Snort - Network Intrusion Detection & Prevention System

Talos Rules 2026-01-27

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-multimedia and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29200

2026-01-27 15:25:29 UTC

Snort Subscriber Rules Update

Date: 2026-01-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65753 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65754 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65755 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65756 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65757 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:65758 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt (server-webapp.rules)
 * 1:65759 <-> DISABLED <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt (server-webapp.rules)
 * 1:65760 <-> DISABLED <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt (server-webapp.rules)
 * 1:65761 <-> DISABLED <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt (server-webapp.rules)
 * 1:65762 <-> ENABLED <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt (protocol-telnet.rules)
 * 1:65763 <-> DISABLED <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt (server-webapp.rules)
 * 1:65764 <-> DISABLED <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt (server-webapp.rules)
 * 1:65765 <-> DISABLED <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt (server-webapp.rules)
 * 1:65766 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65767 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65768 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65769 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65770 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65771 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65772 <-> DISABLED <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt (server-webapp.rules)
 * 1:65773 <-> DISABLED <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt (server-webapp.rules)
 * 1:65774 <-> DISABLED <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt (server-webapp.rules)
 * 1:65775 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:65776 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:65777 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:65778 <-> DISABLED <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt (server-webapp.rules)
 * 1:65779 <-> DISABLED <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt (server-webapp.rules)
 * 1:65780 <-> DISABLED <-> SERVER-WEBAPP Cacti color.php SQL injection attempt (server-webapp.rules)
 * 1:65781 <-> DISABLED <-> SERVER-WEBAPP Cacti color.php SQL injection attempt (server-webapp.rules)
 * 1:65782 <-> DISABLED <-> SERVER-WEBAPP Cacti color.php SQL injection attempt (server-webapp.rules)
 * 1:65785 <-> DISABLED <-> SERVER-WEBAPP Pimcore search function SQL injection attempt (server-webapp.rules)
 * 1:65786 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt (server-webapp.rules)
 * 1:65787 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt (server-webapp.rules)
 * 1:65788 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt (server-webapp.rules)
 * 3:65783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt (server-webapp.rules)
 * 3:65789 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt (file-multimedia.rules)
 * 3:65784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt (server-webapp.rules)
 * 3:65790 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt (file-multimedia.rules)
 * 3:65792 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt (file-multimedia.rules)
 * 3:65791 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt (file-multimedia.rules)
 * 3:65794 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt (file-multimedia.rules)
 * 3:65793 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules)
 * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:62648 <-> DISABLED <-> SERVER-WEBAPP mySCADA myPRO command injection attempt (server-webapp.rules)

29181

2026-01-27 15:25:29 UTC

Snort Subscriber Rules Update

Date: 2026-01-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65787 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt (server-webapp.rules)
 * 1:65778 <-> DISABLED <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt (server-webapp.rules)
 * 1:65777 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:65788 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt (server-webapp.rules)
 * 1:65760 <-> DISABLED <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt (server-webapp.rules)
 * 1:65761 <-> DISABLED <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt (server-webapp.rules)
 * 1:65762 <-> ENABLED <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt (protocol-telnet.rules)
 * 1:65754 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65765 <-> DISABLED <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt (server-webapp.rules)
 * 1:65764 <-> DISABLED <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt (server-webapp.rules)
 * 1:65758 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt (server-webapp.rules)
 * 1:65757 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:65768 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65769 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65770 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65771 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65772 <-> DISABLED <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt (server-webapp.rules)
 * 1:65773 <-> DISABLED <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt (server-webapp.rules)
 * 1:65774 <-> DISABLED <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt (server-webapp.rules)
 * 1:65775 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:65779 <-> DISABLED <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt (server-webapp.rules)
 * 1:65780 <-> DISABLED <-> SERVER-WEBAPP Cacti color.php SQL injection attempt (server-webapp.rules)
 * 1:65781 <-> DISABLED <-> SERVER-WEBAPP Cacti color.php SQL injection attempt (server-webapp.rules)
 * 1:65782 <-> DISABLED <-> SERVER-WEBAPP Cacti color.php SQL injection attempt (server-webapp.rules)
 * 1:65759 <-> DISABLED <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt (server-webapp.rules)
 * 1:65785 <-> DISABLED <-> SERVER-WEBAPP Pimcore search function SQL injection attempt (server-webapp.rules)
 * 1:65786 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt (server-webapp.rules)
 * 1:65755 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65763 <-> DISABLED <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt (server-webapp.rules)
 * 1:65753 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65766 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65767 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65756 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65776 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 3:65784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt (server-webapp.rules)
 * 3:65783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt (server-webapp.rules)
 * 3:65790 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt (file-multimedia.rules)
 * 3:65789 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt (file-multimedia.rules)
 * 3:65792 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt (file-multimedia.rules)
 * 3:65791 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt (file-multimedia.rules)
 * 3:65794 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt (file-multimedia.rules)
 * 3:65793 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules)
 * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:62648 <-> DISABLED <-> SERVER-WEBAPP mySCADA myPRO command injection attempt (server-webapp.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)

