sec-updates

by @Anshin-Health-Solutions in Security

# Install this skill:

npx skills add Anshin-Health-Solutions/superpai --skill "sec-updates"

Install specific skill from multi-skill repository

# Description

Security news aggregation from tldrsec, no.security, and other sources.

# SKILL.md

name: sec-updates
description: "Security news aggregation from tldrsec, no.security, and other sources."
triggers:
- security news
- security updates
- what's new in security
- breaches
- security research
- sec updates
- CVE

Security Updates Skill

Aggregate, deduplicate, and summarize security news from trusted sources into a prioritized digest filtered by severity and relevance to the user's technology stack.

Sources and Aggregation Process

Source	URL	Frequency	Content Type
tl;dr sec	https://tldrsec.com	Weekly (Monday)	Curated newsletter digest — parse latest issue for categorized links
no.security	https://no.security	Daily	Short-form security news feed — scrape headline + summary pairs
Krebs on Security	https://krebsonsecurity.com	2-3x/week	Long-form investigative — extract title, date, and first paragraph
The Record	https://therecord.media	Daily	Recorded Future's news arm — nation-state, ransomware, policy
BleepingComputer	https://www.bleepingcomputer.com/news/security/	Daily	Vulnerabilities, malware, patches — high volume, filter by severity
CISA KEV Catalog	https://www.cisa.gov/known-exploited-vulnerabilities-catalog	As published	Known Exploited Vulnerabilities — authoritative, action-required
NVD / CVE	https://nvd.nist.gov/vuln/search	Continuous	CVE database — query by date range, CVSS score, keyword

Detailed Process

Fetch latest content from each source using WebFetch or WebSearch with date-bounded queries (last 24h for daily, last 7d for weekly).
Normalize entries into a common schema: {date, source, title, severity, category, summary, url}.
Deduplicate across sources by matching on CVE IDs (exact), headline similarity (fuzzy, >80% Jaccard), and URL domain+path overlap.
Classify severity using CVSS scores where available; otherwise infer from language cues (critical, actively exploited, zero-day = CRITICAL; patch available = HIGH; theoretical = MEDIUM; informational = LOW).
Filter by relevance to the user's declared stack (e.g., if the user runs Node.js + PostgreSQL + AWS, deprioritize Windows kernel or iOS-only vulns).
Rank and group by severity descending, then by recency within each severity tier.
Generate digest in the output format below.

Filtering Logic

Severity threshold: Default = MEDIUM and above. User can override (e.g., "only critical").
Stack relevance: Match against keywords from the user's known tech stack. Tag as RELEVANT, ADJACENT, or GENERAL.
Noise suppression: Skip vendor marketing, product launch announcements, and opinion-only pieces unless they contain actionable intel.

Output Format

## Security Digest — {date_range}
Sources checked: {count} | Items before dedup: {raw_count} | After dedup: {final_count}

### CRITICAL
| Date       | Source        | Title                           | Relevance | Summary                          | Link |
|------------|---------------|---------------------------------|-----------|----------------------------------|------|
| 2026-03-01 | CISA KEV      | CVE-2026-XXXX actively exploited | RELEVANT  | RCE in libxml2 affects Node.js.. | [url] |

### HIGH
| Date       | Source           | Title                        | Relevance | Summary                       | Link |
|------------|------------------|------------------------------|-----------|-------------------------------|------|
| 2026-02-28 | BleepingComputer | PostgreSQL auth bypass patch  | RELEVANT  | Patch available, upgrade to.. | [url] |

### MEDIUM
...

### Trends & Patterns
- {Observation about recurring themes, e.g., "Third supply-chain attack on npm packages this month"}
- {Emerging threat actor or campaign}

Example Aggregated Report

## Security Digest — Feb 24-Mar 2, 2026
Sources checked: 7 | Items before dedup: 43 | After dedup: 28

### CRITICAL (2 items)
| Date       | Source   | Title                                    | Relevance | Summary                                         | Link                    |
|------------|----------|------------------------------------------|-----------|--------------------------------------------------|-------------------------|
| 2026-03-01 | CISA KEV | CVE-2026-1234 libxml2 RCE in the wild    | RELEVANT  | Heap overflow in XML parser; CVSS 9.8; patch now | https://nvd.nist.gov/.. |
| 2026-02-27 | Krebs    | Major CDN provider breach affects 10k sites | ADJACENT  | Credential theft via compromised edge nodes     | https://krebson..       |

### Trends & Patterns
- Supply-chain attacks on JavaScript ecosystems continue to accelerate (3rd incident in 30 days).
- CISA added 4 new entries to KEV this week, all with <2 week remediation deadlines.

Frequency Recommendations

Daily brief: Run each morning — CRITICAL and HIGH items only, 1-line summaries, 60-second read.
Weekly deep dive: Run Monday — full digest with MEDIUM included, trend analysis, recommended actions.
Ad-hoc: User triggers with "security news about {topic}" for targeted queries.

Tool Chain

WebSearch for broad queries across sources
WebFetch for specific source URLs (tldrsec.com latest issue, CISA KEV JSON feed)
Grep / Read for local stack detection (scan project files for package.json, requirements.txt, Dockerfile to infer tech stack)