Official intelligence summary

HAIJA INTEL REPORT

Generated 18/05/2026, 09:13. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources9
Tweets / X6
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

6 items
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
15 May, 15:23 · core
0.62
GET http:127.0.0.1 HTTP/1.1 Upgrade: websocket Connection: Upgrade SSRF on self-hosted NextJS! https:// github.com/vercel/next.js /security/advisories/GHSA-c4j6-fc7j-m34r …
tweet mediatweet media
open on X
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
15 May, 09:42 · core
0.62
SSRF on self-hosted NextJS! https:// github.com/vercel/next.js /security/advisories/GHSA-c4j6-fc7j-m34r …
tweet media
open on X
@SpecterOps avatar
SpecterOps @SpecterOps
15 May, 01:01 · core
0.62
Don't forget to save your spot for next week's webinar feat. @jaredcatkinson & @JustinKohler10 reviewing key findings from our 2026 Trends in Identity Attack Path Management report. https:// ghst.ly/3QQDhcJ
tweet media
open on X
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
15 May, 20:19 · core
0.50
RIP for all 6 entries. The last-minute patch turned out quite solid. So I decided to give my exploit a proper goodbye. Enjoy! https:// github.com/kiddo-pwn/ffff irefox … 6 Firefox entries at pwn2own. 5 withdrawals due to our 150.0.3 security release. 1 failed attempt. 0 Exploits.
tweet media
open on X
@orange_8361 avatar
orange_8361 @orange_8361
15 May, 18:51 · core
0.50
And this one is human insight w/ LLM-assisted research. Took about one week to finish everything. The AI really rescued me from a lot of tedious work - excluding the part where it changed the Domain Admin password, locked me out, and claimed it got RCE Aaaand it's official! Orang
tweet media
open on X
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
15 May, 15:08 · core
0.48
There it is! Orange Tsai (@orange_8361) of DEVCORE Research Team was able to exploit Microsoft Exchange! If confirmed, they win a whooping $200,000 and 20 Master of Pwn points. Off to the disclosure room to explain how they did it and seal the deal. #Pwn2Own #P2OBerlin
tweet media
open on X

Regular sources

9 items
1.00exploit · 17 May, 23:14seclists.org

Full disclosure: Edupage web and mobile application authorization bypass leaks PII and IBAN codes

Posted by Juraj Kosik on May 17 VULNERABILITY https://jkosik.github.io/posts/edupage/ https://www.edupage.org/ https://www.edupage.org/ Web application...

jkosik.github.io/posts/edupage/www.edupage.org/
primary · linked · linked
1.00general · 17 May, 13:57thehackernews.comRCEWild exploit

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCh…

primary
1.00general · 16 May, 17:20thehackernews.comWild exploit

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code in…

primary
1.00exploit · 16 May, 09:57seclists.org

Re: Coordinated Disclosure in the LLM Age

Posted by Greg KH on May 16 Yes, but to be pedantic, September 2026 is when _manufacturers_ need to start reporting the bugs they are notified of or find on their own. I…

primary
1.00general · 15 May, 08:19thehackernews.comWild exploit

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vu…

primary
0.93exploit · 15 May, 07:483 mentionsseclists.org

Re: Logic bug in the Linux kernel's __ptrace_may_access() function

Posted by Qualys Security Advisory on May 14 Hi all, https://github.com/torvalds/linux/commit/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a https://x.com/spendergrsec/status/… | Posted by Salvatore Bonaccorso on May 14 hi, Nevermind, it is written above by Sam, it ptrace restricing techniques so won't be enough. Regards, Salvatore | Posted by Salvatore Bonaccorso on May 14 Hi I'm not 100% certian, but setting restrictive kernel.yama.ptrace_scope might as well serve as temporary workaround. Can you c…

github.com/torvalds/linux/commit/31e62c2e…x.com/spendergrsec/status/…seclists.org/oss-sec/2026/q2/529x.com/spendergrsec/status/205497417492643…
primary · linked · linked · linked
0.91exploit · 17 May, 16:357 mentionsseclists.org

Re: Recent Kernel exploits, attack surface reduction, example IPSEC

Posted by Donald Buczek on May 17 By the way, I've just added such a feature to kmod for us: https://github.molgen.mpg.de/mariux64/kmod/compare/v34.2...v34.2-mpi https:/… | Posted by Jeffrey Walton on May 16 Another option on x86 is to isolate drivers from the kernel, and make drivers Ring 1 or RIng 2. Leave the kernel to Ring 0, and userla… | Posted by Lionel Debroux on May 16 Hi, > Multiple of the recent kernel exploits have affected the "esp" Linux > Kernel module. ESP is, as far as I understand, part of IP…

github.molgen.mpg.de/mariux64/kmod/compar…github.molgen.mpg.de/mariux64/mxtools/pul…seclists.org/oss-sec/2026/q2/562seclists.org/oss-sec/2026/q2/561
primary · linked · linked · linked