Lmst

Tirith introduces proactive detection for homoglyph and terminal-injection attacks directly inside the shell.

By analyzing commands locally and blocking execution when deceptive Unicode, unsafe pipelines, or typosquatted sources are detected, the tool addresses a blind spot left by browser-centric defenses. Its zero-telemetry, no-network design makes it suitable for sensitive environments.

Source: https://www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-commands/

💬 Is CLI-level defense overdue in enterprise security stacks?

🔔 Follow @technadu for emerging defensive tooling

#InfoSec #DevSecOps #TerminalSecurity #OpenSourceSecurity #PhishingDefense #CyberTools #TechNadu

New tool blocks imposter attacks disguised as safe commands

🚨 Patreon exclusive tomorrow! 🚨
February Bonus Episode of Impractical Privacy:

OS Ops. Securing your Desktop.

🔐 We break down the hidden telemetry, hard‑ening tricks, and how to throw Whonix or Tails into the mix for that extra layer of anonymity.

👥 Only for my Patreon Big Fans—thank you for keeping the lights on and the data safe.

▶️ Listen now: https://www.patreon.com/c/SudoBurnToast

#ImpracticalPrivacy #PrivacyTools #SurveillanceState #DigitalSelfDefense #OpenSourceSecurity #Windows #macOS #Linux

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=0GtI0pEWpzI

The Eclipse Foundation is moving Open VSX Registry security upstream by introducing pre-publish extension verification, transitioning from reactive incident response to proactive risk reduction.

Checks are designed to flag impersonation, exposed secrets, and known malicious patterns, with suspicious submissions quarantined for review. The phased rollout aims to minimize false positives while improving ecosystem trust.

This aligns with broader trends in securing developer tooling and shared infrastructure against supply-chain abuse.

Source: https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html

💬 How effective do you expect pre-publish controls to be in open-source ecosystems?
Follow @technadu for objective infosec reporting.

#Infosec #SupplyChainSecurity #OpenSourceSecurity #DevSecOps #VSCode #TechNadu

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Researchers found 341 malicious ClawHub repos spreading malware — open-source trust is being actively abused at scale. Clone carefully. 🧩⚠️ #OpenSourceSecurity #SupplyChainRisk

https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html

This episode of #OpenSourceSecurity I have a chat with David Bernstein about crisis response

I love this topic because responding to a crisis is pretty common in security work, but doesn't have to be a gong show

This is one of those topics that can go really deep. I think David did a nice job covering some basics. I think it will be worth diving deeper into this one for some future episodes

https://opensourcesecurity.io/2026/2026-02-crisis-management-david-bernstein/

Die 50 wichtigsten Open‑Source‑Konferenzen im Jahr 2026!

https://opensource.org/blog/top-50-open-source-conferences-in-2026

#OpenSource #OpenSourceSoftware
#OpenSourceCommunity
#OpenSourceProjects
#OpenSourceDevelopment
#OpenSourceLicenses
#OpenSourceSecurity
#OpenSourceTools
#OpenSourceContribution
#OpenSourceInnovation

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=rKOnBryIYww

It was awesome to have @firstyear back on #OpenSourceSecurity to chat about about passkeys

I was struggling to understand what a passkey actually is

Apparently is because the definition of what a passkey is has changed over time

There's so much to learn from this episode I don't even know where to start

https://opensourcesecurity.io/2026/2026-01-passkey-william-brown/

📝 New article by a CrowdSec Ambassador, Killian Prin-Abeil! 🎉

In this deep dive, Killian breaks down React2Shell (CVE-2025-55182), from how the RCE works in React Server Components to why Next.js apps are vulnerable by default.

He also explores how the community reacted in hours, with CrowdSec shipping a virtual patch and threat intel to reduce exposure immediately.

👉Read it here: https://crowdsec.net/blog/react2shell-overly-spicy-side-of-react-19

#react #NextJS #AppSec #opensourcesecurity #react2shell #CVE

RE: https://infosec.exchange/@joshbressers/115922663272346008

Wanna learn why #Suricata has meerkat as mascots? (And also much more about our project, from our lead developer).

Tune in for another great episode of #OpenSourceSecurity! ;)

This episode of #OpenSourceSecurity I discuss @suricata with @inliniac

Victor tells us all about the past, present, and future of #Suricata

I learned a ton

https://opensourcesecurity.io/2026/2026-01-suricata-victor-julien/

We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=EBUBPBIvuT4

For the evening crowd: I was on @joshbressers's #OpenSourceSecurity podcast, chatting about iocaine. My first interview and video appearance in about a decade, and it was a lot of fun. Thanks Josh!

Also: there's now recent video proof that I am not a mouse! I even look presentable on the thumbnail, a marvelous feat.

Look here for the link.

This week on #OpenSourceSecurity I have a chat with @algernon about @iocaine

Iocaine creates a maze of garbage to trap scraping bots. I love this idea, it has amazing chaotic good energy!

I learn all about how Iocaine works, and even got to see some dashboards showing off the size of the problem and how Iocaine handles it all.

https://opensourcesecurity.io/2026/2026-01-iocaine-algernon/

#opensourcesecurity

Client Info