{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/suricata/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-31934"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["suricata","cve-2026-31934","denial-of-service","performance","network-security"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-31934 identifies a vulnerability affecting Suricata, a network IDS/IPS/NSM engine. Specifically, versions 8.0.0 up to but not including 8.0.4 are susceptible to a quadratic complexity issue during URL searching within MIME-encoded SMTP messages. This flaw can lead to substantial performance degradation as the complexity of the URL search increases quadratically with the input size. An attacker could potentially exploit this by sending crafted SMTP messages with complex MIME encoding and numerous URLs, causing the Suricata instance to consume excessive resources. The vulnerability has been addressed and patched in Suricata version 8.0.4. Defenders should prioritize upgrading to the patched version to mitigate potential performance impacts.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious email containing MIME-encoded content.\u003c/li\u003e\n\u003cli\u003eThe email includes a large number of URLs embedded within the MIME structure.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted email through SMTP to a target network monitored by Suricata.\u003c/li\u003e\n\u003cli\u003eSuricata receives the SMTP traffic and begins to inspect the email content.\u003c/li\u003e\n\u003cli\u003eThe Suricata engine attempts to identify URLs within the MIME-encoded message using an inefficient algorithm.\u003c/li\u003e\n\u003cli\u003eThe complexity of the URL search increases quadratically with the number of URLs and the size of the MIME structure.\u003c/li\u003e\n\u003cli\u003eCPU utilization on the Suricata sensor increases significantly, leading to performance degradation.\u003c/li\u003e\n\u003cli\u003eThe Suricata instance may become unresponsive, impacting its ability to perform real-time threat detection and potentially leading to a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe primary impact of CVE-2026-31934 is a potential denial-of-service condition affecting Suricata instances. Exploitation of this vulnerability leads to excessive CPU consumption and performance degradation, hindering Suricata\u0026rsquo;s ability to effectively monitor network traffic. While the vulnerability does not directly compromise confidentiality or integrity, it can disrupt network security monitoring, potentially allowing malicious traffic to go undetected. The number of affected organizations depends on the adoption rate of vulnerable Suricata versions (8.0.0 to 8.0.3).\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Suricata instances to version 8.0.4 or later to remediate the vulnerability as indicated by the vendor advisory (\u003ca href=\"https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8\"\u003ehttps://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eMonitor CPU utilization on Suricata sensors; investigate any spikes in CPU usage associated with SMTP traffic inspection using process monitoring tools and correlating with network logs to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on SMTP traffic to prevent attackers from overwhelming Suricata instances with crafted emails.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T12:00:00Z","date_published":"2026-04-03T12:00:00Z","id":"/briefs/2026-04-suricata-cve-2026-31934/","summary":"Suricata versions 8.0.0 to before 8.0.4 exhibit a quadratic complexity vulnerability (CVE-2026-31934) when searching for URLs in MIME-encoded SMTP messages, leading to significant performance degradation and potential denial-of-service conditions; this is fixed in version 8.0.4.","title":"Suricata Quadratic Complexity Issue in SMTP URL Searching (CVE-2026-31934)","url":"https://feed.craftedsignal.io/briefs/2026-04-suricata-cve-2026-31934/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-31935"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve","dos","http2","suricata"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-31935 describes a denial-of-service vulnerability affecting Suricata, a network IDS, IPS, and NSM engine. The vulnerability lies in the processing of HTTP2 continuation frames. Versions prior to 7.0.15 and 8.0.4 are susceptible to memory exhaustion when flooded with maliciously crafted HTTP2 continuation frames. This excessive memory consumption typically results in the operating system shutting down the Suricata process to prevent system instability. The vulnerability was reported and patched by the Open Information Security Foundation (OISF), the maintainers of Suricata, in versions 7.0.15 and 8.0.4. This vulnerability can be exploited by unauthenticated attackers from the network.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Suricata instance running a version prior to 7.0.15 or 8.0.4.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes an HTTP2 connection with the target Suricata instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a series of malicious HTTP2 continuation frames.\u003c/li\u003e\n\u003cli\u003eThe attacker floods the Suricata instance with these crafted continuation frames over the established HTTP2 connection.\u003c/li\u003e\n\u003cli\u003eThe Suricata process attempts to allocate memory to process the excessive number of continuation frames.