secupdates
Security news aggregation from tldrsec, no.security, and other sources. USE WHEN security news, security updates, what's new in security, breaches, security research, sec updates. SkillSearch('secupdates') for docs.
Install
mkdir -p .claude/skills/secupdates && curl -L -o skill.zip "https://mcp.directory/api/skills/download/3741" && unzip -o skill.zip -d .claude/skills/secupdates && rm skill.zipInstalls to .claude/skills/secupdates
About this skill
Customization
Before executing, check for user customizations at:
~/.claude/skills/PAI/USER/SKILLCUSTOMIZATIONS/SECUpdates/
If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.
Voice Notification (REQUIRED)
Send this notification BEFORE doing anything else:
curl -s -X POST http://localhost:8888/notify \
-H "Content-Type: application/json" \
-d '{"message": "Checking security updates from sources"}' \
> /dev/null 2>&1 &
SECUpdates Skill
Purpose: Aggregate security news from multiple sources into crisp, ranked updates across three categories.
Sources
| Source | URL | Type |
|---|---|---|
| tl;dr sec | https://tldrsec.com | Newsletter/RSS - comprehensive security roundup |
| No Security | https://no.security | Caleb Sima's security insights |
| Krebs on Security | https://krebsonsecurity.com | Investigative security journalism |
| The Hacker News | https://thehackernews.com | Security news and analysis |
| Schneier on Security | https://schneier.com | Bruce Schneier's security blog |
| Risky Business | https://risky.biz | Security podcast/news |
Custom sources: Add to USER/SKILLCUSTOMIZATIONS/SECUpdates/sources.json
Output Format
Maximum 32 items total across all categories, ranked by importance within each.
# Security Updates
**Generated:** [timestamp]
**Sources Checked:** [list]
**Period:** Since [last check date]
---
## 🔴 Security News (Breaches & Incidents)
*Hacks, breaches, exploits in the wild, incidents*
1. **[Headline]** - [1-2 sentence summary]. [Source]
2. **[Headline]** - [1-2 sentence summary]. [Source]
...
---
## 🔬 Security Research
*New vulnerabilities, CVEs, techniques, papers*
1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...
---
## 💡 Security Ideas
*Opinions, strategies, industry trends, career*
1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...
---
## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | X | [headline] |
| Research | X | [title] |
| Ideas | X | [title] |
**Total:** X/32 items | **Next check:** Run `/secupdates` anytime
Category Definitions
🔴 Security News (Breaches & Incidents)
- Data breaches and leaks
- Active exploits and attacks
- Ransomware incidents
- State-sponsored attacks
- Major vulnerability exploitations
- Company security incidents
🔬 Security Research
- New CVEs and vulnerabilities
- Security research papers
- New attack techniques
- Tool releases
- Vulnerability disclosures
- Bug bounty findings
💡 Security Ideas
- Industry trends and analysis
- Security strategy and opinions
- Career and hiring trends
- Regulatory and compliance news
- Security culture and practices
- Predictions and forecasts
Ranking Criteria
Within each category, rank items by:
- Impact - How many people/systems affected?
- Recency - How new is this?
- Actionability - Can reader do something about it?
- Novelty - Is this genuinely new information?
State Tracking
State file: State/last-check.json
{
"last_check_timestamp": "2026-01-22T12:00:00.000Z",
"sources": {
"tldrsec": {
"last_hash": "abc123",
"last_checked": "2026-01-22T12:00:00.000Z",
"last_title": "tl;dr sec #XXX"
},
"nosecurity": {
"last_hash": "def456",
"last_checked": "2026-01-22T12:00:00.000Z"
}
}
}
On each run:
- Load last-check.json
- Fetch each source
- Compare content hash to detect new items
- Only include items newer than last check
- Update state file after successful run
Process Flow
Step 1: Check State
# Read last check timestamp
cat ~/.claude/skills/SECUpdates/State/last-check.json
Step 2: Fetch Sources (Parallel)
Launch parallel agents to fetch each source:
| Agent | Source | Method |
|---|---|---|
| Agent 1 | tldrsec.com | WebFetch latest newsletter |
| Agent 2 | no.security | WebFetch recent posts |
| Agent 3 | krebsonsecurity.com | WebFetch recent articles |
| Agent 4 | thehackernews.com | WebFetch headlines |
| Agent 5 | schneier.com | WebFetch recent posts |
Step 3: Parse & Categorize
For each item found:
- Determine category (News/Research/Ideas)
- Extract headline and 1-2 sentence summary
- Note source
- Assess importance score
Step 4: Rank & Limit
- Sort each category by importance
- Take top items until 32 total
- Distribute reasonably (aim for ~10-12 per category if available)
Step 5: Output & Update State
- Generate formatted output
- Write updated state to last-check.json
Workflow Routing
| Workflow | Trigger | File |
|---|---|---|
| Update | "security updates", "sec updates", "/secupdates", "what's new in security" | Workflows/Update.md |
Default: Run the Update workflow.
