Sharing the ShieldNet Trust Posture. Very good analytical data of the current CVE landscape across OWASP,NIST, NVD, Phishing, AI, Microsoft etc.

https://www.shieldnet.app/trust-dashboard.html

Built an automated npm package scanner that uses heuristic scoring + LLM analysis to flag malicious packages in real time. Ran it for 24 hours against ~2000 recent npm registry changes and found 21 malicious packages across 11 campaigns.

Four novel attack vectors documented:

1. LLM API MITM (T1557): makecoder@2.0.72 overwrites ~/.claude/ via postinstall, reconfigures Claude Code client to proxy all API calls through attacker server. Application-layer MITM on AI assistant conversations.

2. Encrypted skill distribution (T1027, T1105): skillvault@0.1.14 fetches encrypted payloads from private API, decrypts locally, installs as persistent Claude Code skills. Server-side swappable without npm update.

3. AI agent as RAT (T1219, T1036.005): keystonewm/tsunami-code ship functional coding assistant CLIs routing all interactions through attacker's ngrok tunnel. Exploits AI tool trust model where users grant full filesystem access voluntarily.

4. Redis CONFIG SET + raw disk read via postinstall (T1190, T1006): 6 fake Strapi plugins use Redis to write shell payloads to 7 directories, dd if=/dev/sda1 to extract credentials bypassing file permissions, Docker overlay traversal for container escape.

All IOCs, decoded payloads, and MITRE mappings on the site. None of the 21 packages were flagged by any public scanner at time of discovery.

My write up around a research project I've been doing in my spare time around investigating the security of AWS CodeConnections. This post covers the techniques I used to hook a CodeBuild job to monitor the requests the CodeBuild bootstrapping makes before user code is run. Using this information I then also show the endpoints I found that can be used to retrieve the raw GitHub App token or BitBucket JWT App token CodeConnections uses which tends to be very privileged in a lot of environments, granting far more access than to just the single repository where the CodeBuild job is being run.

CVE-2026-33579 is actively exploitable and hits hard.

What happened: The /pair approve command doesn't check who is approving. So someone with basic pairing access (the lowest permission tier) can approve themselves for admin. That's it. Full instance takeover, no secondary exploit needed. CVSS 8.6 HIGH.

Why this matters right now:

• Patch dropped March 29, NVD listing March 31. Two-day window for the vulns to spread before anyone saw it on NVD
• 135k+ OpenClaw instances are publicly exposed
• 63% of those run zero authentication. Meaning the "low privilege required" in the CVE = literally anyone on the internet can request pairing access and start the exploit chain

The attack is trivial:

1. Connect to an unauthenticated OpenClaw instance → get pairing access (no credentials needed)
2. Register a fake device asking for operator.admin scope
3. Approve your own request with /pair approve [request-id]
4. System grants admin because it never checks if you are authorized to grant admin
5. You now control the entire instance — all data, all connected services, all credentials

Takes maybe 30 seconds once you know the gap exists.

What you need to do:

1. Check your version: openclaw --version. If it's anything before 2026.3.28, stop what you're doing
2. Upgrade (one command: npm install openclaw@2026.3.28)
3. Run forensics if you've been running vulnerable versions:
   • List admin devices: openclaw devices list --format json and look for admins approved by pairing-only users
   • Check audit logs for /pair approve events in the last week
   • If registration and approval timestamps are seconds apart and approver isn't a known admin = you got hit

Let me know if you're interested, happy to share the link.

A massive data breach (allegedly) has occurred at Adobe. Carried out by a threat actor calling themselves "Mr. Raccoon", the claims are that over 13M support ticket details have been leaked along with details of over 15,000 employees. Additionally, they have access to their microsoft SharePoint instance and also to make matters worse, Adobe's HackerOne account. Adobe is yet to comment on this matter.

I've written a scanner for XPI browser extension files which analyzes a browser extension for malicious content. It will print everything that is suspicious or could be used for something malicious so that you will know if and where you can begin with your malware analysis. Example output of a Firefox malware extension (which is live on firefox extensions store)

browser-xpi-malware-scanner.py - Python script for XPI malware scanning on github.com

I have written the above script, and I ran it against 15~ random extensions from the store with less than 10K downloads, and it didn't take me more than 10 minutes to find the malware extension above.