\u003c/li\u003e\n\u003cli\u003eMemory consumption rapidly increases as the vulnerable code fails to properly handle the flood of continuation frames.\u003c/li\u003e\n\u003cli\u003eThe system reaches its memory limit, leading to resource exhaustion.\u003c/li\u003e\n\u003cli\u003eThe operating system intervenes and terminates the Suricata process to prevent further system instability, resulting in a denial-of-service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-31935 results in a denial-of-service condition, effectively disabling the Suricata instance\u0026rsquo;s ability to perform network intrusion detection and prevention. This can leave networks unprotected from malicious traffic. The vulnerability can be triggered remotely without authentication, making it a readily exploitable threat. The precise number of affected Suricata deployments is unknown, but organizations relying on Suricata for network security monitoring are potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all Suricata installations to version 7.0.15 or 8.0.4 or later to patch CVE-2026-31935.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious HTTP2 Continuation Frame Flooding\u0026rdquo; to monitor for potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor Suricata process health and resource consumption for unexpected spikes in memory usage that could indicate a denial-of-service attack.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T15:16:37Z","date_published":"2026-04-02T15:16:37Z","id":"/briefs/2026-04-suricata-http2-dos/","summary":"A denial of service vulnerability, CVE-2026-31935, exists in Suricata versions prior to 7.0.15 and 8.0.4, where flooding the system with crafted HTTP2 continuation frames leads to memory exhaustion and process termination.","title":"Suricata HTTP2 Continuation Frame Flooding Denial of Service (CVE-2026-31935)","url":"https://feed.craftedsignal.io/briefs/2026-04-suricata-http2-dos/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-31937"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["vulnerability","dos","suricata"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-31937 describes a vulnerability in Suricata, a network IDS/IPS/NSM engine. Prior to version 7.0.15, Suricata suffers from inefficiency in its DCERPC buffering mechanism. This inefficiency can be exploited by a malicious actor to cause a performance degradation, potentially leading to a denial-of-service (DoS) condition. The vulnerability was reported on April 2, 2026, and patched in Suricata version 7.0.15. The vulnerability has a CVSS v3.1 score of 7.5 (High). Successful exploitation requires no privileges and no user interaction, making it easily exploitable. Organizations using affected versions of Suricata should upgrade to version 7.0.15 or later.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Suricata instance running a version prior to 7.0.15.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a series of network packets containing specially formatted DCERPC requests.\u003c/li\u003e\n\u003cli\u003eThe crafted DCERPC requests are sent to the targeted Suricata instance.\u003c/li\u003e\n\u003cli\u003eSuricata receives the malformed DCERPC requests.\u003c/li\u003e\n\u003cli\u003eDue to the DCERPC buffering inefficiency (CWE-407), Suricata\u0026rsquo;s processing resources are exhausted.\u003c/li\u003e\n\u003cli\u003eSuricata\u0026rsquo;s performance degrades significantly as it struggles to handle the influx of inefficient DCERPC requests.\u003c/li\u003e\n\u003cli\u003eLegitimate network traffic monitoring and protection capabilities are impaired due to resource exhaustion.\u003c/li\u003e\n\u003cli\u003eContinued exploitation leads to a denial-of-service condition, preventing Suricata from properly analyzing network traffic.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-31937 results in performance degradation of the Suricata network IDS/IPS/NSM engine. This can lead to a denial-of-service (DoS) condition, preventing Suricata from effectively monitoring network traffic. While the source does not specify the number of affected organizations, any organization using Suricata versions prior to 7.0.15 is potentially vulnerable. The impact can range from temporary performance issues to complete failure of network security monitoring capabilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Suricata installations to version 7.0.15 or later to remediate the vulnerability (CVE-2026-31937).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual patterns of DCERPC requests targeting Suricata instances using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting or traffic shaping rules to mitigate the impact of excessive DCERPC traffic, particularly from unknown or untrusted sources, as detailed in the overview.