
2420
+ "signed_at": "2026-06-10T16:36:56.082Z",
2421
2421
  "forward_watch": [
2422
2422
  "AWS IAM Identity Center session-policy refresh and step-up-on-admin enforcement (anticipated 2026-H2 release)",
2423
2423
  "GCP Workload Identity Federation principal-set attribute mapping tightening (post-2026 Q3 Federation hardening guide)",
@@ -2511,7 +2511,7 @@
2511
2511
  ],
2512
2512
  "last_threat_review": "2026-05-15",
2513
2513
  "signature": "9mfDtMApMAg9V/lmwpniNxo/6gNZoOEoYDfyFvyWvKrPMtc7H9F8uz06FVoARe/J49saAKTVXOurNE1D/KtpCQ==",
2514
- "signed_at": "2026-06-06T00:30:06.284Z",
2514
+ "signed_at": "2026-06-10T16:36:56.082Z",
2515
2515
  "forward_watch": [
2516
2516
  "Entra ID conditional access evolution post-Midnight Blizzard — Microsoft's 2025-2026 commitments on legacy-tenant MFA enforcement and OAuth-app consent gating",
2517
2517
  "Okta IPSIE (Interoperability Profile for Secure Identity in the Enterprise) OpenID Foundation working-group output and adoption timeline",
@@ -2583,7 +2583,7 @@
2583
2583
  "d3fend_refs": [],
2584
2584
  "last_threat_review": "2026-06-02",
2585
2585
  "signature": "dOFgANMtHm64uSFRjMfeA0fWZS9ISwMTt59I2CbjaF1PgTtbtb8yg/f+3pC4eXcXIET0KPGxRRmENycfIz3rAw==",
2586
- "signed_at": "2026-06-06T00:30:06.284Z"
2586
+ "signed_at": "2026-06-10T16:36:56.082Z"
2587
2587
  },
2588
2588
  {
2589
2589
  "name": "mail-server-hardening",
@@ -2642,7 +2642,7 @@
2642
2642
  "d3fend_refs": [],
2643
2643
  "last_threat_review": "2026-06-02",
2644
2644
  "signature": "5x8RGzKo/T2IbYnFkYMZs16ThD9a5FEdrKHsnwvtMuGxdyyfZsKNIJVWw2I8O0um0UOXwwkl17Z3zhch26ymCQ==",
2645
- "signed_at": "2026-06-06T00:30:06.284Z"
2645
+ "signed_at": "2026-06-10T16:36:56.082Z"
2646
2646
  },
2647
2647
  {
2648
2648
  "name": "network-trust",
@@ -2698,7 +2698,7 @@
2698
2698
  "d3fend_refs": [],
2699
2699
  "last_threat_review": "2026-06-02",
2700
2700
  "signature": "C/RdmnGjXKreKiGkwJfUESIxUwQzisGJ9A7KBdE9cBRBHBYHkAcScV89L+Z3kOG032Qax6LeIQai7Lr3nrQBCA==",
2701
- "signed_at": "2026-06-06T00:30:06.285Z"
2701
+ "signed_at": "2026-06-10T16:36:56.082Z"
2702
2702
  },
2703
2703
  {
2704
2704
  "name": "audit-log-integrity",
@@ -2753,7 +2753,7 @@
2753
2753
  "d3fend_refs": [],
2754
2754
  "last_threat_review": "2026-06-02",
2755
2755
  "signature": "LvUAq+rXCA8PgNy9lTKOmFqa8T9EJg4JEH0axXvEAf9MIHqbR51ergUkFMLaTuvFuApwsPu0r1C30QgScZbiAw==",
2756
- "signed_at": "2026-06-06T00:30:06.285Z"
2756
+ "signed_at": "2026-06-10T16:36:56.083Z"
2757
2757
  },
2758
2758
  {
2759
2759
  "name": "self-update-integrity",
@@ -2807,7 +2807,7 @@
2807
2807
  "d3fend_refs": [],
2808
2808
  "last_threat_review": "2026-06-02",
2809
2809
  "signature": "BOQZ8G9LdyG/tfpz6rCU4THz5Dq2HGJkUV7uCqSTCMrqnXH6seNXKM41FWawYo0s2VUlXtRgaO7ETp5qgxw+CQ==",
2810
- "signed_at": "2026-06-06T00:30:06.285Z"
2810
+ "signed_at": "2026-06-10T16:36:56.083Z"
2811
2811
  },
2812
2812
  {
2813
2813
  "name": "multitenancy-isolation",
@@ -2865,7 +2865,7 @@
2865
2865
  "d3fend_refs": [],
2866
2866
  "last_threat_review": "2026-06-02",
2867
2867
  "signature": "bncN0VE4ns0lxtPe48xDR33lerw54BPVkSwX7XlrLQcMHTrV94lmjO8z4ZP4Ko61n+KpuP2SNU8v9JT0bGMmAA==",
2868
- "signed_at": "2026-06-06T00:30:06.285Z"
2868
+ "signed_at": "2026-06-10T16:36:56.083Z"
2869
2869
  },
2870
2870
  {
2871
2871
  "name": "decompression-dos",
@@ -2923,7 +2923,7 @@
2923
2923
  "d3fend_refs": [],
2924
2924
  "last_threat_review": "2026-06-02",
2925
2925
  "signature": "03i0ZO5ScHIOjGvDKUEsws6m+20fnlJrEhSBtMU7PJzQutrPpmW9gULE0wbayTD5H9URh5nSKZuuVjvjVhZNCg==",
2926
- "signed_at": "2026-06-06T00:30:06.285Z"
2926
+ "signed_at": "2026-06-10T16:36:56.083Z"
2927
2927
  },
2928
2928
  {
2929
2929
  "name": "log-injection-telemetry",
@@ -2978,7 +2978,7 @@
2978
2978
  "d3fend_refs": [],
2979
2979
  "last_threat_review": "2026-06-02",
2980
2980
  "signature": "twTmA2l+Am2k2PCzB2DNxDQwoYlGopJp/3QgQwBsP7h2LF+uNudisqfuOVV/bYnWfrUhuYZUWbsR3mhzbJCUBw==",
2981
- "signed_at": "2026-06-06T00:30:06.286Z"
2981
+ "signed_at": "2026-06-10T16:36:56.083Z"
2982
2982
  },
2983
2983
  {
2984
2984
  "name": "privacy-consent-ops",
@@ -3033,11 +3033,11 @@
3033
3033
  "d3fend_refs": [],
3034
3034
  "last_threat_review": "2026-06-02",
3035
3035
  "signature": "0sfKSVrIf555c9bDGkXB96fUClN52fMAMYoQsNQ9eUUSzDiWUwdou+q0gYt43nObtj3m9Yb9X6q3oCXDVMgUDg==",
3036
- "signed_at": "2026-06-06T00:30:06.286Z"
3036
+ "signed_at": "2026-06-10T16:36:56.084Z"
3037
3037
  }
3038
3038
  ],
3039
3039
  "manifest_signature": {
3040
3040
  "algorithm": "Ed25519",
3041
- "signature_base64": "yjbWNMCX7Be5GfNF5WciEnzDeuUyJ6NldTbYRA6nx5C2QXPJYyVJVCI1bZtH3EsxmgmM7Ap/Wjzb0kZ+UtiLAg=="
3041
+ "signature_base64": "8ZjY3333vUH3KfbwmhOTRvQsLNuzYsocgtJ5RkrrnZwBH60nr8PYT4yj818HSc3sO3iOfUqh6FjWyzLzQCoiBg=="
3042
3042
  }
3043
3043
  }