Tag

Telemetry

3 briefs RSS

TelemetryController Scheduled Task Hijack for Persistence

The rule detects the hijack of the Microsoft Compatibility Appraiser scheduled task to establish persistence with system integrity level, by monitoring CompatTelRunner.exe process execution and detecting unexpected child processes.

Microsoft Compatibility Appraiser +3 persistence scheduled_task telemetry windows

2r 1t May 12, 2026

high advisory

n8n-mcp Vulnerable to Path Traversal, SSRF, and Telemetry Exposure

2 rules 1 TTP

n8n-mcp versions before 2.50.1 are vulnerable to path traversal, redirect-following SSRF, and telemetry payload exposure, potentially leading to sensitive information disclosure and unauthorized access.

n8n-mcp path-traversal ssrf telemetry information-disclosure

2r 1t May 8, 2026

critical advisory

OpenC3 COSMOS SQL Injection Vulnerability in QuestDB Time-Series Database

2 rules 3 TTPs

A SQL injection vulnerability exists in the Time-Series Database (TSDB) component of COSMOS, allowing an authenticated remote user to execute arbitrary SQL commands, including telemetry data disclosure and deletion.

OpenC3 sql-injection cosmos questdb telemetry

2r 3t Apr 23, 2026