// LIVE
OPSLago (YC S21) Is Hiring
OPSPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the E
OPS'Traces of unauthorized access': Mazda confirms data breach exposing employee an
OPSSurfshark launches HeyPolo, a privacy-first location sharing app to kill "always
OPSOpenClaw is fun. OpenClaw is dangerous. Here's where Tailscale helps.
OPSShow HN: Email.md – Markdown to responsive, email-safe HTML
OPSDo Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ?
OPSAutomated knowledge graph of server setup by agentic LLM - good idea?
OPSShould I buy R230 for $200 and will it support my needs?
OPSWhat trends are you seeing around self-hosted software at KubeCon EU?
OPSLightning-fast exploits make it essential to patch fast, ask questions later
OPSTool updates: lots of security and logic fixes, (Mon, Mar 23rd)
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
OPSLago (YC S21) Is Hiring
OPSPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the E
OPS'Traces of unauthorized access': Mazda confirms data breach exposing employee an
OPSSurfshark launches HeyPolo, a privacy-first location sharing app to kill "always
OPSOpenClaw is fun. OpenClaw is dangerous. Here's where Tailscale helps.
OPSShow HN: Email.md – Markdown to responsive, email-safe HTML
OPSDo Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ?
OPSAutomated knowledge graph of server setup by agentic LLM - good idea?
OPSShould I buy R230 for $200 and will it support my needs?
OPSWhat trends are you seeing around self-hosted software at KubeCon EU?
OPSLightning-fast exploits make it essential to patch fast, ask questions later
OPSTool updates: lots of security and logic fixes, (Mon, Mar 23rd)
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
nsysops@ops-intel:~$ ls -lt --range live

OPS INTEL

266 items · ARIA-monitored · page 45 of 54
266
TOTAL
CRITICAL
HIGH
ACTIONABLE
WALLBOARD ↗
AUTO-APPROVED TODAY
LLM STATUS
CRITICAL (page) 1
HIGH (page) 4
MEDIUM (page) 0
LOW (page) 0
CRITICAL 95% confidence cve

ZDI-26-111: MLflow Default Password Bypass Vulnerability

Remote attackers can bypass MLflow authentication using default password, no auth required. CVSS rating of 9.8. Includes severity, confidence, and actionable re

['Default passwords often remain unchanged, exposing systems to threats', 'Exploitation requires minimal effort due to no auth requirement']

DevOps teamsSystem administrators
action items (2)
  • Review system configurations for default password usage
  • Patch affected systems as soon as possible

Zero Day Initiative ·

HIGH 95% confidence cve

ZDI-26-110: Bosch Rexroth IndraWorks Print Settings RCE Vulnerability

['Bosch Rexroth IndraWorks suffers from a deserialization of untrusted data vulnerability leading to remote code execution.', 'CVEs assigned for the. Read full

['Operators need to be aware that a specific file parsing flaw within the Bosch Rexroth IndraWorks software could allow unauthorized access and command execution on affected systems.', 'This highlights the importance of

Bosch Rexroth IndraWorksIndustrial Control Systems
action items (3)
  • Update IndraWorks software immediately with provided patches from Bosch Rexroth.
  • Implement strict access controls and logging on systems utilizing IndraWorks print settings files.
  • Educate employees about the risks of handling untrusted data in production environments.

Zero Day Initiative ·

HIGH 95% confidence cve

ZDI-26-109: Bosch OPC.TestClient XML Parsing RCE Vulnerability

A critical remote code execution flaw in Bosch Rexroth IndraWorks allows attackers to execute arbitrary code by parsing untrusted XML files. Includes severity,

['Remote attackers can execute arbitrary commands by exploiting untrusted XML files', 'User interaction required for exploitation']

ManufacturingIndustrial Automation SystemsIT Operations
action items (2)
  • Review system configurations for affected components
  • Apply patches as soon as they become available

Zero Day Initiative ·

HIGH 85% confidence cve

ZDI-26-108: XML File Parsing Vulnerability in Bosch Rexroth IndraWorks

Remote code execution vulnerability in Bosch Rexroth IndraWorks due to improper handling of XML files. CVSS rating: 7.8. Includes severity, confidence, and acti

['User interaction is required', 'Attacker can execute arbitrary code remotely']

Bosch Rexroth customers
action items (2)
  • Update IndraWorks UA.TestClient to latest version
  • Implement network segmentation

Zero Day Initiative ·

HIGH 90% confidence advisory

From Exposure to Exploitation: How AI Collapses Your Response Window

AI accelerates the transition from security exposure to exploitation. Developers must tighten cloud permissions and manage API keys carefully. Includes severity

['AI-driven exploitation', 'Fast pace of modern development']

cloud_operatorssecurity_engineers
action items (2)
  • Review cloud permissions regularly
  • Enable monitoring for suspicious activity

The Hacker News ·

ONLINE | ARIA: aria-32b | COMMIT: 8a445b6 | UPTIME: 29d 03:27 | LAST SCAN: 672H AGO
CORE API: ONLINE TWITCH: OFFLINE --:--:--