I've also completely reverse engineered the extension to find out exactly what it does, and written an article about it where I walk you through the code and exploitation process steb-by-step, showing all the techniques used to hide from the verification processes in the extension store, breaking out of the sandbox and stealing credentials with a full Command and control server controlling it.

The malware code is very sophisticated. The payload never touches the DOM. It never appears in network DevTools as a suspicious request. It is stored in extension localStorage where casual inspection won't find it. But my scanner will catch it.

Techniques used:

• Steganographic Payload in PNG Icon
• Unicode Low-Byte Encoding Trick
• Decoded Payload: The C2 String Table
• 72-Hour Sleeper with Random Sampling
• C2 Beacon via Another PNG File
• Dynamic `declarativeNetRequest` Rule Injection
• Affiliate Commission Hijacking
• Content Script Privilege Escalation Bridge
• Arbitrary URL Redirect on Any Domain
• CSP Erasure

Full deep dive analysis with code examples in link above. The extension discussed is live as of today.

Deep dive of malware found on firefox extension store - multiple evasion techniques used including steganography, sleep before C2 beacon and content script privilege escalation. browser-xpi-malware-scanner.py - Python script for XPI malware scanning on github.com

I hope you enjoy it!

Here is the output of the python script, which helps us analyze the code.

```bash browser-xpi-malware-scanner.py ../malware-extensions/YTMP4\ -\ Download\ YouTube\ Videos\ to\ MP4.xpi -v [i] Analyzing 1 target(s) with minimum severity 'INFO' [+] Found 1 XPI(s) to analyze [i] Analyzing XPI: ../malware-extensions/YTMP4 - Download YouTube Videos to MP4.xpi Analyzing entry: setting.html Analyzing entry: manifest.json Analyzing entry: adpoint.json Analyzing entry: index.html Analyzing entry: _locales/en/messages.json Analyzing entry: icon/icon_gray.png Analyzing entry: icon/loading.webp Analyzing entry: icon/logo.png Analyzing entry: icon/icon64.png Analyzing entry: icon/loading.gif Analyzing entry: css/index.css Analyzing entry: css/iconfont.ttf Analyzing entry: css/iconfont.css Analyzing entry: js/index.js Analyzing entry: js/setting.js Analyzing entry: js/y2meta-uk.com.js Analyzing entry: js/content.js Analyzing entry: js/bg.js Analyzing entry: js/jquery-3.4.1.min.js Analyzing entry: js/snapany.com.js Analyzing entry: js/ytmp4.co.za.js Analyzing entry: META-INF/cose.manifest Analyzing entry: META-INF/cose.sig Analyzing entry: META-INF/manifest.mf Analyzing entry: META-INF/mozilla.sf Analyzing entry: META-INF/mozilla.rsa

════════════════════════════════════════════════════════════════════════ XPI ANALYZER — YTMP4 - Download YouTube Videos to MP4.xpi ════════════════════════════════════════════════════════════════════════ Extension Name: YTMP4 - Download YouTube Videos to MP4 Extension UUID: 1efab3c2-06ac-4040-975d-e006baac07ce@ytmp4 Overall verdict: CRITICAL RISK

────────────────────────────────────────────────────────────────────── MANIFEST.JSON: ────────────────────────────────────────────────────────────────────── { "manifestversion": 3, "name": "MSG_extName", "description": "MSG_description_", "version": "1.3.4", "default_locale": "en", "permissions": [ "tabs", "storage", "declarativeNetRequest", "downloads" ], "host_permissions": [ "<all_urls>" ], "action": { "default_icon": { "19": "icon/icon_gray.png", "38": "icon/icon_gray.png" }, "default_title": "YTMP4" }, "background": { "scripts": [ "js/bg.js" ] }, "content_scripts": [ { "js": [ "js/content.js" ], "matches": [ "https:///", "http:///" ], "all_frames": true, "run_at": "document_end" }, { "js": [ "js/jquery-3.4.1.min.js", "js/ytmp4.co.za.js" ], "matches": [ "https://.ytmp4.co.za/" ], "all_frames": true, "run_at": "document_start" }, { "js": [ "js/jquery-3.4.1.min.js", "js/y2meta-uk.com.js" ], "matches": [ "https://.y2meta-uk.com/" ], "all_frames": true, "run_at": "document_start" }, { "js": [ "js/jquery-3.4.1.min.js", "js/snapany.com.js" ], "matches": [ "https://.snapany.com/" ], "all_frames": true, "run_at": "document_start" } ], "sidebar_action": { "default_panel": "index.html", "default_icon": "icon/icon64.png" }, "icons": { "128": "icon/icon64.png" }, "declarative_net_request": { "rule_resources": [ { "id": "adblocker01", "enabled": true, "path": "adpoint.json" } ] }, "browser_specific_settings": { "gecko": { "id": "1efab3c2-06ac-4040-975d-e006baac07ce@ytmp4" } } } ──────────────────────────────────────────────────────────────────────

