diff --git a/modules/security/ip-reputation-manager.sh b/modules/security/ip-reputation-manager.sh
index 1702c37..5eef52d 100755
--- a/modules/security/ip-reputation-manager.sh
+++ b/modules/security/ip-reputation-manager.sh
@@ -153,9 +153,9 @@ view_top_active() {
 
         # Color code by hit count
         local color="$NC"
-        if [ $hit_count -gt 10000 ]; then
+        if [ "${hit_count:-0}" -gt 10000 ]; then
             color="$RED$BOLD"
-        elif [ $hit_count -gt 1000 ]; then
+        elif [ "${hit_count:-0}" -gt 1000 ]; then
             color="$YELLOW"
         fi
 
diff --git a/modules/security/live-attack-monitor.sh b/modules/security/live-attack-monitor.sh
index 5cace74..2ffa8c2 100755
--- a/modules/security/live-attack-monitor.sh
+++ b/modules/security/live-attack-monitor.sh
@@ -1802,7 +1802,7 @@ monitor_ssh_attacks() {
 
                     # Progressive scoring for bruteforce: Each attempt adds points
                     # First attempt: 10 pts, subsequent attempts: +8 pts each
-                    if [ $hits -eq 1 ]; then
+                    if [ "${hits:-0}" -eq 1 ]; then
                         score=10
                     else
                         score=$((score + 8))
@@ -1856,7 +1856,7 @@ monitor_ssh_attacks() {
                     fi
 
                     # Cap at 100
-                    [ $score -gt 100 ] && score=100
+                    [ "${score:-0}" -gt 100 ] && score=100
 
                     # Update ip_data file directly (subshells can't access IP_DATA array)
                     local ip_file="$TEMP_DIR/ip_${ip//\./_}"
@@ -2192,7 +2192,7 @@ monitor_email_attacks() {
                     fi
 
                     # Progressive scoring: Each email bruteforce attempt adds points
-                    if [ $hits -eq 1 ]; then
+                    if [ "${hits:-0}" -eq 1 ]; then
                         score=10
                     else
                         score=$((score + 8))
@@ -2236,7 +2236,7 @@ monitor_email_attacks() {
                         block_reasons="${block_reasons}${context_reason}"
                     fi
 
-                    [ $score -gt 100 ] && score=100
+                    [ "${score:-0}" -gt 100 ] && score=100
 
                     # Update ip_data file directly (subshells can't access IP_DATA array)
                     local ip_file="$TEMP_DIR/ip_${ip//\./_}"
@@ -2311,7 +2311,7 @@ monitor_ftp_attacks() {
                     fi
 
                     # Progressive scoring: Each FTP bruteforce attempt adds points
-                    if [ $hits -eq 1 ]; then
+                    if [ "${hits:-0}" -eq 1 ]; then
                         score=10
                     else
                         score=$((score + 8))
@@ -2355,7 +2355,7 @@ monitor_ftp_attacks() {
                         block_reasons="${block_reasons}${context_reason}"
                     fi
 
-                    [ $score -gt 100 ] && score=100
+                    [ "${score:-0}" -gt 100 ] && score=100
 
                     # Update ip_data file directly (subshells can't access IP_DATA array)
                     local ip_file="$TEMP_DIR/ip_${ip//\./_}"
@@ -2432,7 +2432,7 @@ monitor_database_attacks() {
                     fi
 
                     # Progressive scoring: First DB attack = 15pts, each additional = 12pts
-                    if [ $is_new_attack -eq 1 ]; then
+                    if [ "${is_new_attack:-0}" -eq 1 ]; then
                         score=$((score + 15))
                     else
                         score=$((score + 12))
@@ -2476,7 +2476,7 @@ monitor_database_attacks() {
                         block_reasons="${block_reasons}${context_reason}"
                     fi
 
-                    [ $score -gt 100 ] && score=100
+                    [ "${score:-0}" -gt 100 ] && score=100
 
                     # Update ip_data file directly (subshells can't access IP_DATA array)
                     local ip_file="$TEMP_DIR/ip_${ip//\./_}"