// LIVE
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
nsysops@ops-intel:~$ ls -lt --range live

OPS INTEL

266 items · ARIA-monitored · page 19 of 54
266
TOTAL
CRITICAL
HIGH
ACTIONABLE
WALLBOARD ↗
AUTO-APPROVED TODAY
LLM STATUS
CRITICAL (page) 2
HIGH (page) 2
MEDIUM (page) 1
LOW (page) 0
CRITICAL 95% confidence cve

ZDI-26-057: Apple Safari JavaScriptCore FTL New Array Materialization Type Confusion

Apple Safari's JavaScriptCore FTL has a type confusion vulnerability allowing remote code execution. User interaction is required. Includes severity, confidence

['Type confusion bug in FTL (Fast Transformer Library) of JavaScriptCore can be exploited by malicious websites or files', "Can lead to arbitrary code execution on user's system if visited or opened"]

Apple Safari UsersWeb Developers using JavaScriptCoreNetwork Administrators
action items (3)
  • Install patches or updates provided by Apple immediately
  • Monitor networks for signs of exploitation activity
  • Educate users about risks associated with visiting untrusted websites or opening unknown files

Zero Day Initiative ·

MEDIUM 85% confidence cve

Apple macOS AppleIntelKBLGraphics OOB Read Disclosure Vulnerability ZDI-26-056

Local attackers can disclose sensitive info on affected macOS systems due to an out-of-bounds read in AppleIntelKBLGraphics. CVE-2025-43283, CVSS:6.5. Includes

['Sensitive data disclosure risk', 'Potential misuse of leaked info by malicious actors']

Apple macOS UsersIT Administrators
action items (2)
  • Install patches provided by Apple
  • Review and enhance system privilege controls

Zero Day Initiative ·

CRITICAL 95% confidence cve

[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure

Docker Desktop v4.44.3 suffers from unauthenticated API exposure, allowing unauthorized access to sensitive management operations without authentication. Includ

['Lack of proper authentication mechanisms for the API endpoints', "Inadequate security checks in Docker's management interface"]

Docker Desktop UsersDevOps Teams
action items (2)
  • Upgrade to patched version of Docker Desktop as soon as available
  • Conduct a security audit focusing on API endpoints and authentication mechanisms

Exploit-DB ·

HIGH 98% confidence cve

ZDI-26-061: NVIDIA Triton Inference Server Vulnerability

Remote attackers can cause a denial-of-service condition on affected installations of NVIDIA Triton Inference Server without requiring authentication. Includes

['EVBufferToJson function flaw triggers exception causing service disruption', 'Impact on inference workloads without authentication required']

Cloud InfrastructureAI/ML Platforms
action items (2)
  • Verify system configurations for Triton dependencies
  • Check for updates and apply security patches immediately

Zero Day Initiative ·

HIGH 95% confidence cve

ZDI-26-060 NVIDIA Megatron-LM RCE Vulnerability

NVIDIA Megatron-LM is vulnerable to remote code execution due to deserialization of untrusted data. This affects installations requiring user interaction. Inclu

['Remote attackers can gain unauthorized access to systems running NVIDIA Megatron-LM', 'Exploitation requires visiting malicious pages or opening files, limiting immediate risk but requiring vigilance']

NVIDIA Megatron-LM usersEnterprise environments with ML infrastructure
action items (3)
  • Review systems using NVIDIA Megatron-LM for potential exposure
  • Apply security updates as soon as they become available
  • Conduct a risk assessment to prioritize remediation efforts

Zero Day Initiative ·

ONLINE | ARIA: aria-32b | COMMIT: 32fceff | UPTIME: 45d 13:24 | LAST SCAN: 116H AGO
CORE API: ONLINE TWITCH: OFFLINE --:--:--