diff --git a/detection/c2/unexpected-dns-traffic-events.sql b/detection/c2/unexpected-dns-traffic-events.sql
index 9050025..b6d67c3 100644
--- a/detection/c2/unexpected-dns-traffic-events.sql
+++ b/detection/c2/unexpected-dns-traffic-events.sql
@@ -97,6 +97,7 @@ WHERE
     'msedge,8.8.8.8,53',
     'nuclei,1.0.0.1,53',
     'plugin-container,8.8.8.8,53',
+    'Pieces OS,208.67.222.222,53',
     'ServiceExtension,8.8.8.8,53',
     'Signal Helper (Renderer),8.8.8.8,53',
     'signal-desktop,8.8.8.8,53',
diff --git a/detection/c2/unexpected-talkers-linux.sql b/detection/c2/unexpected-talkers-linux.sql
index 256d8de..b05a22c 100644
--- a/detection/c2/unexpected-talkers-linux.sql
+++ b/detection/c2/unexpected-talkers-linux.sql
@@ -186,12 +186,14 @@ WHERE protocol > 0
     '80,6,500,zen,u,g,zen',
     '80,6,500,zoom,0u,0g,zoom',
     '80,6,500,zoom.real,u,g,zoom.real',
+    '80,6,0,zypper,0u,0g,Zypp-main',
     '8080,6,500,brave,0u,0g,brave',
     '8080,6,500,chrome,0u,0g,chrome',
     '8080,6,500,firefox,0u,0g,firefox',
     '8080,6,500,idea,0u,0g,idea',
     '8080,6,500,python3.11,0u,0g,speedtest-cli',
     '8080,6,500,speedtest,500u,500g,speedtest',
+    '8080,6,500,bambu-studio,u,g,bambustu_main',
     '8443,6,500,chrome,0u,0g,chrome',
     '8443,6,500,firefox,0u,0g,firefox',
     '8801,17,500,zoom,0u,0g,zoom',
diff --git a/detection/evasion/hidden-executable.sql b/detection/evasion/hidden-executable.sql
index 3dc3c31..8f161cb 100644
--- a/detection/evasion/hidden-executable.sql
+++ b/detection/evasion/hidden-executable.sql
@@ -116,6 +116,7 @@ WHERE (
   AND NOT f.directory LIKE '%/Applications/PSI Bridge Secure Browser.app/Contents/Resources/.apps/darwin/%'
   AND NOT f.directory LIKE '/var/home/linuxbrew/.linuxbrew/Cellar/%'
   AND NOT f.directory LIKE '/Volumes/com.getdropbox.dropbox-%'
+  AND NOT f.directory LIKE '/var~/Code/cgr/private/.terraform/%'
   AND NOT f.path LIKE '/nix/store/%/%-wrapped'
   AND NOT (
     f.path LIKE '/nix/store/%'
diff --git a/detection/persistence/unexpected-uid0-daemon-linux.sql b/detection/persistence/unexpected-uid0-daemon-linux.sql
index 5b211c9..151942f 100644
--- a/detection/persistence/unexpected-uid0-daemon-linux.sql
+++ b/detection/persistence/unexpected-uid0-daemon-linux.sql
@@ -165,6 +165,8 @@ WHERE
     'gdm-session-wor,/usr/libexec/gdm-session-worker,0,user.slice,user-42.slice,0755',
     'gdm-session-wor,/usr/lib/gdm-session-worker,0,user.slice,user-1000.slice,0755',
     'gdm-session-wor,/usr/lib/gdm-session-worker,0,user.slice,user-120.slice,0755',
+    'gdm-session-wor,/usr/libexec/gdm/gdm-session-worker,0,user.slice,user-463.slice,0755',
+    'gdm-session-wor,/usr/libexec/gdm/gdm-session-worker,0,user.slice,user-1000.slice,0755',
     'gdm,/usr/bin/gdm,0,system.slice,gdm.service,0755',
     'gdm,/usr/sbin/gdm,0,system.slice,gdm.service,0755',
     'gdm,/usr/sbin/gdm,0,system.slice,display-manager.service,0755',
@@ -276,6 +278,7 @@ WHERE
     'sddm-helper,/usr/lib/x86_64-linux-gnu/sddm/sddm-helper,0,user.slice,user-1000.slice,0755',
     'sddm,/usr/bin/sddm,0,system.slice,sddm.service,0755',
     '(sd-pam),/usr/lib/systemd/systemd,0,user.slice,user-0.slice,0755',
+    '(sd-pam),/usr/lib/systemd/systemd-executor,0,user.slice,user-0.slice,0755',
     'sedispatch,/usr/sbin/sedispatch,0,system.slice,auditd.service,0755',
     'sh,/nix/store/__VERSION__/bin/bash,0,system.slice,znapzend.service,0555',
     'sleep,/usr/bin/sleep,0,system.slice,snap.cups.cups-browsed.service,0755',