// LIVE
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
nsysops@ops-intel:~$ ls -lt --range live

OPS INTEL

266 items · ARIA-monitored · page 2 of 54
266
TOTAL
CRITICAL
HIGH
ACTIONABLE
WALLBOARD ↗
AUTO-APPROVED TODAY
LLM STATUS
CRITICAL (page) 1
HIGH (page) 3
MEDIUM (page) 1
LOW (page) 0
HIGH 95% confidence cve

(Pwn2Own) ChargePoint Home Flex Sensitive Information Disclosure Vulnerability

ChargePoint Home Flex charging stations are vulnerable to information disclosure due to inclusion of sensitive data in source code. No auth required. Includes s

['Potential exposure of internal configurations and credentials to unauthorized users']

Charging station operatorsEnterprise IT security teams
action items (2)
  • Contact ChargePoint for patch updates
  • Review and secure configurations of all affected charging stations

Zero Day Initiative ·

HIGH 95% confidence cve

ZDI-26-194 Microsoft Exchange Security Feature Bypass Vulnerability

Remote attackers can bypass security features in Microsoft Exchange due to improper input validation. No auth required. CVE-2026-21527. Includes severity, confi

['This issue compromises the integrity of security controls implemented within affected systems.', 'It enables unauthorized access and potential exploitation without requiring any authentication credentials.']

Microsoft Exchange administratorsIT Security Teams
action items (2)
  • Update Exchange systems immediately with official security updates from Microsoft.
  • Conduct a thorough audit of security configurations and access controls.

Zero Day Initiative ·

MEDIUM 85% confidence cve

ZDI-26-193: Linux Kernel nf_tables_newset Out-of-Bounds Write Vulnerability

Local attackers can disclose sensitive information on affected Linux Kernel installations using this out-of-bounds write vulnerability. Requires low-privilege.

['Exploitation requires the attacker to execute low-privileged code on the target system', 'Once executed, this can lead to unauthorized data disclosure and potential further exploitation']

Linux distributions
action items (2)
  • Apply available security updates immediately
  • Conduct a thorough review of system configurations

Zero Day Initiative ·

CRITICAL 95% confidence cve

ZDI-26-192: Sonos Era 300 SMB RCE Vulnerability

Sonos Era 300 devices are vulnerable to a remote code execution attack through an unauthenticated out-of-bounds access flaw. CVE-2026-4149, CVSS rating 10.0.

['This flaw can be exploited by remote attackers without needing any credentials, allowing them to control the device remotely and potentially gain access to internal networks.']

Sonos Era 300Enterprise networks with connected audio devices
action items (2)
  • Update affected Sonos Era 300 devices immediately
  • Monitor for suspicious SMB activity and anomalous behavior

Zero Day Initiative ·

HIGH 95% confidence cve

(Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability

Local attackers can escalate privileges on affected Linux Kernels due to a use-after-free vulnerability in nf_tables. Includes severity, confidence, and actiona

['Use-after-free vulnerability in nf_tables', 'CVSS score of 8.8 indicates high severity']

Linux distributionsEnterprise networks
action items (2)
  • Apply available security updates immediately
  • Review and enhance network segmentation

Zero Day Initiative ·

ONLINE | ARIA: aria-32b | COMMIT: 32fceff | UPTIME: 45d 13:25 | LAST SCAN: 116H AGO
CORE API: ONLINE TWITCH: OFFLINE --:--:--