Official intelligence summary

HAIJA INTEL REPORT

Generated 20/05/2026, 09:13. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources6
Tweets / X9
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

9 items
@SpecterOps avatar
SpecterOps @SpecterOps
19 May, 22:43 · core
0.42
Attackers exploit hidden attack paths across identities, systems, and permissions every day. Join @jaredcatkinson & Cisco’s Aaron Woland at #CiscoLive to learn how BloodHound Enterprise, Cisco Duo, and Splunk help defenders uncover & reduce identity risk. https:// ghst.ly/4eAFEue
tweet media
open on X
@_xpn_ avatar
_xpn_ @_xpn_
19 May, 17:00 · core
0.34
The unfortunate reality is AI is 100% changing the scope of many aspects of digital and kinetic aspects of life. Both for the good and for the bad. Not using the tech to force multiply your skills, capability and output is going to put you at a massive disadvantage. Because it’s
open on X
@albinowax avatar
albinowax @albinowax
19 May, 20:16 · core
0.32
In “CSS: the bomb inside your inbox” @garethheyes will show how to use CSS to compromise accounts on multiple major email providers, bypassing all defences! I have personally seen this research and it’s insane. You may have noticed I've been a bit quiet on social media recently,
tweet media
open on X
@_RastaMouse avatar
_RastaMouse @_RastaMouse
19 May, 18:06 · core
0.32
Impacket 0.13.1 is live! This release includes new relay surfaces, stronger support for modern Windows and SQL Server environments, and a set of practical improvements across the examples scripts. Check out the blog post to get more details> https:// coresecurity.com/blog/whats-n
tweet media
open on X
@Sysdig avatar
Sysdig @Sysdig
19 May, 16:03 · secondary
0.32
The bottleneck isn't identifying risk. It's turning requirements into enforceable policy fast enough to matter. Headless cloud security changes that workflow. Describe the control, Sysdig translates it into validated, deployable policy. Read the blog: https:// okt.to/CluqRj
tweet media
open on X
@albinowax avatar
albinowax @albinowax
19 May, 09:16 · core
0.32
Completely flabbergasted... but over the moon to announce with @m4st3rspl1nt3r that "CRLF-Powered Desync Attacks: Beheading HTTP Streams" is coming to #BHUSA @BlackHatEvents
tweet media
open on X
@Bugcrowd avatar
Bugcrowd @Bugcrowd
19 May, 00:15 · secondary
0.32
Bug bounty hunters are putting AI to work. Researchers told @WSJ they’re using AI to support everything from recon to analysis and exploitation, with a growing focus on fewer, higher-value findings. But as Bugcrowd CEO @davegerryjr shared, human insight still plays a critical
tweet mediatweet media
open on X
@Synack avatar
Synack @Synack
19 May, 22:10 · secondary
0.24
AI can now find vulnerabilities at machine scale. But the real challenge is determining: -what’s exploitable -what matters most -what creates real business risk Great @WSJ piece from @AngusLoten featuring Synack CTO @MarkKuhr on why the future of offensive security is Human +
tweet media
open on X
@Bugcrowd avatar
Bugcrowd @Bugcrowd
19 May, 20:03 · secondary
0.24
When testing a GraphQL target, verifying array batching is one of the first checks. Here’s a quick process: Intercept a single query. {"query": "{ user { id } }"} Wrap the JSON object in an array and duplicate the query. [{"query": "{ user { id } }"}, {"query": "{
open on X

Regular sources

6 items
1.00general · 19 May, 15:00securityweek.comAttack path

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software …

primary
1.00critical · 19 May, 14:00cisa.gov

ZKTeco CCTV Cameras

View CSAF Summary Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials. The following ve…

primary
1.00general · 19 May, 11:23thehackernews.comRCE

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve …

primary
1.00general · 19 May, 10:13blog.gitguardian.comAttack pathResearch

How We Got a CISA GitHub Leak Taken Down in Under a Day

On May 14, GitGuardian found a public GitHub repository called "Private-CISA" - 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to C…

primary
0.93exploit · 19 May, 23:263 mentionsseclists.org

Re: PinTheft Linux LPE

Posted by Sam James on May 19 Sam James writes: https://oracle.github.io/kconfigs/ seems to agree with that. sam | Posted by Jelle van der Waa on May 19 Fedora seems "unaffected", CONFIG_RDS=m is set in Fedora unlike RHEL and the kernel module is packaged in kernel-modules-extra whic… | Posted by Sam James on May 19 Sam James writes: https://salsa.debian.org/kernel-team/linux/-/blob/debian/6.12/trixie-security/debian/patches/debian/rds-Disable-auto-load…

oracle.github.io/kconfigs/salsa.debian.org/kernel-team/linux/-/blob…seclists.org/oss-sec/2026/q2/603seclists.org/oss-sec/2026/q2/605
primary · linked · linked · linked
0.89exploit · 19 May, 23:282 mentionsseclists.org

Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine)

Posted by Aaron Rainbolt on May 18 This is not really a vulnerability report for a specific program, there are at least five different programs involved here. Tucked awa… | Posted by Gabriel Corona on May 19 Hi, Yes, MIME type registration (and URI registrations) has a huge potential for triggering malicious payload (often leading to arbitr…

seclists.org/oss-sec/2026/q2/573
primary · linked