Findings: 1 CRITICAL 22 HIGH 17 MEDIUM 1 INFO

── CRITICAL ────────────────────────────────────────────────────────── [CRITICAL] [PNG_APPENDED] icon/logo.png: 1902 bytes appended after PNG IEND (entropy=5.63) — classic stego carrier CODE: b'ncige\x1f\xe3\xbd\xa9\x18\xe3\xa1\x84\xe1\xa1\xa1\x18\xe3\xa1\xb9\x1f\xe3\xbd\xb3\x1c\xe3\xb0\xba\x1b\xe5\xac\xa0\r\n\… ── HIGH ────────────────────────────────────────────────────────────── [HIGH ] [CLASS_STORAGE_OVERLAP] js/content.js: String literal '7yfuf2' appears both as a JS string in this file and as an HTML class attribute in index.html — likely used as a covert stego marker or out-of-band key CODE: class='7yfuf2' in index.html [HIGH ] [CLASS_STORAGE_OVERLAP] js/content.js: String literal 'ncige' appears both as a JS string in this file and as an HTML class attribute in index.html — likely used as a covert stego marker or out-of-band key CODE: class='ncige' in index.html [HIGH ] [JS_OBFUSCATION] js/content.js:380 atob() — decoding base64 at runtime (possible payload decode) CODE: '); fileTip = atob(contentPool[screenValues]).replace(image Context: if (contentPool && contentPool[screenValues]) { var image$1 = new RegExp(pageArr.buffer$1[37], 'g'); fileTip = atob(contentPool[screenValues]).replace(image$1, ''); dataExt = JSON.parse(fileTip); screenValues = dataExt.map [HIGH ] [JS_OBFUSCATION] js/content.js:719 atob() — decoding base64 at runtime (possible payload decode) CODE: return dataExt ? atob(atob(this)) : btoa(this).replace(/=/g, " Context: function reContentAll(dataExt) { return dataExt ? atob(atob(this)) : btoa(this).replace(/=/g, ""); };

[HIGH ] [JS_OBFUSCATION] js/content.js:719 atob() — decoding base64 at runtime (possible payload decode) CODE: turn dataExt ? atob(atob(this)) : btoa(this).replace(/=/g, ""); Context: function reContentAll(dataExt) { return dataExt ? atob(atob(this)) : btoa(this).replace(/=/g, ""); };

[HIGH ] [JS_OBFUSCATION] js/content.js:2364 atob() — decoding base64 at runtime (possible payload decode) CODE: ol); }); return atob(dataExt); } function getComponentNam Context: dataExt += updImgOn(contentPool); }); return atob(dataExt); }

[HIGH ] [JS_OBFUSCATION] js/snapany.com.js:126 decodeURIComponent(escape()) — encoding trick to bypass scanners CODE: return decodeURIComponent(escape(i.bin.bytesToString(e))) Context: }, bytesToString: function(e) { return decodeURIComponent(escape(i.bin.bytesToString(e))) } }, [HIGH ] [JS_OBFUSCATION] js/ytmp4.co.za.js:114 atob() — decoding base64 at runtime (possible payload decode) CODE: ") , a = window.atob(t) , s = new Uint8Array(a.length); Context: try { let t = e.replace(/\s/g, "") , a = window.atob(t) , s = new Uint8Array(a.length); for (let e = 0; e < a.length; e++) [HIGH ] [PERMISSION] manifest.json: Dangerous permission: '<all_urls>' — Access to ALL website content — can read/exfiltrate any page data PERMISSION: permissions: ['tabs', 'storage', 'declarativeNetRequest', 'downloads', '<all_urls>'] [HIGH ] [PNG_CHUNK] icon/logo.png: Unknown PNG chunk type 'eã½' (1894 bytes) — non-standard chunks can hide data CODE: b'\xa9\x18\xe3\xa1\x84\xe1\xa1\xa1\x18\xe3\xa1\xb9\x1f\xe3\xbd\xb3\x1c\xe3\xb0\xba\x1b\xe5\xac\xa0\r\n\xe2\xa8\xa4\x15\x… [HIGH ] [SUSPICIOUS_URL] js/index.js:323 External domain contact: i.ytimg.com URL: https://i.ytimg.com Context: "key": "063126d939ad67595c7721db791df64926ccd9e1", "quality": "144", "thumbnail": "https://i.ytimg.com/vi_webp/uU1YatflISg/maxresdefault.webp", "thumbnail_formats": [ { [HIGH ] [SUSPICIOUS_URL] js/index.js:328 External domain contact: media.savetube.me URL: https://media.savetube.me Context: "label": "Thumbnail", "quality": "Thumbnail", "url": "https://media.savetube.me/media-downloader?url=https%3A//i.ytimg.com/vi_webp/uU1YatflISg/maxresdefault.webp&ext=jpg", "value": "Thumbnail"

