diff --git a/rules/linux/command_and_control_cupsd_foomatic_rip_netcon.toml b/rules/linux/command_and_control_cupsd_foomatic_rip_netcon.toml
index df296003e44..f7663801b19 100644
--- a/rules/linux/command_and_control_cupsd_foomatic_rip_netcon.toml
+++ b/rules/linux/command_and_control_cupsd_foomatic_rip_netcon.toml
@@ -2,7 +2,7 @@
 creation_date = "2024/09/27"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/09/27"
+updated_date = "2024/09/30"
 
 [rule]
 author = ["Elastic"]
@@ -64,6 +64,7 @@ This rule identifies potential exploitation attempts of several vulnerabilities
 - Use insights from the incident to improve detection and response times in future incidents (MTTD and MTTR).
 """
 references = [
+    "https://www.elastic.co/security-labs/cups-overflow",
     "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
     "https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1",
     "https://github.com/RickdeJager/cupshax/blob/main/cupshax.py",
diff --git a/rules/linux/execution_cupsd_foomatic_rip_file_creation.toml b/rules/linux/execution_cupsd_foomatic_rip_file_creation.toml
index 837f55c8308..218d5df1ff1 100644
--- a/rules/linux/execution_cupsd_foomatic_rip_file_creation.toml
+++ b/rules/linux/execution_cupsd_foomatic_rip_file_creation.toml
@@ -2,7 +2,7 @@
 creation_date = "2024/09/27"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/09/27"
+updated_date = "2024/09/30"
 
 [rule]
 author = ["Elastic"]
@@ -64,6 +64,7 @@ This rule identifies potential exploitation attempts of several vulnerabilities
 - Use insights from the incident to improve detection and response times in future incidents (MTTD and MTTR).
 """
 references = [
+    "https://www.elastic.co/security-labs/cups-overflow",
     "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
     "https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1",
     "https://github.com/RickdeJager/cupshax/blob/main/cupshax.py",
diff --git a/rules/linux/execution_cupsd_foomatic_rip_lp_user_execution.toml b/rules/linux/execution_cupsd_foomatic_rip_lp_user_execution.toml
index 5f34c1ec00b..aecb581a223 100644
--- a/rules/linux/execution_cupsd_foomatic_rip_lp_user_execution.toml
+++ b/rules/linux/execution_cupsd_foomatic_rip_lp_user_execution.toml
@@ -2,7 +2,7 @@
 creation_date = "2024/09/27"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/09/27"
+updated_date = "2024/09/30"
 
 [rule]
 author = ["Elastic"]
@@ -65,6 +65,7 @@ This rule identifies potential exploitation attempts of several vulnerabilities
 - Use insights from the incident to improve detection and response times in future incidents (MTTD and MTTR).
 """
 references = [
+    "https://www.elastic.co/security-labs/cups-overflow",
     "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
     "https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1",
     "https://github.com/RickdeJager/cupshax/blob/main/cupshax.py",
diff --git a/rules/linux/execution_cupsd_foomatic_rip_shell_execution.toml b/rules/linux/execution_cupsd_foomatic_rip_shell_execution.toml
index 49303fb291e..23bb7591911 100644
--- a/rules/linux/execution_cupsd_foomatic_rip_shell_execution.toml
+++ b/rules/linux/execution_cupsd_foomatic_rip_shell_execution.toml
@@ -2,7 +2,7 @@
 creation_date = "2024/09/27"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/09/27"
+updated_date = "2024/09/30"
 
 [rule]
 author = ["Elastic"]
@@ -64,6 +64,7 @@ This rule identifies potential exploitation attempts of several vulnerabilities
 - Use insights from the incident to improve detection and response times in future incidents (MTTD and MTTR).
 """
 references = [
+    "https://www.elastic.co/security-labs/cups-overflow",
     "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
     "https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1",
     "https://github.com/RickdeJager/cupshax/blob/main/cupshax.py",
diff --git a/rules/linux/execution_cupsd_foomatic_rip_suspicious_child_execution.toml b/rules/linux/execution_cupsd_foomatic_rip_suspicious_child_execution.toml
index c41411f1ec3..499abf8d845 100644
--- a/rules/linux/execution_cupsd_foomatic_rip_suspicious_child_execution.toml
+++ b/rules/linux/execution_cupsd_foomatic_rip_suspicious_child_execution.toml
@@ -2,7 +2,7 @@
 creation_date = "2024/09/27"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/09/27"
+updated_date = "2024/09/30"
 
 [rule]
 author = ["Elastic"]
@@ -65,6 +65,7 @@ This rule identifies potential exploitation attempts of several vulnerabilities
 - Use insights from the incident to improve detection and response times in future incidents (MTTD and MTTR).
 """
 references = [
+    "https://www.elastic.co/security-labs/cups-overflow",
     "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
     "https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1",
     "https://github.com/RickdeJager/cupshax/blob/main/cupshax.py",