29171

2026-01-27 15:25:29 UTC

Snort Subscriber Rules Update

Date: 2026-01-27

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65780 <-> DISABLED <-> SERVER-WEBAPP Cacti color.php SQL injection attempt (server-webapp.rules)
 * 1:65779 <-> DISABLED <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt (server-webapp.rules)
 * 1:65754 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65781 <-> DISABLED <-> SERVER-WEBAPP Cacti color.php SQL injection attempt (server-webapp.rules)
 * 1:65782 <-> DISABLED <-> SERVER-WEBAPP Cacti color.php SQL injection attempt (server-webapp.rules)
 * 1:65785 <-> DISABLED <-> SERVER-WEBAPP Pimcore search function SQL injection attempt (server-webapp.rules)
 * 1:65786 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt (server-webapp.rules)
 * 1:65761 <-> DISABLED <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt (server-webapp.rules)
 * 1:65787 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt (server-webapp.rules)
 * 1:65788 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt (server-webapp.rules)
 * 1:65762 <-> ENABLED <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt (protocol-telnet.rules)
 * 1:65759 <-> DISABLED <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt (server-webapp.rules)
 * 1:65753 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65763 <-> DISABLED <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt (server-webapp.rules)
 * 1:65764 <-> DISABLED <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt (server-webapp.rules)
 * 1:65756 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65766 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65760 <-> DISABLED <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt (server-webapp.rules)
 * 1:65770 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65771 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65758 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt (server-webapp.rules)
 * 1:65757 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt (server-webapp.rules)
 * 1:65755 <-> DISABLED <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt (server-webapp.rules)
 * 1:65765 <-> DISABLED <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt (server-webapp.rules)
 * 1:65769 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65768 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65772 <-> DISABLED <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt (server-webapp.rules)
 * 1:65773 <-> DISABLED <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt (server-webapp.rules)
 * 1:65774 <-> DISABLED <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt (server-webapp.rules)
 * 1:65775 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:65776 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:65777 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:65767 <-> DISABLED <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt (server-webapp.rules)
 * 1:65778 <-> DISABLED <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt (server-webapp.rules)
 * 3:65783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt (server-webapp.rules)
 * 3:65784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt (server-webapp.rules)
 * 3:65791 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt (file-multimedia.rules)
 * 3:65790 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt (file-multimedia.rules)
 * 3:65789 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt (file-multimedia.rules)
 * 3:65792 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt (file-multimedia.rules)
 * 3:65794 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt (file-multimedia.rules)
 * 3:65793 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt (file-multimedia.rules)

Modified Rules:


 * 1:58066 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57836 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:58065 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:57835 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules)
 * 1:59334 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules)
 * 1:62648 <-> DISABLED <-> SERVER-WEBAPP mySCADA myPRO command injection attempt (server-webapp.rules)
 * 1:59333 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt (server-webapp.rules)

3200

2026-01-27 15:32:45 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

3351

2026-01-27 15:32:45 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.5.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

3360

2026-01-27 15:32:45 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.6.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

3370

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

3700

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

3900

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.9.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

31110

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

31150

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

31180

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

31200

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

31210

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

31350

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

31440

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt

31470

2026-01-27 15:32:46 UTC

Snort Subscriber Rules Update

Date: 2026-01-26-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301381 <-> SERVER-WEBAPP Zimbra Mail web client servlet_path local file inclusion attempt
* 1:301382 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 1:65753 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65754 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65755 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65756 <-> SERVER-WEBAPP D-Link account_mgr.cgi command injection attempt
* 1:65757 <-> SERVER-WEBAPP Zoho ManageEngine OpManager arbitrary Java object deserialization attempt
* 1:65758 <-> SERVER-WEBAPP Zoho ManageEngine OpManager directory traversal attempt
* 1:65759 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65760 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65761 <-> SERVER-WEBAPP WooCommerce Wishlist WordPress Plugin SQL injection attempt
* 1:65762 <-> PROTOCOL-TELNET telnetd login environment variable authentication bypass attempt
* 1:65763 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65764 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65765 <-> SERVER-WEBAPP Pimcore GridHelperService SQL injection attempt
* 1:65766 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65767 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65768 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65769 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65770 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65771 <-> SERVER-WEBAPP WIKID 2FA Enterprise Server SQL injection attempt
* 1:65772 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65773 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65774 <-> SERVER-WEBAPP Advantech R-SeeNet SQL injection attempt
* 1:65775 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65776 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65777 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:65780 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65781 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65782 <-> SERVER-WEBAPP Cacti color.php SQL injection attempt
* 1:65785 <-> SERVER-WEBAPP Pimcore search function SQL injection attempt
* 1:65786 <-> SERVER-WEBAPP Oracle E-Business Suite cross site scripting attempt
* 3:65783 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65784 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2025-2326 attack attempt
* 3:65789 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65790 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2324 attack attempt
* 3:65791 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65792 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2325 attack attempt
* 3:65793 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt
* 3:65794 <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2025-2315 attack attempt

Modified Rules:

* 1:57835 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:57836 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58065 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:58066 <-> SERVER-WEBAPP Nagios XI command injection attempt
* 1:59333 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:59334 <-> SERVER-WEBAPP Apache Kylin REST API DiagnosisService command injection attempt
* 1:62648 <-> SERVER-WEBAPP mySCADA myPRO command injection attempt