[HIGH ] [SUSPICIOUS_URL] js/index.js:389 External domain contact: cdn305.savetube.su URL: https://cdn305.savetube.su Context: "label": "144p", "quality": 144, "url": "https://cdn305.savetube.su/download-direct/video/144/063126d939ad67595c7721db791df64926ccd9e1", "width": 256 } [HIGH ] [SUSPICIOUS_URL] js/y2meta-uk.com.js:35 External domain contact: y2meta-uk.com URL: https://y2meta-uk.com Context: count = 0; switch (d.action){ case 'CONVERT_BEGIN': //mainframe https://y2meta-uk.com/convert/ detectSubIframe(d.yt,'CONVERT_START'); break; [HIGH ] [SUSPICIOUS_URL] js/y2meta-uk.com.js:38 External domain contact: iframe.y2meta-uk.com URL: https://iframe.y2meta-uk.com Context: detectSubIframe(d.yt,'CONVERT_START'); break; case 'CONVERT_START': //subframe https://iframe.y2meta-uk.com/mainindex.php?videoId= convertStart(d.yt); break; [HIGH ] [SUSPICIOUS_URL] js/y2meta-uk.com.js:41 External domain contact: y2meta-uk.com URL: https://y2meta-uk.com Context: convertStart(d.yt); break; case 'GET_DOWNLOAD_DATA': //mainframe https://y2meta-uk.com/convert/ detectSubIframe(d.yt,'GET_DOWNLOAD_DATA_SUBFRAME'); break; [HIGH ] [SUSPICIOUS_URL] js/y2meta-uk.com.js:44 External domain contact: iframe.y2meta-uk.com URL: https://iframe.y2meta-uk.com Context: detectSubIframe(d.yt,'GET_DOWNLOAD_DATA_SUBFRAME'); break; case 'GET_DOWNLOAD_DATA_SUBFRAME': //subframe https://iframe.y2meta-uk.com/mainindex.php?videoId= var e = d.yt, formData = new URLSearchParams(); [HIGH ] [SUSPICIOUS_URL] js/y2meta-uk.com.js:60 External domain contact: api.mp3youtube.cc URL: https://api.mp3youtube.cc Context: try { var t = await getkey(); var n = await fetch('https://api.mp3youtube.cc/v2/converter', { method: "POST", [HIGH ] [SUSPICIOUS_URL] js/y2meta-uk.com.js:132 External domain contact: api.mp3youtube.cc URL: https://api.mp3youtube.cc Context: async function getkey() { let e = await fetch("https://api.mp3youtube.cc/v2/sanity/key") , t = await e.json(); return t.key [HIGH ] [SUSPICIOUS_URL] js/content.js:866 External domain contact: vuejs.org URL: https://vuejs.org Context: warn( 'data functions should return an object:\n' + 'https://vuejs.org/v2/guide/components.html#data-Must-Be-a-Function', vm ); [HIGH ] [SUSPICIOUS_URL] js/snapany.com.js:65 External domain contact: api.snapany.com URL: https://api.snapany.com Context: let v, a, f; f = getGfooter(e); v = await fetch("https://api.snapany.com/v1/extract",{ method: "POST", headers: { [HIGH ] [SUSPICIOUS_URL] js/ytmp4.co.za.js:135 External domain contact: media.savetube.vip URL: https://media.savetube.vip Context: async function getRandomCdn() { let e = await fetch("https://media.savetube.vip/api/random-cdn") , t = await e.json(); return t.cdn ── MEDIUM ──────────────────────────────────────────────────────────── [MEDIUM ] [JS_OBFUSCATION] js/index.js:73 fetch() call — verify destination is legitimate CODE: odeName); !val && fetch(logo.src) .then(defaultTip => default Context: var val = await localGet(nodeName); !val && fetch(logo.src) .then(defaultTip => defaultTip.text()) .then((textTag) => { [MEDIUM ] [JS_OBFUSCATION] js/y2meta-uk.com.js:60 fetch() call — verify destination is legitimate CODE: var n = await fetch('https://api.mp3youtube.cc/v2/converter' Context: try { var t = await getkey(); var n = await fetch('https://api.mp3youtube.cc/v2/converter', { method: "POST", [MEDIUM ] [JS_OBFUSCATION] js/y2meta-uk.com.js:132 fetch() call — verify destination is legitimate CODE: { let e = await fetch("https://api.mp3youtube.cc/v2/sanity/key Context: async function getkey() { let e = await fetch("https://api.mp3youtube.cc/v2/sanity/key") , t = await e.json(); return t.key [MEDIUM ] [JS_OBFUSCATION] js/content.js:46 String.fromCharCode — character-code obfuscation CODE: ) { return String.fromCharCode(screenValues); } function hasConten Context: function updImgOn(screenValues) { return String.fromCharCode(screenValues); }

