MCP.directory

secupdates

by danielmiessler
1
0
Source

Security news aggregation from tldrsec, no.security, and other sources. USE WHEN security news, security updates, what's new in security, breaches, security research, sec updates. SkillSearch('secupdates') for docs.

Install

mkdir -p .claude/skills/secupdates && curl -L -o skill.zip "https://mcp.directory/api/skills/download/3741" && unzip -o skill.zip -d .claude/skills/secupdates && rm skill.zip

Installs to .claude/skills/secupdates

About this skill

Customization

Before executing, check for user customizations at: ~/.claude/skills/PAI/USER/SKILLCUSTOMIZATIONS/SECUpdates/

If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.

Voice Notification (REQUIRED)

Send this notification BEFORE doing anything else:

curl -s -X POST http://localhost:8888/notify \
  -H "Content-Type: application/json" \
  -d '{"message": "Checking security updates from sources"}' \
  > /dev/null 2>&1 &

SECUpdates Skill

Purpose: Aggregate security news from multiple sources into crisp, ranked updates across three categories.

Sources

SourceURLType
tl;dr sechttps://tldrsec.comNewsletter/RSS - comprehensive security roundup
No Securityhttps://no.securityCaleb Sima's security insights
Krebs on Securityhttps://krebsonsecurity.comInvestigative security journalism
The Hacker Newshttps://thehackernews.comSecurity news and analysis
Schneier on Securityhttps://schneier.comBruce Schneier's security blog
Risky Businesshttps://risky.bizSecurity podcast/news

Custom sources: Add to USER/SKILLCUSTOMIZATIONS/SECUpdates/sources.json

Output Format

Maximum 32 items total across all categories, ranked by importance within each.

# Security Updates
**Generated:** [timestamp]
**Sources Checked:** [list]
**Period:** Since [last check date]

---

## 🔴 Security News (Breaches & Incidents)
*Hacks, breaches, exploits in the wild, incidents*

1. **[Headline]** - [1-2 sentence summary]. [Source]
2. **[Headline]** - [1-2 sentence summary]. [Source]
...

---

## 🔬 Security Research
*New vulnerabilities, CVEs, techniques, papers*

1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...

---

## 💡 Security Ideas
*Opinions, strategies, industry trends, career*

1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...

---

## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | X | [headline] |
| Research | X | [title] |
| Ideas | X | [title] |

**Total:** X/32 items | **Next check:** Run `/secupdates` anytime

Category Definitions

🔴 Security News (Breaches & Incidents)

  • Data breaches and leaks
  • Active exploits and attacks
  • Ransomware incidents
  • State-sponsored attacks
  • Major vulnerability exploitations
  • Company security incidents

🔬 Security Research

  • New CVEs and vulnerabilities
  • Security research papers
  • New attack techniques
  • Tool releases
  • Vulnerability disclosures
  • Bug bounty findings

💡 Security Ideas

  • Industry trends and analysis
  • Security strategy and opinions
  • Career and hiring trends
  • Regulatory and compliance news
  • Security culture and practices
  • Predictions and forecasts

Ranking Criteria

Within each category, rank items by:

  1. Impact - How many people/systems affected?
  2. Recency - How new is this?
  3. Actionability - Can reader do something about it?
  4. Novelty - Is this genuinely new information?

State Tracking

State file: State/last-check.json

{
  "last_check_timestamp": "2026-01-22T12:00:00.000Z",
  "sources": {
    "tldrsec": {
      "last_hash": "abc123",
      "last_checked": "2026-01-22T12:00:00.000Z",
      "last_title": "tl;dr sec #XXX"
    },
    "nosecurity": {
      "last_hash": "def456",
      "last_checked": "2026-01-22T12:00:00.000Z"
    }
  }
}

On each run:

  1. Load last-check.json
  2. Fetch each source
  3. Compare content hash to detect new items
  4. Only include items newer than last check
  5. Update state file after successful run

Process Flow

Step 1: Check State

# Read last check timestamp
cat ~/.claude/skills/SECUpdates/State/last-check.json

Step 2: Fetch Sources (Parallel)

Launch parallel agents to fetch each source:

AgentSourceMethod
Agent 1tldrsec.comWebFetch latest newsletter
Agent 2no.securityWebFetch recent posts
Agent 3krebsonsecurity.comWebFetch recent articles
Agent 4thehackernews.comWebFetch headlines
Agent 5schneier.comWebFetch recent posts

Step 3: Parse & Categorize

For each item found:

  1. Determine category (News/Research/Ideas)
  2. Extract headline and 1-2 sentence summary
  3. Note source
  4. Assess importance score

Step 4: Rank & Limit

  1. Sort each category by importance
  2. Take top items until 32 total
  3. Distribute reasonably (aim for ~10-12 per category if available)

Step 5: Output & Update State

  1. Generate formatted output
  2. Write updated state to last-check.json

Workflow Routing

WorkflowTriggerFile
Update"security updates", "sec updates", "/secupdates", "what's new in security"Workflows/Update.md

Default: Run the Update workflow.

