// LIVE
OPSLago (YC S21) Is Hiring
OPSPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the E
OPS'Traces of unauthorized access': Mazda confirms data breach exposing employee an
OPSSurfshark launches HeyPolo, a privacy-first location sharing app to kill "always
OPSOpenClaw is fun. OpenClaw is dangerous. Here's where Tailscale helps.
OPSShow HN: Email.md – Markdown to responsive, email-safe HTML
OPSDo Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ?
OPSAutomated knowledge graph of server setup by agentic LLM - good idea?
OPSShould I buy R230 for $200 and will it support my needs?
OPSWhat trends are you seeing around self-hosted software at KubeCon EU?
OPSLightning-fast exploits make it essential to patch fast, ask questions later
OPSTool updates: lots of security and logic fixes, (Mon, Mar 23rd)
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
OPSLago (YC S21) Is Hiring
OPSPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the E
OPS'Traces of unauthorized access': Mazda confirms data breach exposing employee an
OPSSurfshark launches HeyPolo, a privacy-first location sharing app to kill "always
OPSOpenClaw is fun. OpenClaw is dangerous. Here's where Tailscale helps.
OPSShow HN: Email.md – Markdown to responsive, email-safe HTML
OPSDo Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ?
OPSAutomated knowledge graph of server setup by agentic LLM - good idea?
OPSShould I buy R230 for $200 and will it support my needs?
OPSWhat trends are you seeing around self-hosted software at KubeCon EU?
OPSLightning-fast exploits make it essential to patch fast, ask questions later
OPSTool updates: lots of security and logic fixes, (Mon, Mar 23rd)
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
nsysops@ops-intel:~$ ls -lt --range live

OPS INTEL

266 items · ARIA-monitored · page 27 of 54
266
TOTAL
CRITICAL
HIGH
ACTIONABLE
WALLBOARD ↗
AUTO-APPROVED TODAY
LLM STATUS
CRITICAL (page) 3
HIGH (page) 2
MEDIUM (page) 0
LOW (page) 0
HIGH 95% confidence cve

ZDI-26-093 Schneider Electric EcoStruxure Power Build Vulnerability

Schneider Electric EcoStruxure Power Build suffers from a use-after-free flaw allowing remote code execution. Requires user interaction to exploit. Includes sev

['Potential exploitation can lead to unauthorized access and control of systems.', 'User action is necessary for the vulnerability to be exploited, reducing immediate risk but not eliminating it entirely.']

Industrial Control SystemsPower Management
action items (2)
  • Apply available patches or updates immediately.
  • Review system configurations and update security policies accordingly.

Zero Day Initiative ·

CRITICAL 98% confidence cve

ZDI-26-092 Schneider Electric EcoStruxure Power Build Vulnerability

Schneider Electric's EcoStruxure Power Build is vulnerable to a remote code execution attack through memory corruption in SSD file parsing. CVSS rating: 7.8.

['Remote attackers can exploit this issue to run arbitrary code on affected systems', 'User interaction is required for exploitation, such as opening a malicious file or visiting an untrusted website']

Industrial Control SystemsCritical Infrastructure
action items (2)
  • Update to the latest version of EcoStruxure Power Build
  • Monitor systems for suspicious activity related to SSD file parsing

Zero Day Initiative ·

HIGH 85% confidence cve

ZDI-26-091: Schneider Electric EcoStruxure Power Build Vulnerability

Remote attackers can execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build via malicious file parsing. CVE-2025-13845.

['Requires user interaction, increasing risk of exploitation in targeted attacks', 'CVSS rating indicates high severity and potential impact on system integrity and availability']

Industrial Control SystemsEnterprise Networks
action items (2)
  • Review system configurations for potential exposure
  • Develop a plan to update affected systems

Zero Day Initiative ·

CRITICAL 90% confidence cve

ZDI-26-090: Schneider EcoStruxure Power Build RCE Vulnerability

Schneider Electric's EcoStruxure Power Build contains a file parsing flaw enabling remote code execution with user interaction. CVSS rating of 7.8. Includes sev

['Affects software responsible for industrial control systems', 'Exploitation requires minimal user action, increasing risk of attack']

Industrial Control Systems (ICS) operatorsManufacturing facilities using Schneider Electric products
action items (2)
  • Identify and inventory all instances of EcoStruxure Power Build in use
  • Update to the latest version available from Schneider Electric

Zero Day Initiative ·

CRITICAL 97% confidence cve

ZDI-26-089 Schneider Electric EcoStruxure Power Build Vulnerability

Schneider Electric EcoStruxure Power Build is vulnerable to a memory corruption flaw allowing remote code execution via file parsing. CVE-2025-13845. Includes s

['Failure to address this vulnerability can result in remote code execution on affected systems.', 'User interaction required reduces the immediate threat but does not eliminate it completely.']

Industrial Control SystemsCritical Infrastructure
action items (2)
  • Update EcoStruxure Power Build software immediately to address CVE-2025-13845.
  • Monitor system logs for any signs of suspicious activity related to SSD files.

Zero Day Initiative ·

ONLINE | ARIA: aria-32b | COMMIT: 8a445b6 | UPTIME: 29d 03:27 | LAST SCAN: 672H AGO
CORE API: ONLINE TWITCH: OFFLINE --:--:--