{
  "schema": "mard-hat-v0.1",
  "generated_at": "2026-07-09T09:29:57.792Z",
  "window_days": 30,
  "hat_score": 49,
  "level": "watch",
  "confidence": "low",
  "trend": "falling",
  "baseline": {
    "status": "warming_up",
    "points": 1,
    "mean_hat_score": 59,
    "delta_from_mean": -10.1
  },
  "score_parts": {
    "kev_recent_7d": 50,
    "kev_recent_30d": 56,
    "epss_hot_global": 100,
    "kev_epss_mean": 28,
    "source_coverage": 75
  },
  "metrics": {
    "kev": {
      "total_kev": 1635,
      "recent_7d": 4,
      "recent_30d": 18,
      "epss_mean_recent_kev": 0.2812,
      "top_recent_kev_by_epss": [
        {
          "cve": "CVE-2026-10520",
          "vendor_project": "Ivanti",
          "product": "Sentry",
          "vulnerability_name": "Ivanti Sentry OS Command Injection Vulnerability",
          "date_added": "2026-06-11",
          "epss": 0.99041,
          "percentile": 0.99926
        },
        {
          "cve": "CVE-2026-35273",
          "vendor_project": "Oracle",
          "product": " PeopleSoft Enterprise PeopleTools",
          "vulnerability_name": "Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability",
          "date_added": "2026-06-12",
          "epss": 0.9233,
          "percentile": 0.99811
        },
        {
          "cve": "CVE-2026-20253",
          "vendor_project": "Splunk",
          "product": "Enterprise",
          "vulnerability_name": "Splunk Enterprise Missing Authentication for Critical Function Vulnerability",
          "date_added": "2026-06-18",
          "epss": 0.88171,
          "percentile": 0.99749
        },
        {
          "cve": "CVE-2026-48907",
          "vendor_project": "Widget Factory",
          "product": "Joomla Content Editor ",
          "vulnerability_name": "Widget Factory Joomla Content Editor Improper Access Control Vulnerability",
          "date_added": "2026-06-16",
          "epss": 0.80425,
          "percentile": 0.99574
        },
        {
          "cve": "CVE-2026-34910",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Improper Input Validation Vulnerability",
          "date_added": "2026-06-23",
          "epss": 0.78555,
          "percentile": 0.99536
        },
        {
          "cve": "CVE-2026-20230",
          "vendor_project": "Cisco",
          "product": "Unified Communications Manager",
          "vulnerability_name": "Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability",
          "date_added": "2026-06-25",
          "epss": 0.41694,
          "percentile": 0.98514
        },
        {
          "cve": "CVE-2026-20262",
          "vendor_project": "Cisco",
          "product": "Catalyst SD-WAN Manager",
          "vulnerability_name": "Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability",
          "date_added": "2026-06-15",
          "epss": 0.07683,
          "percentile": 0.93873
        },
        {
          "cve": "CVE-2026-45659",
          "vendor_project": "Microsoft",
          "product": "SharePoint Server",
          "vulnerability_name": "Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability",
          "date_added": "2026-07-01",
          "epss": 0.03219,
          "percentile": 0.86697
        },
        {
          "cve": "CVE-2026-48282",
          "vendor_project": "Adobe",
          "product": "ColdFusion",
          "vulnerability_name": "Adobe ColdFusion Path Traversal Vulnerability",
          "date_added": "2026-07-07",
          "epss": 0.03199,
          "percentile": 0.86593
        },
        {
          "cve": "CVE-2026-34908",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Improper Access Control Vulnerability",
          "date_added": "2026-06-23",
          "epss": 0.02452,
          "percentile": 0.82444
        },
        {
          "cve": "CVE-2026-34909",
          "vendor_project": "Ubiquiti",
          "product": "UniFi OS",
          "vulnerability_name": "Ubiquiti UniFi OS Path Traversal Vulnerability",
          "date_added": "2026-06-23",
          "epss": 0.02269,
          "percentile": 0.80947
        },
        {
          "cve": "CVE-2026-48908",
          "vendor_project": "JoomShaper",
          "product": "SP Page Builder",
          "vulnerability_name": "JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability",
          "date_added": "2026-07-07",
          "epss": 0.01431,
          "percentile": 0.69835
        }
      ]
    },
    "epss": {
      "hot_global_count": 250,
      "top_global": [
        {
          "cve": "CVE-2014-0160",
          "epss": 0.99999,
          "percentile": 0.99997,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2014-3566",
          "epss": 0.99999,
          "percentile": 1,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2014-6271",
          "epss": 0.99999,
          "percentile": 0.99992,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2015-1635",
          "epss": 0.99999,
          "percentile": 0.99998,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2017-5638",
          "epss": 0.99999,
          "percentile": 0.99994,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2017-9841",
          "epss": 0.99999,
          "percentile": 0.99994,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2019-0708",
          "epss": 0.99999,
          "percentile": 0.99999,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2020-5902",
          "epss": 0.99999,
          "percentile": 1,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2021-1498",
          "epss": 0.99999,
          "percentile": 0.9999,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2023-0669",
          "epss": 0.99999,
          "percentile": 0.99996,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2023-1389",
          "epss": 0.99999,
          "percentile": 0.99992,
          "date": "2026-07-08"
        },
        {
          "cve": "CVE-2023-1671",
          "epss": 0.99999,
          "percentile": 0.99991,
          "date": "2026-07-08"
        }
      ]
    },
    "optional_abusech": {
      "threatfox_enabled": false,
      "threatfox_count": null,
      "botnet_cc_count": null
    }
  },
  "drivers": [
    "4 CISA KEV additions in the last 7 days",
    "18 CISA KEV additions in the last 30 days",
    "250 EPSS entries above the configured hot percentile query window",
    "Mean EPSS of recent KEV items: 0.2812",
    "Baseline warming up: 1/14 prior points available"
  ],
  "source_health": [
    {
      "source": "cisa_kev",
      "status": "ok",
      "count": 1635,
      "hash": "b03e1c821607a6e24a412143a45e5b48585eda563971f1c0f095f34ee7e777bc"
    },
    {
      "source": "first_epss_top",
      "status": "ok",
      "count": 250,
      "hash": "d4edaa57154f3df6d829cc20ddfa32f027876b0b87c56660bc464bc563739eaa"
    },
    {
      "source": "first_epss_kev_enrichment",
      "status": "ok",
      "count": 18
    },
    {
      "source": "threatfox_optional",
      "status": "disabled",
      "count": 0,
      "botnet_cc_count": 0
    }
  ],
  "source_health_map": {
    "cisa_kev": "ok",
    "first_epss_top": "ok",
    "first_epss_kev_enrichment": "ok",
    "threatfox_optional": "disabled"
  },
  "assessment": {
    "label": "open-source cyber/exploit pressure telemetry",
    "magic_paws_use": "contextual indicator only",
    "claim_limit": "Contextual digital-pressure indicator only. Not attribution-grade and not sufficient to prove hybrid activity on its own.",
    "no_attribution": true,
    "no_proof_by_itself": true
  },
  "links": {
    "latest_json": "hat_latest.json",
    "history_json": "hat_history.json",
    "source_health_json": "hat_source_health.json"
  },
  "evidence_cards": [
    "evidence_cards/20260709T092957_open_source_exploit_pressure.json"
  ]
}