HAIJA INTEL REPORT

Attackers continued to rely heavily on phishing - an easy and low-cost social engineering operation - for initial access in 2025. For phishing lure trends and more, read the full 2025 Year in Review: https:// cs.co/6018…

Zscaler ThreatLabz has published a technical analysis on activity we believe to be orchestrated by Tropic Trooper, using military-themed lures and a trojanized SumatraPDF to deploy AdaptixC2 with a custom GitHub-based C…

Phishing is making a comeback with an AI-powered twist. Read Talos' Q1 2026 Incident Response Trends report to see how threat actors are targeting public administration and how you can lock down your defenses against th…

We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code and OpenClaw were embedded in the operator's day-to-day workflow, supporting troubleshooting,

Tool Spotlight: CloudFox Cloud pentesting is hard, but it's not because the attacks are so clever. It’s hard because the environment is such a mess. CloudFox helps find the exploitable paths in AWS and GCP.

The number of device registration events reported by users as fraud increased 178% from 2024 to 2025. Dive deeper into these trends in our Year in Review: https:// cs.co/6014BBBjiA

Attacks are becoming faster to build, easier to scale, and increasingly designed to blend into normal activity. Watch the latest TTP for more incident response trends from Q1 2026: https:// cs.co/6010BBDTna

In less than 20 minutes and under $2, we used our .NET reversing capability to run a SAST scan of Azure Cosmos DB in the Microsoft Container Registry (MCR), surfacing a high severity vulnerability in the now-deprecated database. Model: Moonshot AI - Kimi K2.6 Task/agent

Three weeks. Three tier-1 supply chain attacks. SentinelOne stopped all three from the moment they were observed in the wild - with no prior knowledge of any payload. LiteLLM. Axios. CPU-Z. Different vectors. Different threat actors. Different techniques. One thing in common:

Gone are the days of risking a Rubeus monitor run (even via the amazing BOF[.]NET by @_EthicalChaos_ ) in your conquest beacon. @virtualloc is crushing it!

This is what's happening to YouTube. This is one of my most popular videos. It's how to fix a UEFI bootloader. As you can see the traffic has been cut in half over the last 6 months. But if you Google how to fix a UEFI bootloader, Gemini will give you my exact step by step

Just released v6.0.0 It supports ECMA 2025 so you can parse js files with cutting-edge syntax. 4x speedup too ^_^ Parse javascript in python Introducing esprima2: https:// github.com/s0md3v/esprima2

Exploited high and critical vulnerabilities are up 105% YoY. The 2026 Global Threat Landscape Report breaks down how shrinking disclosure-to-exploitation timelines are reshaping how teams assess and respond. Download it here: https:// r-7.co/3PicnK6