// LIVE
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
INTELCritical Citrix NetScaler memory flaw actively exploited in attacks
INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
INTELStorm Brews Over Critical, No-Click Telegram Flaw
INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data
INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com
INTELHealthcare IT Platform CareCloud Probing Potential Data Breach
INTELSecurity updates for Monday
INTEL'When intelligence and trust move together, AI stops being an experiment and sta
INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
INTELDisclosure of Replay Attack Vulnerability in Signed References
INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now
INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
nsysops@ops-intel:~$ ls -lt --range live

OPS INTEL

266 items · ARIA-monitored · page 45 of 54
266
TOTAL
CRITICAL
HIGH
ACTIONABLE
WALLBOARD ↗
AUTO-APPROVED TODAY
LLM STATUS
CRITICAL (page) 1
HIGH (page) 4
MEDIUM (page) 0
LOW (page) 0
CRITICAL 95% confidence cve

ZDI-26-111: MLflow Default Password Bypass Vulnerability

Remote attackers can bypass MLflow authentication using default password, no auth required. CVSS rating of 9.8. Includes severity, confidence, and actionable re

['Default passwords often remain unchanged, exposing systems to threats', 'Exploitation requires minimal effort due to no auth requirement']

DevOps teamsSystem administrators
action items (2)
  • Review system configurations for default password usage
  • Patch affected systems as soon as possible

Zero Day Initiative ·

HIGH 95% confidence cve

ZDI-26-110: Bosch Rexroth IndraWorks Print Settings RCE Vulnerability

['Bosch Rexroth IndraWorks suffers from a deserialization of untrusted data vulnerability leading to remote code execution.', 'CVEs assigned for the. Read full

['Operators need to be aware that a specific file parsing flaw within the Bosch Rexroth IndraWorks software could allow unauthorized access and command execution on affected systems.', 'This highlights the importance of

Bosch Rexroth IndraWorksIndustrial Control Systems
action items (3)
  • Update IndraWorks software immediately with provided patches from Bosch Rexroth.
  • Implement strict access controls and logging on systems utilizing IndraWorks print settings files.
  • Educate employees about the risks of handling untrusted data in production environments.

Zero Day Initiative ·

HIGH 95% confidence cve

ZDI-26-109: Bosch OPC.TestClient XML Parsing RCE Vulnerability

A critical remote code execution flaw in Bosch Rexroth IndraWorks allows attackers to execute arbitrary code by parsing untrusted XML files. Includes severity,

['Remote attackers can execute arbitrary commands by exploiting untrusted XML files', 'User interaction required for exploitation']

ManufacturingIndustrial Automation SystemsIT Operations
action items (2)
  • Review system configurations for affected components
  • Apply patches as soon as they become available

Zero Day Initiative ·

HIGH 85% confidence cve

ZDI-26-108: XML File Parsing Vulnerability in Bosch Rexroth IndraWorks

Remote code execution vulnerability in Bosch Rexroth IndraWorks due to improper handling of XML files. CVSS rating: 7.8. Includes severity, confidence, and acti

['User interaction is required', 'Attacker can execute arbitrary code remotely']

Bosch Rexroth customers
action items (2)
  • Update IndraWorks UA.TestClient to latest version
  • Implement network segmentation

Zero Day Initiative ·

HIGH 90% confidence advisory

From Exposure to Exploitation: How AI Collapses Your Response Window

AI accelerates the transition from security exposure to exploitation. Developers must tighten cloud permissions and manage API keys carefully. Includes severity

['AI-driven exploitation', 'Fast pace of modern development']

cloud_operatorssecurity_engineers
action items (2)
  • Review cloud permissions regularly
  • Enable monitoring for suspicious activity

The Hacker News ·

ONLINE | ARIA: aria-32b | COMMIT: 32fceff | UPTIME: 45d 13:25 | LAST SCAN: 116H AGO
CORE API: ONLINE TWITCH: OFFLINE --:--:--