Key Principles

  1. Crisp - 1-2 sentences per item, no fluff
  2. Ranked - Most important first within each category
  3. Categorized - Clear separation of News/Research/Ideas
  4. Deduplicated - Same story from multiple sources = one entry
  5. Limited - Max 32 items total, quality over quantity
  6. Stateful - Track what's been seen, only show new items

Example Output

# Security Updates
**Generated:** 2026-01-22 12:09 PST
**Sources Checked:** tldrsec, no.security, Krebs, THN, Schneier
**Period:** Since 2026-01-20

---

## 🔴 Security News (Breaches & Incidents)

1. **Microsoft Azure Breach Exposes 2M Customer Records** - Misconfigured storage blob allowed unauthorized access to customer data including emails and phone numbers. [Krebs]
2. **LockBit 4.0 Ransomware Hits Healthcare Chain** - 15 hospitals affected, patient data encrypted, $10M ransom demanded. [THN]
3. **Ivanti VPN Zero-Day Actively Exploited** - CVE-2026-XXXX being used by Chinese APT groups against government targets. [tldrsec]

---

## 🔬 Security Research

1. **New Spectre Variant Bypasses All Mitigations** - Researchers demonstrate "Spectre-NG" affecting Intel and AMD processors, no patch available. [tldrsec]
2. **OAuth Token Theft via Browser Extension** - Novel technique allows stealing tokens from any site using malicious extension. [no.security]
3. **SSRF in AWS IMDSv2** - Bypass discovered in metadata service protections. [tldrsec]

---

## 💡 Security Ideas

1. **The Death of Perimeter Security** - Caleb Sima argues zero-trust is no longer optional after recent breaches. [no.security]
2. **CISO Burnout at All-Time High** - Survey shows 70% considering leaving the field within 2 years. [tldrsec]
3. **AI-Generated Phishing Now Indistinguishable** - Schneier on the implications of LLM-powered social engineering. [Schneier]

---

## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | 3 | Microsoft Azure Breach |
| Research | 3 | New Spectre Variant |
| Ideas | 3 | Death of Perimeter Security |

**Total:** 9/32 items | **Next check:** Run `/secupdates` anytime

Anti-Patterns

❌ Bad✅ Good
Long paragraph summaries1-2 crisp sentences
"Read more at..."Summary + source attribution
Unranked list dumpsImportance-ordered items
50+ itemsMax 32, quality curated
Mixing categoriesClear News/Research/Ideas separation
Old news mixed with newOnly items since last check

More by danielmiessler

View all skills by danielmiessler

alex-hormozi-pitch

danielmiessler

Create irresistible offers and pitches using Alex Hormozi's methodology from $100M Offers. Guides through value equation, guarantee frameworks, pricing psychology, and creating offers "too good not to take" for any product or service.

11633

research

danielmiessler

Comprehensive research, analysis, and content extraction system. USE WHEN user says 'research' (ANY form - this is the MANDATORY trigger), 'do research', 'extensive research', 'quick research', 'minor research', 'research this', 'find information', 'investigate', 'extract wisdom', 'extract alpha', 'analyze content', 'can't get this content', 'use fabric', OR requests any web/content research. Supports three research modes (quick/standard/extensive), deep content analysis, intelligent retrieval, and 242+ Fabric patterns. NOTE: For due diligence, OSINT, or background checks, use OSINT skill instead.

495

art

danielmiessler

Complete visual content system for Unsupervised Learning. FOURTEEN workflows - (1) VISUALIZE (adaptive multi-modal orchestrator), (2) MERMAID (Excalidraw-style technical diagrams), (3) Editorial illustrations, (4) Technical diagrams, (5) Visual taxonomies, (6) Timelines, (7) Frameworks, (8) Comparisons, (9) Annotated screenshots, (10) Recipe cards, (11) Aphorisms, (12) Conceptual maps, (13) Stats, (14) Comics. USE WHEN user requests any visual content: 'visualize', 'mermaid', 'flowchart', 'sequence diagram', 'state diagram', 'infographic', 'art', 'illustration', 'diagram', 'taxonomy', 'timeline', 'framework', 'comparison', 'screenshot', 'recipe', 'aphorism', 'quote card', 'map', 'stat card', 'comic'. Note: Blogging skill auto-routes header images here.

791

redteam

danielmiessler

Adversarial analysis with 32 agents. USE WHEN red team, attack idea, counterarguments, critique, stress test. SkillSearch('redteam') for docs.

421

osint

danielmiessler

Open source intelligence gathering. USE WHEN OSINT, due diligence, background check, research person, company intel, investigate. SkillSearch('osint') for docs.

331

agents

danielmiessler

Dynamic agent composition and management system. USE WHEN user says create custom agents, spin up custom agents, specialized agents, OR asks for agent personalities, available traits, agent voices. Handles custom agent creation, personality assignment, voice mapping, and parallel agent orchestration.

10

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

643969

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

591705

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

318398

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

339397

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

451339

fastapi-templates

wshobson

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

304231

Related MCP Servers

Browse all servers
Hacker NewsHacker News

Integrate with Hacker News to track ai trends, analyze artificial intelligence trends, and engage with top tech stories

654 tools
RSSRSS

RSS feed server with intelligent caching, batch processing, content monitoring, and full‑text search for automated news

106 tools
Scraper.isScraper.is

Integrate with Scraper.is API for efficient web scraping, data extraction, and web page scraping from any website, perfe

80 tools
GitHubGitHub

Extend your developer tools with GitHub MCP Server for advanced automation, supporting GitHub Student and student packag

27,6470 tools
RepomixRepomix

Optimize your codebase for AI with Repomix—transform, compress, and secure repos for easier analysis with modern AI tool

22,2988 tools
Google GenAI ToolboxGoogle GenAI Toolbox

MCP Toolbox for Databases by Google. An open-source server that lets AI agents query Cloud SQL, Spanner, AlloyDB, and ot

13,3270 tools

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.