SOC Goulash2d ago

Hey team! It's been a bit quiet over the last 24 hours, but we've got a couple of noteworthy updates: Microsoft's re-release of a critical Windows 11 hotpatch addressing RCE flaws, and the launch of Betterleaks, a promising new open-source tool for secrets scanning.

Windows 11 Hotpatch for RRAS RCE 🛡️

- Microsoft has re-released an out-of-band (OOB) hotpatch (KB5084597) for Windows 11 Enterprise devices, targeting three Remote Code Execution (RCE) vulnerabilities (CVE-2026-25172, CVE-2026-25173, CVE-2026-26111) in the Routing and Remote Access Service (RRAS) management tool.
- These flaws could allow an authenticated attacker to achieve RCE by tricking a domain-joined user into connecting to a malicious server via the RRAS Snap-in.
- The hotpatch is specifically for devices enrolled in the hotpatch update program and managed via Windows Autopatch, offering crucial fixes without requiring a system reboot, which is vital for mission-critical environments.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-re-releases-windows-11-oob-hotpatch-to-fix-rras-rce-flaw/

Betterleaks: The Next-Gen Secrets Scanner 🛠️

- Betterleaks is a new open-source tool designed to scan directories, files, and Git repositories for sensitive secrets like credentials and API keys, aiming to be a more advanced successor to the popular Gitleaks.
- Developed by Zach Rice, the original author of Gitleaks, Betterleaks introduces features such as rule-defined validation using CEL, token efficiency scanning (boasting 98.6% recall), a pure Go implementation, and parallelised Git scanning for improved performance.
- Future plans for the project include support for additional data sources, LLM-assisted analysis for better secret classification, automatic secret revocation via provider APIs, and optimisations for AI-generated code workflows.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/betterleaks-a-new-open-source-secrets-scanner-to-replace-gitleaks/

#CyberSecurity #Vulnerability #RCE #Windows11 #Microsoft #Hotpatch #SecurityTools #OpenSource #SecretsScanning #DevSecOps #InfoSec

Microsoft re-releases Windows 11 OOB hotpatch to fix RRAS RCE flaw

Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates.

BleepingComputer
KrebsOnSecurity RSSMar 11

Microsoft Patch Tuesday, March 2026 Edition

https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/

#MicrosoftPatchTuesdayMarch2026 #MicrosoftOffice #TheComingStorm #CVE-2026-21262 #CVE-2026-24289 #CVE-2026-24291 #CVE-2026-24294 #CVE-2026-25187 #CVE-2026-26110 #CVE-2026-26113 #CVE-2026-26127 #mozillafirefox #SecurityTools #SatnamNarang #TimetoPatch #AdamBarnett #BenMcCarthy #Immersive #Tenable #adobe #XBOW

Microsoft Patch Tuesday, March 2026 Edition – Krebs on Security

char (#4|2Feb 23

New Caetra release; Fix bug related with bcc adding missing struct bpf_wq to support kernel 6.14.0-37 on 24.04.1-Ubuntu (noble)

https://github.com/carvilsi/caetra

#eBPF #physicalSecurity #securityTools #monitoring

GitHub - carvilsi/caetra: Linux Phisical Security based on eBPF

Linux Phisical Security based on eBPF. Contribute to carvilsi/caetra development by creating an account on GitHub.

GitHub
KrebsOnSecurity RSSFeb 16

Patch Tuesday, February 2026 Edition

https://krebsonsecurity.com/2026/02/patch-tuesday-february-2026-edition/

#WindowsRemoteDesktopServices #sansinternetstormcenter #DesktopWindowManager #LatestWarnings #CVE-2026-21256 #CVE-2026-21509 #CVE-2026-21510 #CVE-2026-21513 #CVE-2026-21514 #CVE-2026-21516 #CVE-2026-21519 #CVE-2026-21523 #CVE-2026-21525 #CVE-2026-21533 #SecurityTools #MicrosoftWord #Windowsshell #TimetoPatch #ChrisGoettl #Immersive #KevBreen #Ivanti #MSHTML

Patch Tuesday, February 2026 Edition – Krebs on Security

SOC GoulashFeb 8

It's been a bit light on news over the last 24 hours, but we've got some crucial updates on securing AI agent platforms and a handy new tool to defend against command-line trickery. Let's dive in:

OpenClaw Security: A Deep Dive ⚠️

- OpenClaw, the open-source AI agent platform, is integrating VirusTotal scanning for skills uploaded to its ClawHub marketplace, including using Code Insight, to combat a surge of malicious skills.
- This move follows numerous reports detailing hundreds of malicious skills exploiting the agent's extensive system access for data exfiltration, backdoor injection, and malware installation, alongside critical vulnerabilities like cleartext credential storage, exposed API gateways (over 30,000 instances), and a patched one-click RCE.
- The incident underscores the "Shadow AI" risk, where autonomous agents with broad system access, often deployed without IT approval, create a significant new attack surface, prompting China's MIIT to issue warnings about misconfigured instances.

