Ruleset Update Summary - 2026/05/07 - v11188

Ruleset Updates
1

Summary:

16 new OPEN, 26 new PRO (16 + 10)

Added rules:

Open:

  • 2069192 - ET WEB_SPECIFIC_APPS LiteLLM Arbitrary File Read (CVE-2026-35029) (web_specific_apps.rules)
  • 2069193 - ET INFO Rust HTTP Client User-agent Observed (ureq) (info.rules)
  • 2069194 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (brakyfaw .cyou) (malware.rules)
  • 2069195 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (brakyfaw .cyou) in TLS SNI (malware.rules)
  • 2069196 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (honceybl .cyou) (malware.rules)
  • 2069197 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (honceybl .cyou) in TLS SNI (malware.rules)
  • 2069198 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dyuthiengineering .com) (exploit_kit.rules)
  • 2069199 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (openrelayzone .top) (exploit_kit.rules)
  • 2069200 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sharpfield .top) (exploit_kit.rules)
  • 2069201 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dyuthiengineering .com) (exploit_kit.rules)
  • 2069202 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (openrelayzone .top) (exploit_kit.rules)
  • 2069203 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sharpfield .top) (exploit_kit.rules)
  • 2069204 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (secure .nzlifecoaching .com) (malware.rules)
  • 2069205 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (secure .nzlifecoaching .com) (malware.rules)
  • 2069206 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ssntana .com) (exploit_kit.rules)
  • 2069207 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ssntana .com) (exploit_kit.rules)

Pro:

  • 2867446 - ETPRO WEB_SPECIFIC_APPS DotNetNuke (DNN) CMS NTLM Hash Disclosure (CVE-2025-52488) (web_specific_apps.rules)
  • 2867447 - ETPRO WEB_SPECIFIC_APPS ETQ Reliance Reflected Cross-Site Scripting in SQLConverterServlet (CVE-2025-34141) (web_specific_apps.rules)
  • 2867448 - ETPRO WEB_SPECIFIC_APPS ETQ Reliance XML External Entity (XXE) Injection in SSO SAML Handler (CVE-2025-34142) (web_specific_apps.rules)
  • 2867449 - ETPRO WEB_SPECIFIC_APPS ETQ Reliance CG/NXG Authentication Bypass (CVE-2025-34140) (web_specific_apps.rules)
  • 2867450 - ETPRO WEB_SPECIFIC_APPS ETQ Reliance Authentication Bypass via Trailing Space (CVE-2025-34143) (web_specific_apps.rules)
  • 2867451 - ETPRO EXPLOIT LangSmith Playground RCE via Jinja2 (exploit.rules)
  • 2867452 - ETPRO WEB_SPECIFIC_APPS Dell Storage Manager DSM Data Collector Authentication Bypass (CVE-2025-43995) (web_specific_apps.rules)
  • 2867453 - ETPRO WEB_SERVER Dell Storage Manager DSM Server Agent Unauthenticated Large Directory Creation (CVE-2025-43994) (web_server.rules)
  • 2867454 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2867455 - ETPRO WEB_SPECIFIC_APPS Adobe Experience Manager XML External Entity Injection (CVE-2025-54251) (web_specific_apps.rules)

Disabled and modified rules:

  • 2012491 - ET USER_AGENTS Suspicious User-Agent (Presto) (user_agents.rules)
  • 2024586 - ET PHISHING Successful RBC Royal Bank Phish M1 Aug 17 2017 (phishing.rules)