Summary:
14 new OPEN, 14 new PRO (14 + 0)
Added rules:
Open:
- 2069664 - ET WEB_SPECIFIC_APPS XWIKI resource Parameter Directory Traversal Attempt (CVE-2026-23734) (web_specific_apps.rules)
- 2069665 - ET MALWARE Fake Updates Victim Click Confirmation (malware.rules)
- 2069666 - ET MALWARE Observed Fake Updates Page Inbound (malware.rules)
- 2069667 - ET MALWARE Fake Updates Victim Click Confirmation Javascript Observed (malware.rules)
- 2069668 - ET MALWARE Observed Fake Updates Page Inbound (malware.rules)
- 2069669 - ET WEB_SPECIFIC_APPS OpenCATS Installer Config databaseConnectivity Command Injection Attempt (CVE-2026-27760) (web_specific_apps.rules)
- 2069670 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (secure .therunningink .com) (malware.rules)
- 2069671 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (secure .therunningink .com) (malware.rules)
- 2069672 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (copperbeacon .top) (exploit_kit.rules)
- 2069673 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (shadowcompass .top) (exploit_kit.rules)
- 2069674 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (copperbeacon .top) (exploit_kit.rules)
- 2069675 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (shadowcompass .top) (exploit_kit.rules)
- 2069676 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (diranda .lol) (exploit_kit.rules)
- 2069677 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (diranda .lol) (exploit_kit.rules)