// LIVE
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
nsysops@ops-intel:~$ ls -lt --range live

OPS INTEL

266 items · ARIA-monitored · page 10 of 54
266
TOTAL
CRITICAL
HIGH
ACTIONABLE
WALLBOARD ↗
AUTO-APPROVED TODAY
LLM STATUS
CRITICAL (page) 1
HIGH (page) 4
MEDIUM (page) 0
LOW (page) 0
HIGH 85% confidence outage

Cowrie Logs Report Suspicious Echo Command

Report on suspicious activity detected in Cowrie logs with the echo command 'MAGIC_PAYLOAD_KILLER_HERE_OR_LEAVE_EMPTY_iranbot_was_here'. Detected by BACS. Read

['Identify and respond to suspicious activities', 'Monitor for signs of intrusion attempts']

Linux SystemsHoneypots
action items (2)
  • Analyze incident reports from DShield sensors
  • Investigate related activity in webhoneypot and iptables logs

SANS ISC ·

HIGH 95% confidence advisory

CISA Warns of Zimbra SharePoint Flaw Exploits

['U.S. CISA warns government agencies to apply patches for Zimbra and SharePoint flaws actively exploited in the wild.', "CVE-2025-66376, CVSS score: 7.2, a.

['The vulnerabilities allow attackers to inject malicious scripts into web pages, enabling them to steal session tokens or perform other actions on behalf of the user.', 'Failure to patch these flaws promptly can result

Government AgenciesEnterprise Environments
action items (3)
  • Update software to the latest version.
  • Review logs for any signs of exploitation.
  • Inform security teams about this advisory.

The Hacker News ·

HIGH 90% confidence breaking_change

Kubernetes v1.35 Enhances Security with Exec Plugin Allowlist

Learn how Kubernetes v1.35 introduces new security features to control executables invoked by kubeconfigs via exec plugin allowlists. Includes severity, confide

['Kubernetes allows downloading or auto-generating kubeconfigs that specify executables for fetching credentials, posing a risk of running malicious code.', 'The new feature aims to mitigate these risks by giving users c

KubernetesDevOps teams
action items (2)
  • Review existing kubeconfig files for potential security risks.
  • Implement strict credential plugin policies in production environments.

Kubernetes Blog ·

CRITICAL 95% confidence cve

(0Day) ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter devices are affected by a remote code execution vulnerability requiring authentication. CVSS rating: 7.2. Includes severity, confiden

['Exploitation requires authentication but can lead to full system compromise', 'Vulnerability affects critical communication infrastructure']

network securityinfrastructure protectionaudio communication systems
action items (2)
  • Audit all connected ALGO 8180 devices for the vulnerability
  • Disable unnecessary services to reduce attack vectors

Zero Day Initiative ·

HIGH 95% confidence cve

(CVE-2026-0780) ALGO 8180 IP Audio Alerter Web UI Command Injection RCE Vulnerability

Remote attackers can execute arbitrary code on ALGO 8180 IP Audio Alerters requiring authentication. CVSS score: 7.2, severity: high. Includes severity, confide

['Remote code execution can lead to full system compromise, data exfiltration, or system-wide damage. Immediate patching is essential for security and compliance.']

Network AdministratorsSecurity Operations TeamsALGO 8180 IP Audio Alerter Device Owners
action items (2)
  • Update all ALGO 8180 devices immediately upon availability of patches
  • Conduct an inventory check for any unpatched devices in your environment

Zero Day Initiative ·

ONLINE | ARIA: aria-32b | COMMIT: 32fceff | UPTIME: 45d 13:24 | LAST SCAN: 116H AGO
CORE API: ONLINE TWITCH: OFFLINE --:--:--