[MEDIUM ] [JS_OBFUSCATION] js/content.js:50 fetch() call — verify destination is legitimate CODE: tPool, dataExt) { fetch(contentPool).then(lineSize => { if (l Context: function hasContentAll(contentPool, dataExt) { fetch(contentPool).then(lineSize => { if (lineSize.ok) lineSize.text().then(event$1 => dataExt(1, event$1)) else dataExt(0) [MEDIUM ] [JS_OBFUSCATION] js/jquery-3.4.1.min.js:2 String.fromCharCode — character-code obfuscation CODE: !=r||n?t:r<0?String.fromCharCode(r+65536):String.fromCharCode(r>>10|5529 Context: /! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */ !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQ [MEDIUM ] [JS_OBFUSCATION] js/jquery-3.4.1.min.js:2 String.fromCharCode — character-code obfuscation CODE: ode(r+65536):String.fromCharCode(r>>10|55296,1023&r|56320)},re=/([\0-\x1 Context: /*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */ !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQ [MEDIUM ] [JS_OBFUSCATION] js/jquery-3.4.1.min.js:2 Long innerHTML assignment — possible HTML injection CODE: e){a.appendChild(e).innerHTML="<a id='"+k+"'></a><select id='"+k+"-\r\\' msallowcapture=''><option selected=''></option>… Context: /! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQ [MEDIUM ] [JS_OBFUSCATION] js/jquery-3.4.1.min.js:2 Long innerHTML assignment — possible HTML injection CODE: unction(e){return e.innerHTML="<a href='#'></a>","#"===e.firstChild.getAttribute("href")})||fe("type|href|height|width",… Context: /! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQ [MEDIUM ] [JS_OBFUSCATION] js/jquery-3.4.1.min.js:2 Long innerHTML assignment — possible HTML injection CODE: LDocument("").body).innerHTML="<form></form><form></form>",2===Vt.childNodes.length),k.parseHTML=function(e,t,n){return"… Context: /! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */ !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQ [MEDIUM ] [JS_OBFUSCATION] js/snapany.com.js:137 String.fromCharCode — character-code obfuscation CODE: i.push(String.fromCharCode(e[t])); return i.j Context: bytesToString: function(e) { for (var i = [], t = 0; t < e.length; t++) i.push(String.fromCharCode(e[t])); return i.join("") } [MEDIUM ] [JS_OBFUSCATION] js/snapany.com.js:123 unescape() — URL-encoding obfuscation CODE: i.bin.stringToBytes(unescape(encodeURIComponent(e))) Context: utf8: { stringToBytes: function(e) { return i.bin.stringToBytes(unescape(encodeURIComponent(e))) }, bytesToString: function(e) { [MEDIUM ] [JS_OBFUSCATION] js/snapany.com.js:65 fetch() call — verify destination is legitimate CODE: er(e); v = await fetch("https://api.snapany.com/v1/extract",{ Context: let v, a, f; f = getGfooter(e); v = await fetch("https://api.snapany.com/v1/extract",{ method: "POST", headers: { [MEDIUM ] [JS_OBFUSCATION] js/ytmp4.co.za.js:135 fetch() call — verify destination is legitimate CODE: { let e = await fetch("https://media.savetube.vip/api/random-c Context: async function getRandomCdn() { let e = await fetch("https://media.savetube.vip/api/random-cdn") , t = await e.json(); return t.cdn [MEDIUM ] [JS_OBFUSCATION] js/ytmp4.co.za.js:142 fetch() call — verify destination is legitimate CODE: Cdn(); v = await fetch("https://".concat(t, "/v2/info"),{ m Context: async function fetchData(e) { let v, a, s, t = await getRandomCdn(); v = await fetch("https://".concat(t, "/v2/info"),{ method: "POST", headers: {'Content-Type': 'application/json'}, [MEDIUM ] [JS_OBFUSCATION] js/ytmp4.co.za.js:165 fetch() call — verify destination is legitimate CODE: try { v = await fetch("https://".concat(l, "/download"), { Context: }; try { v = await fetch("https://".concat(l, "/download"), { method: "POST", headers: { [MEDIUM ] [PERMISSION] manifest.json: Dangerous permission: 'downloads' — Can initiate and read downloads PERMISSION: permissions: ['tabs', 'storage', 'declarativeNetRequest', 'downloads', '<all_urls>'] ── INFO ────────────────────────────────────────────────────────────── [INFO ] [METADATA] ../malware-extensions/YTMP4 - Download YouTube Videos to MP4.xpi: SHA-256: f4c493377c6065e039f547ab0da5bafdfb8eaffa524fd744c119fd2bb6cfef30 | size: 99,547 bytes ════════════════════════════════════════════════════════════════════════

