Official intelligence summary

HAIJA INTEL REPORT

Generated 22/05/2026, 09:19. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources9
Tweets / X6
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

6 items
@Bugcrowd avatar
Bugcrowd @Bugcrowd
21 May, 20:46 · secondary
0.49
Most AI security training stops at detection. That’s pattern matching, not skill. We just launched RL Environments at @Bugcrowd . Hundreds of thousands of real open-source vulnerabilities. Find, exploit, patch, audit. The full loop. Frontier labs are already training on them.
tweet media
open on X
@MDSecLabs avatar
MDSecLabs @MDSecLabs
21 May, 15:49 · secondary
0.48
Everyone losing their minds over the Visual Studio Code payload hitting GitHub. The research was published on @MDSecLabs site in 2023! Red Teams have used this on assessments for ages!! Microsoft knows all of this and didn't bother to fix it!!! IT'S BEEN IN INITIAL-ACCESS
tweet media
open on X
@SpecterOps avatar
SpecterOps @SpecterOps
21 May, 19:06 · core
0.46
Found a Tailscale API key on an assessment? In their latest research, @KingOfTheNOPs & @Sw4mp_f0x created TailscaleHound to turn your Tailnet into a BloodHound graph to visualize access paths between Azure & Tailscale. Check it out
open on X
@Jhaddix avatar
Jhaddix @Jhaddix
21 May, 17:59 · core
0.42
Our sponsor this week is @varonis Most AI security strategies focus on the model. The real risk lives in your data. As AI agents gain access, hidden exposure becomes operational risk. Varonis’ latest report shows where AI security actually breaks down and how to fix it.
tweet media
open on X
@Unit42_Intel avatar
Unit42_Intel @Unit42_Intel
21 May, 03:10 · secondary
0.38
We identified 4,000 samples of TamperedChef malware hiding in trojanized productivity apps. These campaigns use code signing to bypass security filters. The malware can remain dormant for days before stealing data. Read our analysis: https:// bit.ly/4wI0z57
tweet media
open on X
@_xpn_ avatar
_xpn_ @_xpn_
21 May, 15:51 · core
0.32
Honestly, what even is the point of researchers publishing these things if the owners of the product don't care... and then get hit by the very research that they didn't care about. What are we even doing at this point? Everyone losing their minds over the Visual Studio Code payl
tweet media
open on X

Regular sources

9 items
1.00general · 21 May, 18:10helpnetsecurity.comTradecraft

Microsoft open-sources tools for designing and testing AI agents

Microsoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous t…

primary
1.00general · 21 May, 14:18projectdiscovery.ioResearch

Red-Teaming Cloud Infrastructure with Neo

Most AI security tooling shipped over the last year focuses on one of two workflows, code review at PR time or zero-day research in open-source software. Models in PR pi…

primary
1.00critical · 21 May, 14:00cisa.govWild exploit

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-34291 Langflow Origin Val…

primary
1.00general · 21 May, 12:55thehackernews.comWild exploitTradecraft

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2…

primary
1.00general · 21 May, 07:30helpnetsecurity.comResearch

Most dark web activity revolves around a handful of topics

Dark web activity often becomes visible during marketplace seizures, major data leaks, or sudden spikes in criminal activity. Those events can create an impression of an…

primary
1.00general · 21 May, 05:44thehackernews.comRCETradecraft

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution,…

primary
0.99general · 21 May, 07:00helpnetsecurity.comResearch

AI red teaming agents change how LLMs get tested

Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Sk…

primary
0.89exploit · 21 May, 22:26seclists.org

Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine)

Posted by Steffen Nurpmeso on May 21 Gabriel Corona wrote in : |> Sandboxes should only allow allowlist of file types and make everything |> else fall back to a safe def…

primary
0.89exploit · 21 May, 20:282 mentionsseclists.org

Re: Linux kernel: Dirty Frag variants - fix merged into netdev

Posted by Hyunwoo Kim on May 21 This is a bug class I understand well, so I intend to keep an eye on it going forward. His work was genuinely important. He precisely cau… | Posted by Solar Designer on May 21 Hi, Thank you very much Hyunwoo Kim for staying on top of this and focusing on fixing the issues. Such a contrast from what some other…

seclists.org/oss-sec/2026/q2/648
primary · linked