// LIVE
OPSLago (YC S21) Is Hiring
OPSPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the E
OPS'Traces of unauthorized access': Mazda confirms data breach exposing employee an
OPSSurfshark launches HeyPolo, a privacy-first location sharing app to kill "always
OPSOpenClaw is fun. OpenClaw is dangerous. Here's where Tailscale helps.
OPSShow HN: Email.md – Markdown to responsive, email-safe HTML
OPSDo Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ?
OPSAutomated knowledge graph of server setup by agentic LLM - good idea?
OPSShould I buy R230 for $200 and will it support my needs?
OPSWhat trends are you seeing around self-hosted software at KubeCon EU?
OPSLightning-fast exploits make it essential to patch fast, ask questions later
OPSTool updates: lots of security and logic fixes, (Mon, Mar 23rd)
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
OPSLago (YC S21) Is Hiring
OPSPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the E
OPS'Traces of unauthorized access': Mazda confirms data breach exposing employee an
OPSSurfshark launches HeyPolo, a privacy-first location sharing app to kill "always
OPSOpenClaw is fun. OpenClaw is dangerous. Here's where Tailscale helps.
OPSShow HN: Email.md – Markdown to responsive, email-safe HTML
OPSDo Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ?
OPSAutomated knowledge graph of server setup by agentic LLM - good idea?
OPSShould I buy R230 for $200 and will it support my needs?
OPSWhat trends are you seeing around self-hosted software at KubeCon EU?
OPSLightning-fast exploits make it essential to patch fast, ask questions later
OPSTool updates: lots of security and logic fixes, (Mon, Mar 23rd)
CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code
CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability
CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi
nsysops@ops-intel:~$ ls -lt --range live

OPS INTEL

266 items · ARIA-monitored · page 1 of 54
266
TOTAL
CRITICAL
HIGH
ACTIONABLE
WALLBOARD ↗
AUTO-APPROVED TODAY
LLM STATUS
CRITICAL (page) 3
HIGH (page) 2
MEDIUM (page) 0
LOW (page) 0
CRITICAL 95% confidence cve

(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Critical CVE-2025-14235 allows network-adjacent attackers to execute code on Canon MF654Cdw printers without authentication. CVSS rating: 8.8. Includes severity

Exploitation allows remote, network-adjacent attackers to execute arbitrary code without authentication Potential for sensitive data exposure and control of the device

Network-adjacent attackersCanon imageCLASS MF654Cdw owners/operators
action items (3)
  • Apply Canon's official patch or workaround immediately
  • Review network segmentation policies for printer infrastructure
  • Conduct security audit on print server and client systems

Zero Day Initiative ·

HIGH 90% confidence cve

ZDI-26-205: Canon MF654Cdw Printer Vulnerability

Network-adjacent attackers can execute arbitrary code on Canon imageCLASS MF654Cdw printers without requiring authentication due to a heap-based buffer. Read fu

Risk of unauthorized execution of arbitrary code on network-connected printers Potential for data exfiltration and operational disruption

Network administratorsIT security professionalsPrinter fleet managers
action items (3)
  • Update printer firmware immediately
  • Review network segmentation practices
  • Implement logging and monitoring for suspicious activity

Zero Day Initiative ·

CRITICAL 95% confidence cve

ZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

Network-adjacent attackers can execute remote code on Canon imageCLASS MF654Cdw printers without authentication, rated CVSS 8.8. Includes severity, confidence,

Lack of authentication for exploit Severe impact on security posture

Enterprise networks with Canon printers
action items (2)
  • Verify device versions and apply patches
  • Monitor for exploitation attempts

Zero Day Initiative ·

HIGH 95% confidence cve

ZDI-26-203: Canon MF654Cdw XML SOAP Buffer Overflow RCE

Network-adjacent attackers can execute arbitrary code on Canon imageCLASS MF654Cdw printers without authentication due to a heap-based buffer overflow. Read ful

Remote attackers can execute arbitrary code Potential for unauthorized access and data theft

Network operatorsPrinter administrators
action items (2)
  • Update printer firmware immediately
  • Review and restrict network exposure

Zero Day Initiative ·

CRITICAL 95% confidence cve

ZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerability

Network-adjacent attackers can execute arbitrary code on QNAP TS-453E with the Hyper Data Protector Plugin due to a bypassable authentication flaw, rated CVSS.

Risk of unauthorized access and data theft Potential for service disruption

QNAP TS-453E usersNetwork administrators
action items (2)
  • Update to the latest firmware version
  • Conduct a security audit of network-accessible devices

Zero Day Initiative ·

ONLINE | ARIA: aria-32b | COMMIT: 9501650 | UPTIME: 2d 12:09 | LAST SCAN: 10 MIN AGO
CORE API: ONLINE TWITCH: OFFLINE --:--:--