Key Principles
- Crisp - 1-2 sentences per item, no fluff
- Ranked - Most important first within each category
- Categorized - Clear separation of News/Research/Ideas
- Deduplicated - Same story from multiple sources = one entry
- Limited - Max 32 items total, quality over quantity
- Stateful - Track what's been seen, only show new items
Example Output
# Security Updates
**Generated:** 2026-01-22 12:09 PST
**Sources Checked:** tldrsec, no.security, Krebs, THN, Schneier
**Period:** Since 2026-01-20
---
## 🔴 Security News (Breaches & Incidents)
1. **Microsoft Azure Breach Exposes 2M Customer Records** - Misconfigured storage blob allowed unauthorized access to customer data including emails and phone numbers. [Krebs]
2. **LockBit 4.0 Ransomware Hits Healthcare Chain** - 15 hospitals affected, patient data encrypted, $10M ransom demanded. [THN]
3. **Ivanti VPN Zero-Day Actively Exploited** - CVE-2026-XXXX being used by Chinese APT groups against government targets. [tldrsec]
---
## 🔬 Security Research
1. **New Spectre Variant Bypasses All Mitigations** - Researchers demonstrate "Spectre-NG" affecting Intel and AMD processors, no patch available. [tldrsec]
2. **OAuth Token Theft via Browser Extension** - Novel technique allows stealing tokens from any site using malicious extension. [no.security]
3. **SSRF in AWS IMDSv2** - Bypass discovered in metadata service protections. [tldrsec]
---
## 💡 Security Ideas
1. **The Death of Perimeter Security** - Caleb Sima argues zero-trust is no longer optional after recent breaches. [no.security]
2. **CISO Burnout at All-Time High** - Survey shows 70% considering leaving the field within 2 years. [tldrsec]
3. **AI-Generated Phishing Now Indistinguishable** - Schneier on the implications of LLM-powered social engineering. [Schneier]
---
## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | 3 | Microsoft Azure Breach |
| Research | 3 | New Spectre Variant |
| Ideas | 3 | Death of Perimeter Security |
**Total:** 9/32 items | **Next check:** Run `/secupdates` anytime
Anti-Patterns
| ❌ Bad | ✅ Good |
|---|---|
| Long paragraph summaries | 1-2 crisp sentences |
| "Read more at..." | Summary + source attribution |
| Unranked list dumps | Importance-ordered items |
| 50+ items | Max 32, quality curated |
| Mixing categories | Clear News/Research/Ideas separation |
| Old news mixed with new | Only items since last check |
More by danielmiessler
View all skills by danielmiessler →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Related MCP Servers
Browse all servers
Hacker NewsIntegrate with Hacker News to track ai trends, analyze artificial intelligence trends, and engage with top tech stories
RSSRSS feed server with intelligent caching, batch processing, content monitoring, and full‑text search for automated news
Scraper.isIntegrate with Scraper.is API for efficient web scraping, data extraction, and web page scraping from any website, perfe
GitHubExtend your developer tools with GitHub MCP Server for advanced automation, supporting GitHub Student and student packag
RepomixOptimize your codebase for AI with Repomix—transform, compress, and secure repos for easier analysis with modern AI tool
Google GenAI ToolboxGoogle GenAI Toolbox: open-source GenAI database agent and AI database connector for Google Cloud database—query Cloud S