Tirith adds command-line homoglyph blocking for pasted URLs and shell commands
Security Tool/Service
Summary
Hide ▲
Show ▼
Tirith is a new open-source, cross-platform command-line security tool that detects homoglyph attacks before pasted commands run, reducing the risk of deceptive URL execution in shells. It hooks into zsh, bash, fish, and PowerShell and inspects pasted commands for lookalike characters, invisible text, and other terminal-injection tricks. The release matters because terminals remain vulnerable to ClickFix-style abuse and other command-line deception even when browsers have already addressed similar risks.
Related Happenings
Apple macOS Tahoe 26.4 Terminal warning blocks ClickFix-style pasted commands
Security Tool/Service
First: 30.03.2026 17:32
Last: 30.03.2026 17:32
Sources 1
About this happening:
**Apple** added a **Terminal** safety warning in **macOS Tahoe 26.4** that delays or blocks pasted commands when they look harmful, reducing the chance that users execute **ClickF...
Apple macOS Tahoe 26.4 Terminal warning blocks ClickFix-style pasted commands
Security Tool/ServiceAbout this happening: **Apple** added a **Terminal** safety warning in **macOS Tahoe 26.4** that delays or blocks pasted commands when they look harmful, reducing the chance that users execute **ClickF...
Microsoft silently patches in Windows LNK files remote code execution flaw (CVE-2025-9491)
Vulnerability
First: 12.02.2026 23:01
Last: 12.02.2026 23:01
Sources 1
About this happening:
**Windows LNK shortcut files** remain the focus of this vulnerability thread: **CVE-2025-9491** / **ZDI-CAN-25373** is being used in **September-October 2025** spear-phishing atta...
Microsoft silently patches in Windows LNK files remote code execution flaw (CVE-2025-9491)
VulnerabilityAbout this happening: **Windows LNK shortcut files** remain the focus of this vulnerability thread: **CVE-2025-9491** / **ZDI-CAN-25373** is being used in **September-October 2025** spear-phishing atta...
Lnk-it-up open-source suite for generating and detecting malicious Windows LNK shortcuts
Security Tool/Service
First: 12.02.2026 23:01
Last: 12.02.2026 23:01
Sources 1
About this happening:
**lnk-it-up** is a newly released open-source suite for **Windows LNK shortcuts** that helps testers generate deceptive files and helps defenders spot shortcuts where **Explorer**...
Lnk-it-up open-source suite for generating and detecting malicious Windows LNK shortcuts
Security Tool/ServiceAbout this happening: **lnk-it-up** is a newly released open-source suite for **Windows LNK shortcuts** that helps testers generate deceptive files and helps defenders spot shortcuts where **Explorer**...
CoolClient backdoor variant adds browser login theft and clipboard monitoring
Malware Activity
First: 28.01.2026 00:26
Last: 28.01.2026 00:26
Sources 1
About this happening:
The **CoolClient backdoor** used by **Mustang Panda** has been updated in a new variant that steals **browser login data** and monitors the **clipboard**, adding **active window t...
CoolClient backdoor variant adds browser login theft and clipboard monitoring
Malware ActivityAbout this happening: The **CoolClient backdoor** used by **Mustang Panda** has been updated in a new variant that steals **browser login data** and monitors the **clipboard**, adding **active window t...
Pakistan-linked Gopher Strike and Sheet Attack campaigns against Indian government entities
Campaign
First: 27.01.2026 18:45
Last: 27.01.2026 18:45
Sources 1
About this happening:
**Gopher Strike** and **Sheet Attack** are two **Pakistan-linked** campaigns that targeted **Indian government entities** with phishing, selective malware delivery, and nontraditi...
Pakistan-linked Gopher Strike and Sheet Attack campaigns against Indian government entities
CampaignAbout this happening: **Gopher Strike** and **Sheet Attack** are two **Pakistan-linked** campaigns that targeted **Indian government entities** with phishing, selective malware delivery, and nontraditi...
Timeline
-
08.02.2026 17:26 1 articles · 3mo ago
Tirith released for command-line homoglyph defense
Initial DisclosureTirith is introduced as an open-source, cross-platform command-line defense that hooks into zsh, bash, fish, and PowerShell to inspect pasted commands and URLs before execution. It is designed to block homoglyph and homograph attacks, terminal injection via ANSI escapes, bidi overrides, and zero-width characters, pipe-to-shell patterns, dotfile hijacking, insecure transport, supply-chain risks, and credential-exposure tricks. The tool performs local-only analysis without network calls, does not modify pasted commands or run in the background, and does not hook cmd.exe, leaving some Windows ClickFix paths uncovered.
Show sources
- New tool blocks imposter attacks disguised as safe commands — www.bleepingcomputer.com — 08.02.2026 17:26