diff --git a/docker-compose.yaml b/docker-compose.yaml
index c65ca82..67f1a1a 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -50,7 +50,7 @@ services:
       SECRET_TOKEN: ${SECRET_TOKEN}
       SCOREBOARD_URL: ${SCOREBOARD_URL:-http://10.60.0.1:8080}
       OUR_TEAM_ID: ${OUR_TEAM_ID:-1}
-      ALERT_THRESHOLD_POINTS: ${ALERT_THRESHOLD_POINTS:-100}
+      ALERT_THRESHOLD_POINTS: ${ALERT_THRESHOLD_POINTS:-5}
       ALERT_THRESHOLD_TIME: ${ALERT_THRESHOLD_TIME:-300}
       TELEGRAM_API_URL: http://tg-bot:8003/send
     depends_on:
diff --git a/scoreboard_injector/main.py b/scoreboard_injector/main.py
index b802f25..5634f0e 100644
--- a/scoreboard_injector/main.py
+++ b/scoreboard_injector/main.py
@@ -18,7 +18,7 @@ DATABASE_URL = os.getenv("DATABASE_URL", "postgresql://adctrl:adctrl@postgres:54
 SECRET_TOKEN = os.getenv("SECRET_TOKEN", "change-me-in-production")
 SCOREBOARD_URL = os.getenv("SCOREBOARD_URL", "http://10.60.0.1:8080")
 OUR_TEAM_ID = int(os.getenv("OUR_TEAM_ID", "1"))
-ALERT_THRESHOLD_POINTS = float(os.getenv("ALERT_THRESHOLD_POINTS", "100"))
+ALERT_THRESHOLD_POINTS = float(os.getenv("ALERT_THRESHOLD_POINTS", "5"))
 ALERT_THRESHOLD_TIME = int(os.getenv("ALERT_THRESHOLD_TIME", "300"))  # seconds
 TELEGRAM_API_URL = os.getenv("TELEGRAM_API_URL", "http://tg-bot:8003/send")
 
@@ -265,7 +265,23 @@ async def socketio_listener():
                     elif is_attack_to_us:
                         print(f"  ⚠️  Team {attacker_id} stole flag from us on {service_name} (-{attacker_delta:.2f} FP)")
                         if attacker_delta >= ALERT_THRESHOLD_POINTS:
-                            await check_and_create_alerts(conn, attacker_id, service_name)
+                            # Create and send alert
+                            alert_message = f"🚨 ATTACK DETECTED!\nTeam {attacker_id} stole flag from {service_name}\nPoints lost: {attacker_delta:.2f} FP"
+                            
+                            alert_id = await conn.fetchval("""
+                                INSERT INTO attack_alerts (attack_id, alert_type, severity, message)
+                                VALUES (
+                                    (SELECT id FROM attacks WHERE attack_id = $1),
+                                    'flag_stolen',
+                                    'high',
+                                    $2
+                                )
+                                RETURNING id
+                            """, attack_id, alert_message)
+                            
+                            await send_telegram_alert(alert_message)
+                            await conn.execute("UPDATE attack_alerts SET notified = true WHERE id = $1", alert_id)
+                            print(f"  📱 Alert sent to Telegram")
                 finally:
                     await db_pool.release(conn)
         except Exception as e: