Cybersecurity

Cyber: New Tool Blocks Imposter Attacks Disguised As Safe Commands 2026

2026-02-08 0 views admin
Cyber: New Tool Blocks Imposter Attacks Disguised As Safe Commands 2026

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution.

Available on GitHub and also as an npm package, the tool works by hooking into the user’s shell (zsh, bash, fish, PowerShell) and inspecting every command the user pastes for execution.

The idea is to block deceptive attacks that rely on URLs containing symbols from different alphabets that appear identical or nearly identical to the user but are treated as different characters by the computer (homoglyph attacks).

This lets attackers create a domain names that looks the same as that of a legitimate brand but have one or more characters from a different alphabet. On the computer screen, the domain looks legitimate for the human eye, but machines interpret the anomalous character correctly and resolve the domain to the server controlled by the attacker.

While browsers have addressed the issue, terminals continue to be susceptible as they can still render Unicode, ANSI escapes, and invisible characters, says Tirith's author, Sheeki, in the description of the tool.

According to Sheeki, the Tirith can detect and block the following types of attack:

Unicode homoglyph characters have been used in the past in URLs delivered over email that led to a malicious website. One example is a phishing campaign last year impersonating Booking.com.

and hidden characters in commands are very common in ClickFix attacks used by a broad range of cybercriminals, so Tirith could provide some level of defense against them on supported PowerShell sessions.

It should be noted that Tirith does not hook onto Windows Command Prompt (cmd.exe), which is used in many ClickFix attacks that instruct users to execute malicious commands.

Sheeki says the overhead of using Tirith is sub-millisecond level, so the checks are performed instantaneously, and the tool terminates immediately when done.

Source: BleepingComputer

🏷️ Tags

attack

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views