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T15:16:37Z","date_published":"2026-04-02T15:16:37Z","id":"/briefs/2026-04-suricata-dcerpc/","summary":"Suricata versions prior to 7.0.15 are vulnerable to CVE-2026-31937, where inefficient DCERPC buffering can lead to a denial-of-service condition through performance degradation.","title":"Suricata DCERPC Buffering Inefficiency Vulnerability (CVE-2026-31937)","url":"https://feed.craftedsignal.io/briefs/2026-04-suricata-dcerpc/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-31931"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["suricata","denial-of-service","null-dereference"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSuricata, a network IDS, IPS, and NSM engine, is susceptible to a NULL dereference vulnerability when processing specific rule keywords. Specifically, versions 8.0.0 up to but not including 8.0.4 crash when the \u0026ldquo;tls.alpn\u0026rdquo; rule keyword is used. This vulnerability, identified as CVE-2026-31931, can be exploited to cause a denial-of-service condition, disrupting network monitoring and security operations. An attacker could craft specific network traffic or Suricata rules that trigger the flawed code path, causing the Suricata process to terminate. The vulnerability has been patched in Suricata version 8.0.4.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a Suricata instance running a vulnerable version (8.0.0 - 8.0.3).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a Suricata rule containing the \u003ccode\u003etls.alpn\u003c/code\u003e keyword.\u003c/li\u003e\n\u003cli\u003eThe attacker deploys the crafted rule to the Suricata instance, either directly or via a configuration management system.\u003c/li\u003e\n\u003cli\u003eSuricata attempts to load and process the rule, triggering the vulnerable code path in the \u003ccode\u003etls.alpn\u003c/code\u003e processing function.\u003c/li\u003e\n\u003cli\u003eThe vulnerable code dereferences a NULL pointer, leading to a segmentation fault.\u003c/li\u003e\n\u003cli\u003eThe Suricata process crashes, terminating network intrusion detection and prevention capabilities.\u003c/li\u003e\n\u003cli\u003eThe attacker may repeat this process to ensure continued disruption.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-31931 results in a denial-of-service condition affecting the Suricata network security engine.  This can lead to blind spots in network monitoring, allowing malicious traffic to pass undetected. The number of affected installations depends on the adoption rate of Suricata versions 8.0.0 through 8.0.3 across various organizations and sectors. Critical network infrastructure, security operations centers, and organizations relying on Suricata for threat detection are potentially impacted.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Suricata installations to version 8.0.4 or later to remediate CVE-2026-31931 (\u003ca href=\"https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3\"\u003ehttps://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eImplement rate limiting or input validation on Suricata rule deployments to prevent malicious rule injection.\u003c/li\u003e\n\u003cli\u003eMonitor Suricata process stability and restart automatically if crashes are detected, to mitigate the impact of the vulnerability (syslog, process monitoring).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T14:16:28Z","date_published":"2026-04-02T14:16:28Z","id":"/briefs/2026-04-suricata-null-dereference/","summary":"Suricata versions 8.0.0 to before 8.0.4 are vulnerable to a NULL dereference crash when using the 'tls.alpn' rule keyword, potentially leading to a denial of service.","title":"Suricata NULL Dereference Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-suricata-null-dereference/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-31932"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-31932","suricata","krb5","performance-degradation","denial-of-service"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-31932 is a vulnerability affecting Suricata, a widely used network intrusion detection and prevention system (IDS/IPS) and network security monitoring (NSM) engine. The vulnerability stems from an inefficiency in how Suricata handles KRB5 buffering.  Successful exploitation of this vulnerability can lead to a noticeable performance degradation of the Suricata engine. The vulnerability is present in Suricata versions prior to 7.0.15 and 8.0.4. Organizations using affected versions of Suricata should apply the patch to mitigate the risk of denial-of-service conditions due to performance degradation. The vulnerability was reported by GitHub, Inc. and assigned a CVSS v3.1 score of 7.5 (High).\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Suricata instance running a version prior to 7.0.15 or 8.0.4.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts network traffic containing KRB5 authentication requests.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a high volume of these crafted KRB5 requests to the targeted Suricata instance.\u003c/li\u003e\n\u003cli\u003eSuricata\u0026rsquo;s inefficient KRB5 buffering mechanism processes the malicious traffic.\u003c/li\u003e\n\u003cli\u003eThe processing of the crafted KRB5 requests consumes excessive CPU and memory resources.\u003c/li\u003e\n\u003cli\u003eSuricata\u0026rsquo;s performance degrades, leading to delayed or dropped packet inspection.\u003c/li\u003e\n\u003cli\u003eLegitimate network traffic may be impacted by the performance degradation, potentially leading to service disruptions.