Rule testing allows you to monitor the real-time behavior of newly added or updated rule(s). For more information on rule testing, see Rule Testing for New or Updated Rule(s).
The following section highlights the threat types and rules that Traceable has added, updated, or removed, along with their severity:
7th October 2025
This update enhances overall detection accuracy and protection capabilities. The following are some enhancements:
Protects against evasion-based attacks.
Safeguards your systems from known CVEs and code injection threats.
Reduces false positives with improvements from Traceable’s in-house regex assembler.
Added Threat Rules
Threat Rule | Threat Type | Is Aggressive | Severity |
|---|---|---|---|
Concatenated basic SQL injection and SQLLFI attempts (T360) | SQL Injection | No | High |
Remote Command Execution: Unix Command Injection (T105) | Remote Code Execution | No | High |
Remote Command Execution: Unix Command Injection (T100) | Remote Code Execution | No | High |
Authorization Bypass in Next.js Middleware: (CVE-2025-29927) | Basic Authentication Violation | No | High |
Concatenated basic SQL injection and SQLLFI attempts (360) | SQL Injection | Yes | Medium |
Updated Threat Rules
Threat Rule | Threat Type | Aggressive | Severity |
|---|---|---|---|
JSFuck / Hieroglyphy Obfuscation | Cross-Site Scripting (XSS) | No | Low |
Mail Injection: Protocol Manipulation | HTTP Protocol Attacks | No | High |
Remote Command Execution: Windows PowerShell Command | Remote Code Execution | Yes | High |
Path Traversal Attack (/../) | Local File Inclusion | No | Medium |
MySQL and PostgreSQL Stored Procedure/Function Injections | SQL Injection | Yes | Medium |
DB Code Execution and Information Gathering Attempts | SQL Injection | No | High |
Suspicious Java Class | Java Application Attacks | No | High |
SQL Code Execution and Information Gathering Attempts | SQL Injection | Yes | Medium |
Restricted File Access Attempt | Local File Inclusion | Yes | Medium |
Request Header Associated with Security Scanner | Scanner Detection | No | Medium |
Conditional SQL Injection Attempts | SQL Injection | Yes | Medium |
Request Filename/Argument Associated with Security Scanner | Scanner Detection | No | Low |
OS File Access Attempt | Local File Inclusion | Yes | Medium |
XML External Entity Injection: Local/Remote Includes | XML External Entity Injection (XXE) | No | High |
NoScript XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | Yes | Medium |
LDAP Injection Attack | HTTP Protocol Attacks | No | High |
XSS InjectionChecker: HTML Injection | Cross-Site Scripting (XSS) | No | High |
Remote Command Execution: Unix Shell Code | Remote Code Execution | No | High |
GraphQL Introspection Query Detected | GraphQL Attacks | No | Medium |
Java Spring Core: RCE (CVE-2022-22965) | Java Application Attacks | No | Critical |
Server-Side Template Injection (SSTI) Attempt | Remote Code Execution | No | High |
Remote Command Execution: Windows Command Injection | Remote Code Execution | Yes | Medium |
NoScript XSS InjectionChecker: Attribute Injection | Cross-Site Scripting (XSS) | Yes | Medium |
SQL Injection Attack: Common DB Names | SQL Injection | Yes | Low |
Added Threat Types
Threat Type | Threat Rule |
|---|---|
Basic Authentication Violation | Authorization Bypass in Next.js Middleware: (CVE-2025-29927) |