📰 The Hacker News | https://thehackernews.com/2026/02/openclaw-integrates-virustotal-scanning.html

New Tool: Defending Against Command-Line Imposters 🛡️

- A new open-source, cross-platform tool called Tirith has been released to detect and block homoglyph and other deceptive attacks in command-line environments.
- Tirith hooks into popular shells (zsh, bash, fish, PowerShell) to inspect pasted commands for malicious URLs, Unicode lookalikes, terminal injection, and other obfuscation techniques that trick users.
- Designed to run locally with sub-millisecond overhead, this tool offers a crucial layer of defence against sophisticated social engineering and command-line attacks like ClickFix, which bypass traditional browser protections.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-commands/

#CyberSecurity #ThreatIntelligence #AI #AIsecurity #OpenClaw #Vulnerability #Malware #InfoSec #CommandInjection #HomoglyphAttack #SecurityTools #IncidentResponse

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw integrates VirusTotal Code Insight scanning for ClawHub skills following reports of malicious plugins, prompt injection & exposed instances.

The Hacker News
Reddit Tech VN BotJan 30

Tự động phát hiện và **khóa ngay đám attack** mà không cần can thiệp! 👨‍💻🔧 Dùng **NIB** (NIDS in a Box) – tích hợp Suricata & CrowdSec, cùng "router sync" bảo vệ toàn bộ mạng. Chỉ dùng **1GB RAM**, cài đặt chỉ vài giây (`make install`). #securityTools #networkSecurity #NIB #PhongThongtin #AnToanMang

https://www.reddit.com/r/selfhosted/comments/1qrjni1/i_built_a_nids_that_automatically_blocks/

Aditya TelangeJan 5

🔐 Introducing frida-ui

A lightweight, web-based user interface built for Frida - designed to make Android application penetration testing more intuitive and efficient.

📦 Easy to get started:
> uv tool install frida-ui
> frida-ui

Check it out on GitHub - https://github.com/adityatelange/frida-ui

Available on PyPI: https://pypi.org/project/frida-ui

#AndroidSecurity #infosec #Frida #SecurityTools #OpenSource

GitHub - adityatelange/frida-ui: Interact with Frida devices, processes, and scripts directly from your browser.

Interact with Frida devices, processes, and scripts directly from your browser. - adityatelange/frida-ui

GitHub
Hacker NewsDec 12

Tripwire: A new anti evil maid defense

https://github.com/fr33-sh/Tripwire

#HackerNews #Tripwire #AntiEvilMaid #Cybersecurity #OpenSource #GitHub #SecurityTools

GitHub - fr33-sh/Tripwire

Contribute to fr33-sh/Tripwire development by creating an account on GitHub.

GitHub
N-gated Hacker NewsDec 6
🚀 Behold, the latest buzzword salad from GitHub's trendy kitchen: Z-Image, a 6-billion-parameter monstrosity that promises to churn out images faster than you can say "overhyped AI model." 🌟✨ But wait, there's more! You can now manage prompts and fix vulnerabilities like never before—because who wouldn't want their security tools tangled with image generation? 😂🔧
https://github.com/Tongyi-MAI/Z-Image #ZImage #OverhypedAI #ImageGeneration #GitHub #SecurityTools #TrendingTech #HackerNews #ngated
GitHub - Tongyi-MAI/Z-Image

Contribute to Tongyi-MAI/Z-Image development by creating an account on GitHub.

GitHub
PsychoticSheepDec 5
FOSS Advent Calendar - Door 6: Cracking Passwords with John the Ripper

Today we explore John the Ripper, one of the most powerful and flexible open-source password-cracking tools. It is widely used for security testing, digital forensics, and understanding how weak passwords can be recovered.

John works by taking a password hash and trying to recover the original password. It can do this in different ways, for example through brute force, where every possible combination is tried, or through wordlists, where John tests passwords from a predefined dictionary. When the generated hash matches the original, the password is revealed.

This tool is perfect for learning about cybersecurity, testing the strength of your own passwords, or experimenting with how attackers might attempt to crack weak credentials.

Pro tip: try using both brute force and a wordlist. You’ll immediately see how effective wordlists can be compared to testing every combination.

Which hashing algorithm gives you the most headaches?

Link: https://github.com/openwall/john

#FOSS #OpenSource #Linux #CLI #Terminal #JohnTheRipper #CyberSecurity #PasswordCracking #SecurityTools #HashCracking #Pentesting #EthicalHacking #DigitalForensics #Unix #Infosec #NerdContent #TechNerds #AdventCalendar #OpenTools #FOSSAdvent #adventkalender #adventskalender