// LIVE
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
nsysops@ops-intel:~$ ls -lt --range live

OPS INTEL

266 items · ARIA-monitored · page 43 of 54
266
TOTAL
CRITICAL
HIGH
ACTIONABLE
WALLBOARD ↗
AUTO-APPROVED TODAY
LLM STATUS
CRITICAL (page) 4
HIGH (page) 0
MEDIUM (page) 1
LOW (page) 0
CRITICAL 95% confidence cve

ZDI-26-121: GIMP XWD File Parsing Vulnerability

A critical remote code execution flaw in GIMP's XWD file parsing could allow attackers to execute arbitrary code on affected systems. Requires user interaction.

["Vulnerability in GIMP's file parsing module", 'Risk of arbitrary code execution']

LinuxmacOSWindows
action items (2)
  • Review and update affected systems
  • Educate users on risks associated with file types like XWD

Zero Day Initiative ·

CRITICAL 95% confidence cve

ZDI-26-120: GIMP ICNS File Parsing Vulnerability

Remote attackers can execute arbitrary code on affected installations of GIMP through a heap-based buffer overflow in the ICNS file parsing module. Read full op

['Allows remote attackers to execute arbitrary code', 'Requires user interaction (visiting a malicious page or opening a file)']

LinuxmacOSWindows
action items (2)
  • Upgrade or patch immediately
  • Monitor network traffic for suspicious ICNS file transfers

Zero Day Initiative ·

CRITICAL 95% confidence cve

GIMP XWD File Parsing OOB Write RCE Vulnerability ZDI-26-119

ZDI-26-119 details a critical GIMP XWD file parsing out-of-bounds write vulnerability, enabling remote code execution. Requires user interaction. Includes sever

['User interaction required, posing less immediate threat but necessitating prompt updates', 'High CVSS score indicates severe potential impact on affected systems']

LinuxmacOSWindows
action items (2)
  • Check for and install available software updates
  • Monitor system logs for signs of exploitation attempts

Zero Day Initiative ·

CRITICAL 95% confidence cve

ZDI-26-118: GIMP PGM File Parsing RCE Vulnerability

A critical remote code execution vulnerability in GIMP's PGM file parsing functionality. Visit us for mitigation advice and detection indicators. Includes sever

['Uninitialized memory in the parsing function leads to unexpected behavior and potential execution of injected malicious code when affected files are processed']

LinuxWindowsmacOS
action items (2)
  • Apply available security patches immediately
  • Review and update policies regarding handling of PGM files

Zero Day Initiative ·

MEDIUM 90% confidence cve

ZDI-26-117: RustDesk Client Windows File Link Disclosure

Local attackers can disclose sensitive info in RustDesk Client for Windows via file link following. Requires low priv code execution to exploit. Includes severi

['Local attackers can obtain low-privilege code execution and exploit the vulnerability']

Windows OS
action items (2)
  • Review system configurations and security policies
  • Apply software updates from trusted sources promptly

Zero Day Initiative ·

ONLINE | ARIA: aria-32b | COMMIT: 32fceff | UPTIME: 45d 13:24 | LAST SCAN: 116H AGO
CORE API: ONLINE TWITCH: OFFLINE --:--:--