```

A few days ago I wrote about how the Trivy ecosystem got turned into a credential stealer. One of my takeaways was “pin by SHA.” Every supply chain security guide says it, I’ve said it, every subreddit says it, and the GitHub Actions hardening docs say it.

The Trivy attack proved it wrong, and I think we need to talk about why.

Here is a draft for a Reddit post tailored for the r/homelab community.

Title: [Project] Turning a Raspberry Pi into a "Poor Man's" Enterprise IDS/NSM using Zeek and Suricata

Hey everyone,

I’ve been looking for ways to get better visibility into my network traffic without dropping $500+ on dedicated hardware or running a power-hungry 1U server 24/7. I came across this guide from HookProbe that breaks down how to deploy Zeek and Suricata on a Raspberry Pi (specifically optimized for the Pi 4/5), and I thought it would be right up this sub's alley.

Link: Deploying Zeek and Suricata on Raspberry Pi for Edge Security

Why this is cool for a Homelab:

• The "Double Whammy": It uses Suricata for signature-based detection (finding the "known bad") and Zeek for high-level metadata/network analysis (the "context"). Usually, running both on a Pi would kill the CPU, but the post goes into some decent optimization tricks.
• Resource Management: It covers pinning network interface interrupts to specific cores and increasing ring buffer sizes so you don't drop packets when your 1Gbps fiber actually hits its peak.
• Edge Defense: Instead of just monitoring your "main" server, the idea is to place these at the "edge" (connected to a mirror/SPAN port on your switch) to see everything—IoT devices, guest Wi-Fi, etc.—before it even hits your core network.