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves a denial-of-service effect, impairing Suricata\u0026rsquo;s ability to effectively monitor and protect the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-31932 can lead to a significant performance degradation of the Suricata engine. This can result in delayed or dropped packet inspection, potentially allowing malicious traffic to bypass security controls. This can impact networks of any size that rely on Suricata for network security monitoring and intrusion prevention, particularly those processing high volumes of network traffic. The vulnerability can effectively blind Suricata, creating a window of opportunity for other attacks to succeed undetected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Suricata to version 7.0.15 or 8.0.4 or later to patch CVE-2026-31932.\u003c/li\u003e\n\u003cli\u003eMonitor Suricata\u0026rsquo;s CPU and memory usage for unusual spikes that could indicate exploitation of this vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect High KRB5 Traffic Volume\u0026rdquo; to identify potential exploitation attempts (see rules below).\u003c/li\u003e\n\u003cli\u003eReview Suricata\u0026rsquo;s logs for error messages related to KRB5 processing which may indicate the vulnerability being exploited.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T14:16:28Z","date_published":"2026-04-02T14:16:28Z","id":"/briefs/2026-04-suricata-krb5-perf-degradation/","summary":"An unauthenticated attacker can exploit CVE-2026-31932, a vulnerability in Suricata versions prior to 7.0.15 and 8.0.4, to cause performance degradation due to inefficient KRB5 buffering.","title":"Suricata KRB5 Buffering Inefficiency Vulnerability (CVE-2026-31932)","url":"https://feed.craftedsignal.io/briefs/2026-04-suricata-krb5-perf-degradation/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-31933"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["dos","suricata","cve-2026-31933","network"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSuricata, a network IDS, IPS, and NSM engine, is susceptible to a denial-of-service vulnerability (CVE-2026-31933) affecting versions prior to 7.0.15 and 8.0.4. This flaw arises from inefficient algorithmic complexity (CWE-407), where specially crafted network traffic can induce a significant slowdown in Suricata\u0026rsquo;s processing, particularly impacting its performance in IDS mode. An attacker can exploit this vulnerability by sending malicious network packets, potentially causing the Suricata instance to become unresponsive or consume excessive resources. The vulnerability was reported and patched by the Open Information Security Foundation (OISF). Organizations using affected Suricata versions are vulnerable to service disruption.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a series of malicious network packets specifically designed to exploit the algorithmic inefficiency in Suricata\u0026rsquo;s packet processing.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted packets to the Suricata instance. This can be achieved through various network protocols and ports monitored by Suricata.\u003c/li\u003e\n\u003cli\u003eSuricata receives the packets and begins processing them. Due to the inefficient algorithm, processing these packets consumes significantly more resources than legitimate traffic.\u003c/li\u003e\n\u003cli\u003eAs the number of malicious packets increases, Suricata\u0026rsquo;s CPU and memory usage rises dramatically, leading to a performance slowdown.\u003c/li\u003e\n\u003cli\u003eThe slowdown affects Suricata\u0026rsquo;s ability to inspect other network traffic in a timely manner, potentially allowing malicious activity to go undetected.\u003c/li\u003e\n\u003cli\u003eEventually, Suricata\u0026rsquo;s performance degrades to the point where it becomes unresponsive, effectively causing a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eLegitimate network traffic may be dropped or delayed due to Suricata\u0026rsquo;s inability to process it efficiently.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-31933 results in a denial-of-service condition, causing Suricata to become unresponsive and hindering its ability to perform network intrusion detection and prevention. The impact includes the potential for undetected malicious activity, delayed or dropped legitimate network traffic, and increased operational overhead for security teams to investigate and remediate the issue. The severity is rated as HIGH with a CVSS v3.1 score of 7.5.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Suricata to version 7.0.15 or 8.0.4 or later to patch CVE-2026-31933.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetectHighPacketRate\u003c/code\u003e to identify unusual traffic patterns indicative of a DoS attempt.\u003c/li\u003e\n\u003cli\u003eMonitor Suricata\u0026rsquo;s CPU and memory utilization for unexpected spikes, which could indicate exploitation of this vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting or traffic shaping rules on network devices to mitigate the impact of malicious traffic.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T14:16:28Z","date_published":"2026-04-02T14:16:28Z","id":"/briefs/2026-04-suricata-dos/","summary":"Specially crafted network traffic can cause Suricata to slow down, leading to a denial-of-service condition in versions prior to 7.0.15 and 8.0.4, as identified by CVE-2026-31933.","title":"Suricata DoS Vulnerability (CVE-2026-31933)","url":"https://feed.craftedsignal.io/briefs/2026-04-suricata-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Suricata","version":"https://jsonfeed.org/version/1.1"}