name: cyber-threat-brief
description: Get a concise daily cybersecurity threat intelligence briefing. Summarizes the latest CVEs, threat actor activity, and security advisories from public feeds. Use when you want a quick security overview, emerging threat roundup, or need to check if a specific CVE or threat group has recent activity. No API key needed.
homepage: https://cve.mitre.org
metadata:
{
"openclaw":
{
"emoji": "🛡️",
"requires": { "bins": ["curl"] },
},
}

Cyber Threat Brief

Get a concise, actionable cybersecurity threat intelligence summary on demand.

When to Use

• "What are the latest CVEs?"
• "Any new threat actor activity?"
• "Give me a threat brief"
• "What's trending in cybersecurity today?"
• "Check CVE-2026-XXXXX"

How It Works

Fetches the latest data from public threat intelligence feeds and summarizes:

1. Critical CVEs — New and trending vulnerabilities from NIST NVD
2. Threat Actor Activity — Recent campaigns from public threat reports
3. Security Advisories — Vendor patches and advisories

Commands

Quick Threat Brief

curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?resultsPerPage=5" | head -c 4000

Check Specific CVE

curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-XXXXX"

CISA Known Exploited Vulnerabilities

curl -s "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" | head -c 4000

Important

Before generating a threat brief, always read the operational guidelines in references/threat-sources.md for the full list of sources and formatting rules.

Output Format

Present the briefing as a structured report:

• Date/Time
• Critical CVEs (severity, affected products, patch status)
• Active Threats (actor, campaign, targets, TTPs)
• Advisories (vendor, product, action required)
• Analyst Notes (trends, recommendations)

Notes

• All data from public, free sources (no API key required)
• Rate-limited feeds; don't spam requests
• Intelligence is best-effort; verify critical items against primary sources