feat(threat_intel): add Mini Shai-Hulud / Miasma LeoPlatform exposure catalog

[adel-pplx]

Summary

Adds threat_intel/mini-shai-hulud-leoplatform-2026-06-24.json for the
2026-06-24 Mini Shai-Hulud / Miasma (Hades-variant) compromise of the
LeoPlatform / RStreams npm ecosystem (compromised czirker maintainer
account), plus a row in threat_intel/README.md.

Sources:

• https://socket.dev/blog/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem
• https://www.ox.security/blog/alright-lets-see-if-this-works-shai-hulud-miasma-hades-variant-spreads-on-npm/

Coverage

Bucket	Packages	Versions
entries[] npm	26	26
entries[] go	1	1
Total	27	27

Single campaign confirmed across both reports (same czirker maintainer, same
packages/versions, same Miasma/Shai-Hulud family and markers). Reconciled union:
20 core czirker npm packages confirmed by both Socket and OX with identical
versions (no conflicts); 3 pre-release leo-connector-* packages reported by OX
only; 3 packages (hexo-deployer-wrangler, hexo-shoka-swiper, prism-silq)
published by the related llxlr account per Socket; and 1 Go module
(github.com/verana-labs/verana-blockchain@v0.10.1-dev.20).

Validation

• Schema validation against docs/schema/v0.1.0/exposure-catalog.schema.json — passes.
• All other catalogs in threat_intel/ re-validated — no regressions.
• Source package/version sets reconciled across both reports and diffed against the catalog — exact match (27/27), unique IDs.
• No IOC/indicator fields (no hashes, C2, or network indicators) — exact (ecosystem, package, version) matching only.

Generated with Perplexity Computer.