Skills

SECUpdates

Installation
SKILL.md

Customization

Before executing, check for user customizations at: ~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/SECUpdates/

If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.

Voice Notification (REQUIRED)

Send this notification BEFORE doing anything else:

curl -s -X POST http://localhost:8888/notify \
  -H "Content-Type: application/json" \
  -d '{"message": "Checking security updates from sources"}' \
  > /dev/null 2>&1 &

SECUpdates Skill

Purpose: Aggregate security news from multiple sources into crisp, ranked updates across three categories.

Sources

Source URL Type
tl;dr sec https://tldrsec.com Newsletter/RSS - comprehensive security roundup
No Security https://no.security Caleb Sima's security insights
Krebs on Security https://krebsonsecurity.com Investigative security journalism
The Hacker News https://thehackernews.com Security news and analysis
Schneier on Security https://schneier.com Bruce Schneier's security blog
Risky Business https://risky.biz Security podcast/news

Custom sources: Add to USER/SKILLCUSTOMIZATIONS/SECUpdates/sources.json

Output Format

Maximum 32 items total across all categories, ranked by importance within each.

# Security Updates
**Generated:** [timestamp]
**Sources Checked:** [list]
**Period:** Since [last check date]

---

## 🔴 Security News (Breaches & Incidents)
*Hacks, breaches, exploits in the wild, incidents*

1. **[Headline]** - [1-2 sentence summary]. [Source]
2. **[Headline]** - [1-2 sentence summary]. [Source]
...

---

## 🔬 Security Research
*New vulnerabilities, CVEs, techniques, papers*

1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...

---

## 💡 Security Ideas
*Opinions, strategies, industry trends, career*

1. **[Title]** - [1-2 sentence summary]. [Source]
2. **[Title]** - [1-2 sentence summary]. [Source]
...

---

## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | X | [headline] |
| Research | X | [title] |
| Ideas | X | [title] |

**Total:** X/32 items | **Next check:** Run `/secupdates` anytime

Category Definitions

🔴 Security News (Breaches & Incidents)

  • Data breaches and leaks
  • Active exploits and attacks
  • Ransomware incidents
  • State-sponsored attacks
  • Major vulnerability exploitations
  • Company security incidents

🔬 Security Research

  • New CVEs and vulnerabilities
  • Security research papers
  • New attack techniques
  • Tool releases
  • Vulnerability disclosures
  • Bug bounty findings

💡 Security Ideas

  • Industry trends and analysis
  • Security strategy and opinions
  • Career and hiring trends
  • Regulatory and compliance news
  • Security culture and practices
  • Predictions and forecasts

Ranking Criteria

Within each category, rank items by:

  1. Impact - How many people/systems affected?
  2. Recency - How new is this?
  3. Actionability - Can reader do something about it?
  4. Novelty - Is this genuinely new information?

State Tracking

State file: State/last-check.json

{
  "last_check_timestamp": "2026-01-22T12:00:00.000Z",
  "sources": {
    "tldrsec": {
      "last_hash": "abc123",
      "last_checked": "2026-01-22T12:00:00.000Z",
      "last_title": "tl;dr sec #XXX"
    },
    "nosecurity": {
      "last_hash": "def456",
      "last_checked": "2026-01-22T12:00:00.000Z"
    }
  }
}

On each run:

  1. Load last-check.json
  2. Fetch each source
  3. Compare content hash to detect new items
  4. Only include items newer than last check
  5. Update state file after successful run

Process Flow

Step 1: Check State

# Read last check timestamp
cat State/last-check.json

Step 2: Fetch Sources (Parallel)

Launch parallel agents to fetch each source:

Agent Source Method
Agent 1 tldrsec.com WebFetch latest newsletter
Agent 2 no.security WebFetch recent posts
Agent 3 krebsonsecurity.com WebFetch recent articles
Agent 4 thehackernews.com WebFetch headlines
Agent 5 schneier.com WebFetch recent posts

Step 3: Parse & Categorize

For each item found:

  1. Determine category (News/Research/Ideas)
  2. Extract headline and 1-2 sentence summary
  3. Note source
  4. Assess importance score

Step 4: Rank & Limit

  1. Sort each category by importance
  2. Take top items until 32 total
  3. Distribute reasonably (aim for ~10-12 per category if available)

Step 5: Output & Update State

  1. Generate formatted output
  2. Write updated state to last-check.json

Workflow Routing

Workflow Trigger File
Update "security updates", "sec updates", "/secupdates", "what's new in security" Workflows/Update.md

Default: Run the Update workflow.

Key Principles

  1. Crisp - 1-2 sentences per item, no fluff
  2. Ranked - Most important first within each category
  3. Categorized - Clear separation of News/Research/Ideas
  4. Deduplicated - Same story from multiple sources = one entry
  5. Limited - Max 32 items total, quality over quantity
  6. Stateful - Track what's been seen, only show new items

Example Output

# Security Updates
**Generated:** 2026-01-22 12:09 PST
**Sources Checked:** tldrsec, no.security, Krebs, THN, Schneier
**Period:** Since 2026-01-20

---

## 🔴 Security News (Breaches & Incidents)

1. **Microsoft Azure Breach Exposes 2M Customer Records** - Misconfigured storage blob allowed unauthorized access to customer data including emails and phone numbers. [Krebs]
2. **LockBit 4.0 Ransomware Hits Healthcare Chain** - 15 hospitals affected, patient data encrypted, $10M ransom demanded. [THN]
3. **Ivanti VPN Zero-Day Actively Exploited** - CVE-2026-XXXX being used by Chinese APT groups against government targets. [tldrsec]

---

## 🔬 Security Research

1. **New Spectre Variant Bypasses All Mitigations** - Researchers demonstrate "Spectre-NG" affecting Intel and AMD processors, no patch available. [tldrsec]
2. **OAuth Token Theft via Browser Extension** - Novel technique allows stealing tokens from any site using malicious extension. [no.security]
3. **SSRF in AWS IMDSv2** - Bypass discovered in metadata service protections. [tldrsec]

---

## 💡 Security Ideas

1. **The Death of Perimeter Security** - Caleb Sima argues zero-trust is no longer optional after recent breaches. [no.security]
2. **CISO Burnout at All-Time High** - Survey shows 70% considering leaving the field within 2 years. [tldrsec]
3. **AI-Generated Phishing Now Indistinguishable** - Schneier on the implications of LLM-powered social engineering. [Schneier]

---

## 📊 Summary
| Category | Count | Top Item |
|----------|-------|----------|
| News | 3 | Microsoft Azure Breach |
| Research | 3 | New Spectre Variant |
| Ideas | 3 | Death of Perimeter Security |

**Total:** 9/32 items | **Next check:** Run `/secupdates` anytime

Anti-Patterns

❌ Bad ✅ Good
Long paragraph summaries 1-2 crisp sentences
"Read more at..." Summary + source attribution
Unranked list dumps Importance-ordered items
50+ items Max 32, quality curated
Mixing categories Clear News/Research/Ideas separation
Old news mixed with new Only items since last check
Related skills

More from danielmiessler/personal_ai_infrastructure

Installs
85
Repository
danielmiessler/…tructure
GitHub Stars
12.1K
First Seen
Jan 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn