NullRoutedSec/info_sec_news

# INFOSEC_NEWS **🔗 Live: https://info-sec-news.vercel.app** Built for security professionals and enthusiasts who want their threat intelligence served like a SOC briefing — not a generic news feed. ## What It Does - **Aggregates** cybersec news from 6 sources (Krebs on Security, BleepingComputer, The Hacker News, Dark Reading, r/netsec, r/cybersecurity) - **AI-enriches** every article with a TL;DR summary, threat score (1-100), relevance score, category, and country detection - **Tracks CVEs** from NIST NVD and flags actively-exploited vulnerabilities from CISA's KEV catalog - **Generates daily intelligence briefings** in CISO-style intel-report format - **Visualizes the global threat landscape** on an animated world map with pulsing blips per country, color-coded by severity - **CRT terminal aesthetic** with phosphor green text, scanlines, glitch effects, and blinking cursors — toggleable to a clean corporate mode ## Tech Stack | Layer | Choice | |---------------|------------------------------------------| | Framework | Next.js 16 (App Router) | | Language | TypeScript | | Styling | Tailwind CSS v4 | | Database | Supabase (Postgres) | | AI | Google Gemini API (free tier) | | Visualization | D3.js + world-atlas topojson | | Hosting | Vercel (with built-in cron) | ## Architecture RSS / Reddit feeds ──┐ ├──> /api/ingest ──> Supabase (articles) │ │ NIST NVD ────────────┤ ├──> /api/enrich ──> Gemini AI CISA KEV ────────────┤ │ (summary, scores, country) └──> /api/cve ──> Supabase │ (cves) ├──> /api/briefing │ (daily intel report) ▼ Next.js pages (SSR + ISR) - **API routes are write-only pipelines** — triggered by Vercel Cron, never called from the UI - **Pages read directly from Supabase** in Server Components - **Single AI call per article** returns summary + scores + category + country in one structured request ## Project Structure src/ ├── app/ # Pages and API route handlers │ ├── page.tsx # Homepage (world map + paginated feed) │ ├── cves/ # CVE Spotlight │ ├── briefing/ # Daily intelligence briefing │ └── api/ │ ├── ingest/ # RSS + Reddit ingestion (cron) │ ├── enrich/ # AI enrichment (cron) │ ├── cve/ # NVD + KEV ingestion (cron) │ └── briefing/ # Daily briefing generation (cron) ├── components/ │ ├── crt/ # CRT aesthetic primitives │ ├── feed/ # Article cards, list, filters, pagination │ ├── cve/ # CVE cards, severity badges │ ├── viz/ # WorldThreatMap (D3) │ ├── briefing/ # Briefing renderer │ └── layout/ # Nav, theme toggle ├── lib/ │ ├── supabase/ # Browser, server, admin clients │ ├── feeds/ # RSS parser, Reddit fetcher, source registry │ ├── ai/ # Gemini client, enrichment, briefing prompts │ └── cve/ # NVD + KEV API clients └── styles/ └── globals.css # Tailwind v4 theme + CRT animations ## Running Locally ### Prerequisites - Node.js 20+ - A free Supabase project — https://supabase.com - A free Google Gemini API key — https://aistudio.google.com/app/apikey ### Setup # 1. Clone and install git clone https://github.com/NullRoutedSec/info_sec_news.git cd info_sec_news npm install # 2. Configure environment variables cp .env.local.example .env.local # Then edit .env.local with your Supabase + Gemini credentials # 3. Run the database migrations in your Supabase SQL Editor # See supabase/migrations/ for the SQL files # 4. Start the dev server npm run dev ### Trigger the data pipelines manually # Ingest articles from RSS + Reddit curl -H "Authorization: Bearer $CRON_SECRET" http://localhost:3000/api/ingest # Enrich articles with AI (paced for free-tier limits) curl -H "Authorization: Bearer $CRON_SECRET" http://localhost:3000/api/enrich # Pull CVEs from NIST + CISA KEV curl -H "Authorization: Bearer $CRON_SECRET" http://localhost:3000/api/cve # Generate today's briefing curl -H "Authorization: Bearer $CRON_SECRET" http://localhost:3000/api/briefing ## Environment Variables | Variable | Purpose | |-----------------------------------------|------------------------------------------| | `NEXT_PUBLIC_SUPABASE_URL` | Supabase project URL | | `NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY` | Supabase publishable (anon) key | | `GEMINI_API_KEY` | Google Gemini API key for AI enrichment | | `CRON_SECRET` | Bearer token protecting the cron routes | ## Deployment Deploys cleanly to Vercel. The `vercel.json` file defines four cron jobs: | Path | Schedule | What it does | |-----------------|-------------------------|-----------------------------------------| | `/api/ingest` | Every 2 hours | Pulls fresh articles from all sources | | `/api/enrich` | Every 2 hours (offset) | AI-enriches new articles | | `/api/cve` | Daily at 06:00 UTC | Pulls CVEs from NIST + CISA KEV | | `/api/briefing` | Daily at 08:00 UTC | Generates the daily intelligence report | ## Design Notes - **The CRT aesthetic is CSS overlays, not per-component.** Scanlines, flicker, and phosphor glow are global effects toggled by theme — components only consume design tokens. - **No red.** The palette intentionally avoids red for severity. Real green-phosphor terminals never had red, so threats escalate through green → yellow → amber → orange. Cleaner and more authentic. - **URL is the dedup key** for article ingestion — simple, reliable, handles cross-source overlap. - **AI runs in batches with explicit pacing** to stay safely under Gemini's free-tier rate limits. ## License MIT — feel free to learn from it, fork it, or build on it.

标签：自动化攻击