HAIJA INTEL REPORT

Identity risk is accelerating & orgs are adapting. Our Trends in Identity Attack Path Management Report shows: 35% fully implemented APM 75% increasing identity security spend AI is expanding identity risk Check it out: https:// ghst.ly/3Qv0cKJ

good research here Ghost Bits is a brilliant research: https:// i.blackhat.com/Asia-26/Presen tations/Asia-26-Bai-Cast-Attack-Ghost-Bits-4.23.pdf … Now you can reproduce CVE-2025-41242 in Vulhub, Spring/Jetty Path trave…

Our sponsor this week is @harmonicsec ! Want to see every plugin, skill, MCP server, connector, extension, and scheduled task running in Claude Desktop? Now you can thanks to @harmonicsec ’s free tool: claudit-sec: http…

The latest data on Microsoft vulnerabilities shows a 6% drop in total bugs, but the critical flaws have doubled. Risk is concentrating in the cloud and Office suite, where Azure and Dynamics 365 saw a massive jump in severe findings. With AI speeding up how fast exploits are

Super proud and excited to be joining this year's extraordinary line-up at @x33fcon ! This time, I will be showing a new phishing technique that involves downgrading FIDO MFA to less secure, phishable fallbacks. See you in June!

Released unKover, a 403 access bypass tester. Part of our open source recon suite. Built to ace our comprehensive testbed. Definitely worth checking this out. #Bypass #BugBounty #PenTesting

Just released reKover, an URL mapper. Part of our open source recon tools suite. Designed to be simple, fast and stealthy. Worth checking it out. #Recon #BugBounty #PenTesting

UNC6692 is impersonating IT helpdesk employees on Microsoft Teams to deploy custom malware. The SNOW ecosystem (SNOWBELT, SNOWGLAZE, SNOWBASIN) enables deep network penetration and exfiltration. Read the analysis and get indicators of compromise. https:// goo.gle/3OVpSzs

#FalCon2026 is where learning becomes action. From Hands-on Workshops to Adversary Tradecraft to CrowdStrike University, build skills that will make you indispensable. Join us → https:// crwdstr.ke/6012BBzSkQ August 31 - September 3 | Mandalay Bay

Attackers are currently exploiting a command injection flaw in DVRs to build out a new Mirai-based botnet. The catch here is that automated scans only tell part of the story. Our Chief Strategy and Trust Officer, @treyford , points out that machine analysis identifies the flaw,

I just did an interview with @SecWeekly , with teasers for my upcoming #BHUSA presentation "Can AI Do Novel Vulnerability Research: Meet the HTTP Terminator", plus reflections on the Top Ten Web Hacking Techniques of 2025 & 2026. Watch it here:

We discovered phishing emails falsely warning recipients their mailbox storage limit was exceeded. Emails include shortened links that redirect to fake cloud storage pages, ultimately redirecting users to pages selling VPNs or antivirus software. Details: https:// bit.ly/4tLKnhy