As strikes continue on Iran’s nuclear facilities, the real danger isn’t the explosion, but what happens if critical safety systems fail—and how that risk could spread across the Gulf.
A few days ago I wrote about how the Trivy ecosystem got turned into a credential stealer. One of my takeaways was “pin by SHA.” Every supply chain security guide says it, I’ve said it, every subreddit says it, and the GitHub Actions hardening docs say it.
The Trivy attack proved it wrong, and I think we need to talk about why.
Here is a draft for a Reddit post tailored for the r/homelab community.
Title: [Project] Turning a Raspberry Pi into a "Poor Man's" Enterprise IDS/NSM using Zeek and Suricata
Hey everyone,
I’ve been looking for ways to get better visibility into my network traffic without dropping $500+ on dedicated hardware or running a power-hungry 1U server 24/7. I came across this guide from HookProbe that breaks down how to deploy Zeek and Suricata on a Raspberry Pi (specifically optimized for the Pi 4/5), and I thought it would be right up this sub's alley.
The "Double Whammy": It uses Suricata for signature-based detection (finding the "known bad") and Zeek for high-level metadata/network analysis (the "context"). Usually, running both on a Pi would kill the CPU, but the post goes into some decent optimization tricks.
Resource Management: It covers pinning network interface interrupts to specific cores and increasing ring buffer sizes so you don't drop packets when your 1Gbps fiber actually hits its peak.
Edge Defense: Instead of just monitoring your "main" server, the idea is to place these at the "edge" (connected to a mirror/SPAN port on your switch) to see everything—IoT devices, guest Wi-Fi, etc.—before it even hits your core network.
The Setup: The guide walks through the /etc configurations for both tools. If you’re like me and love structured logs (DNS queries, SSL handshakes, HTTP headers) for your ELK stack or Grafana dashboards, Zeek is a goldmine.
Some questions for the community:
Is anyone else running Zeek/Suricata on ARM hardware? How are you handling the heat/throttling during heavy traffic?
Are you using a managed switch with a SPAN port, or are you using a hardware tap to feed the Pi?
For those using the Pi 5, have you noticed a significant jump in PPS (packets per second) handling compared to the Pi 4?
I’m planning to set this up this weekend to feed into my local SOC dashboard. If you're looking for a low-cost way to move past "just a basic firewall," this seems like a solid weekend project.
Curious to hear if anyone has tried a similar "Edge Security" approach!
Now open-source under Apache 2.0, Gemma 4 brings offline, multimodal AI to servers, phones, and Raspberry Pi - giving developers total local control over edge and on-premises deployments.
With one hand holding my dog and no keyboard, I advanced two serious development projects using AI prompting, proving that the traditional coding setup may no longer be required.
This category recognizes work that doesn’t just perform, it matters: campaigns that raise awareness, inspire action, and make a real-world impact.
That’s exactly what “Keep It Real” set out to do.
Because behind every scam statistic is a person who thought they were making the right call. And too often, what follows isn’t just financial loss. It’s embarrassment, silence, and stigma.
We wanted to change that.
The campaign launched alongside McAfee Scam Detector to address a growing reality: scams powered by AI are becoming harder to recognize and easier to fall for.
“Keep It Real” paired real survivor stories with AI-driven protection to show how scams actually happen and how people can stop them in the moment.
The goal was simple:
Normalize the experience
Remove shame around being scammed
Help more people recognize scams faster
Because when people feel safe talking about scams, they’re more likely to spot them and stop them.
What Are the Shorty Awards?
The Shorty Awards honor the best work in social media, digital campaigns, and online storytelling across brands, creators, and organizations.
Now in their 18th year, the awards recognize campaigns that combine creativity, impact, and real-world relevance. Finalists are selected alongside leading global brands and judged on both industry evaluation and public voting.
How McAfee’s Scam Detector Fits In
McAfee’s Scam Detector is designed to help people identify scams across everyday digital moments.
It uses AI to fight AI by flagging suspicious:
Text messages and emails
QR codes and links
Social media messages
AI-generated and deepfake content
By combining automatic detection with clear guidance, Scam Detector helps people better understand what they’re seeing and decide what to trust.
Real Stories Behind the Campaign
A core part of “Keep It Real” was giving space to people who experienced scams to share what happened, in their own words.
These stories helped show that scams can happen to anyone and played a key role in breaking the stigma around being targeted.
This recognition reflects the work across McAfee teams who built and brought this campaign to life, including product, engineering, research, creative, and communications.
It also reflects the individuals who chose to share their real scam stories to help others recognize scams, stay safer, and end the shame and stigma around being scammed.
Support the Campaign
The Shorty Awards include a public voting component.
Researcher Yarden Porat (Cyata) disclosed a vulnerability chain in CrewAI, the widely-used Python multi-agent framework. CERT/CC advisory VU#221883. No full patch released yet.
The chain:
CVE-2026-2275 — Code Interpreter silently falls back to SandboxPython when Docker is unavailable. SandboxPython allows arbitrary C function calls → RCE.
CVE-2026-2287 — CrewAI does not continuously verify Docker availability during runtime. An attacker who triggers the fallback mid-execution lands in the vulnerable sandbox.
CVE-2026-2285 — JSON loader tool reads files without path validation. Arbitrary local file read.
CVE-2026-2286 — RAG search tools don't validate runtime URLs → SSRF to internal services and cloud metadata endpoints.
Attack entry point: prompt injection against any agent with Code Interpreter Tool enabled. The attacker doesn't need code execution access to the host — they just need to reach the agent with crafted input.
Scope: Any CrewAI deployment running Code Interpreter Tool where Docker is not guaranteed to be available (or can be disrupted). Default "unsafe mode" config is fully exposed.
Current status: CrewAI maintainers are working on mitigations (fail closed instead of fallback, block C modules, clearer warnings). Not released. No CVSSv3 scores published yet.
Has anyone tested whether the Docker availability check can be disrupted mid-execution in a containerized deployment, or does that attack path require an already-degraded environment?
Login