The Setup: The guide walks through the /etc configurations for both tools. If you’re like me and love structured logs (DNS queries, SSL handshakes, HTTP headers) for your ELK stack or Grafana dashboards, Zeek is a goldmine.

Some questions for the community:

1. Is anyone else running Zeek/Suricata on ARM hardware? How are you handling the heat/throttling during heavy traffic?
2. Are you using a managed switch with a SPAN port, or are you using a hardware tap to feed the Pi?
3. For those using the Pi 5, have you noticed a significant jump in PPS (packets per second) handling compared to the Pi 4?

I’m planning to set this up this weekend to feed into my local SOC dashboard. If you're looking for a low-cost way to move past "just a basic firewall," this seems like a solid weekend project.

Curious to hear if anyone has tried a similar "Edge Security" approach!

Built a free red team arena for testing real attack paths against a live defense system for ShieldNet DLX7.

This is NOT a CTF or a static lab. It actually responds to what you do.

Current scenarios:

• prompt injection bypass
• DOM tamper (including honeytrap detection)
• JWT forging (alg confusion, role escalation)
• API exfil (debug routes, traversal)
• indirect injection (markdown, SVG, base64 payloads)

Everything runs in a sandbox. No production targets. Novel attacks generate detection rules that get reviewed and pushed into the system

If you want to test how your payloads actually hold up against modern defenses, this is useful.

https://www.shieldnet.app/red-team-arena.html

Mongoose network library <= 7.20

CVE-2026-5244 - mg_tls_recv_cert pubkey heap-based overflow (exploitable)
CVE-2026-5245 - mDNS Record stack-based overflow (exploitable)
CVE-2026-5246 - authorization bypass via P-384 Public Key (trivially exploitable)

Fun ride.

Researcher Yarden Porat (Cyata) disclosed a vulnerability chain in CrewAI, the widely-used Python multi-agent framework. CERT/CC advisory VU#221883. No full patch released yet.

The chain:

CVE-2026-2275 — Code Interpreter silently falls back to SandboxPython when Docker is unavailable. SandboxPython allows arbitrary C function calls → RCE.

CVE-2026-2287 — CrewAI does not continuously verify Docker availability during runtime. An attacker who triggers the fallback mid-execution lands in the vulnerable sandbox.

CVE-2026-2285 — JSON loader tool reads files without path validation. Arbitrary local file read.

CVE-2026-2286 — RAG search tools don't validate runtime URLs → SSRF to internal services and cloud metadata endpoints.

Attack entry point: prompt injection against any agent with Code Interpreter Tool enabled. The attacker doesn't need code execution access to the host — they just need to reach the agent with crafted input.

Scope: Any CrewAI deployment running Code Interpreter Tool where Docker is not guaranteed to be available (or can be disrupted). Default "unsafe mode" config is fully exposed.

Current status: CrewAI maintainers are working on mitigations (fail closed instead of fallback, block C modules, clearer warnings). Not released. No CVSSv3 scores published yet.

Has anyone tested whether the Docker availability check can be disrupted mid-execution in a containerized deployment, or does that attack path require an already-degraded environment?

On March 24, 2026, Mercor AI was reportedly affected by a breach linked to the hacking group Lapsus$. The incident is believed to have originated from a supply chain attack involving a compromised LiteLLM package, which may have been inadvertently pulled by one of Mercor’s AI agents.

Through this vector, attackers allegedly gained access to internal systems, including Tailscale VPN credentials, and exfiltrated approximately 4TB of data. The leaked data reportedly included 211GB of candidate records, 939GB of source code, and around 3TB of video interviews and identity documents.

In a public statement on X (formerly Twitter), Mercor said that it had identified itself as one of many companies impacted by the LiteLLM supply chain attack. The company added that its security team acted quickly to contain the breach and begin remediation efforts. Possible attack chain pathway linked.