Official intelligence summary

HAIJA INTEL REPORT

Generated 22/04/2026, 09:25. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources7
Tweets / X8
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

8 items
TA
TalosSecurity @TalosSecurity
21 Apr, 19:02 · secondary
0.52
Is your office printer secretly putting your network at risk? Amy and Martin Lee chat through 2025 phishing and APT trends to expose how threat actors are blending high-tech exploits with everyday business workflows to …
open on X
@SpecterOps avatar
SpecterOps @SpecterOps
21 Apr, 21:40 · core
0.40
A compromised AI tool became an attack path into enterprise identity. @jaredcatkinson breaks down the lesson from the recent Vercel breach: AI tools are non-human identities w/ delegated access. If compromised, attackers inherit it. Read more
tweet mediatweet media
open on X
@_dirkjan avatar
_dirkjan @_dirkjan
21 Apr, 20:41 · core
0.32
Me trying to figure out Agent Identities in Entra ID. I really wonder who decided apps and service principals weren't already difficult enough to understand and went with a design that is even wayyy more complicated .
tweet media
open on X
@Unit42_Intel avatar
Unit42_Intel @Unit42_Intel
21 Apr, 23:31 · secondary
0.29
#SEOPoisoning seen delivering #LummaStealer via fake YubiKey pages. The attack chain utilizes DLL sideloading and PowerShell-based defense evasion to deploy a heavily obfuscated AutoIt loader, which ultimately injects Lumma Stealer directly into memory: https:// bit.ly/4u5e8tp
tweet mediatweet media
open on X
@_xpn_ avatar
_xpn_ @_xpn_
21 Apr, 21:19 · core
0.18
Ok fck it. You want really easy windows LPEs, right? I will show you how to do it. It is super simple. Windows is a broken piece of sh*t bc msft leadership is incompetent and toxic. I begin a new blog series starting tomorrow. I will show some novel techniques never seen before.
open on X
@gynvael avatar
gynvael @gynvael
21 Apr, 14:28 · secondary
0.15
A forum I visited had a CSRF bug and someone made a viral CSRF exploit that would post itself from victims account Devs fixed it, but posts with exploit still kept popping up. WTF? Turned out users decided it will be fun to just repost the exploit manually to mess with the devs I
open on X
@BishopFox avatar
BishopFox @BishopFox
21 Apr, 22:10 · secondary
0.14
AI has gotten way better at finding and exploiting vulnerabilities. Claude Mythos Preview shows the gap between discovery and exploitation is shrinking fast. So what's that mean for your organization?
tweet mediatweet media
open on X
@Bugcrowd avatar
Bugcrowd @Bugcrowd
21 Apr, 18:35 · secondary
0.14
Centralizing vulnerability triage is difficult at current volumes. The NIST CVE framework update confirms that priority should come from how a threat functions in practice, not just database notes. Bugcrowd’s @treyford notes that future programs will rely on continuous
tweet mediatweet media
open on X

Regular sources

7 items
1.00general · 21 Apr, 17:00darkreading.comRCE

Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool

The prompt injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execut…

primary
1.00general · 21 Apr, 15:58rapid7.comResearch

From Bulk Export to AI-ready Security Workflows: Introducing Rapid7’s Open-Source MCP Server and Agent Skill

Security teams want more from their data than APIs and one-off reports. They want to ask better questions, move faster, and bring security context into the workflows the…

primary
1.00general · 21 Apr, 13:30thehackernews.com

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, t…

primary
0.97critical · 21 Apr, 14:00cisa.govRCE

Hardy Barth Salia EV Charge Controller

View CSAF Summary Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. Th…

primary
0.89exploit · 21 Apr, 13:37seclists.org

Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes

Posted by Michael Orlitzky on Apr 21 On its own this isn't sufficient because many packages pin their dependencies to specific versions or git commits. This causes a cas…

primary
0.89exploit · 21 Apr, 13:10seclists.org

Libgcrypt security releases 1.12.2, 1.11.3, 1.10.x

Posted by Valtteri Vuorikoski on Apr 21 The following announcement regarding libcrypt security releases was posted to gnupg-announce and related lists today. The forward…

primary
0.84general · 21 Apr, 12:22thehackernews.com

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve c…

primary