Official intelligence summary

HAIJA INTEL REPORT

Generated 25/05/2026, 09:14. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources9
Tweets / X6
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

6 items
@_RastaMouse avatar
_RastaMouse @_RastaMouse
22 May, 19:30 · core
0.56
Cobalt Strike 4.13 is about to drop and we're celebrating! You're cordially invited to our release party demo on June 3! Learn all about 4.13, which includes an overhaul of post-exploitation capabilities, reimagined red team workflows, and more. RSVP now: https:// register.gotowe
tweet media
open on X
SP
SpecterOps @SpecterOps
22 May, 08:53 · core
0.56
Identity attacks are driving modern offensive tradecraft. Our Identity-driven Offensive Tradecraft course covers finding & exploiting identity attack paths across AD, cloud, & supply chain environments. Join our next se…
open on X
@outflanknl avatar
outflanknl @outflanknl
22 May, 15:02 · core
0.54
Headed to #OrangeCon on June 4th? So are we. Come find us if you want to discuss red team challenges, talk tools and tradecraft, or see what we’re building. See you at Meervaart Amsterdam!
tweet media
open on X
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
24 May, 20:49 · core
0.42
Hola مساء الخير ME & @M4lcode published Part 2 of our investigation into Lawxsz, the Argentinian threat actor behind the Valkyrie and Prysmax stealers. What initially appeared to be fragmented online identities across Telegram, GitHub, Discord, forums, and other platforms
tweet media
open on X
@BishopFox avatar
BishopFox @BishopFox
22 May, 22:23 · secondary
0.42
Thomas Wilson on the GitHub Actions cache poisoning technique behind Mini-Shai-Hulud and why CI/CD trust assumptions are becoming a major real-world attack surface, from the Initial Access podcast.
tweet media
open on X
@_RastaMouse avatar
_RastaMouse @_RastaMouse
22 May, 19:37 · core
0.42
We're excited for this release, there's some seriously cool stuff! Cobalt Strike 4.13 is about to drop and we're celebrating! You're cordially invited to our release party demo on June 3! Learn all about 4.13, which includes an overhaul of post-exploitation capabilities, reimagin
tweet media
open on X

Regular sources

9 items
1.00exploit · 24 May, 19:065 mentionsseclists.org

Re: Coordinated Disclosure in the LLM Age

Posted by ROI AI on May 21 I understand the costs, but simply hanging all the dirty laundry out is counter productive. Working a change in public without going into sens… | Posted by Jeffrey Walton on May 21 Anthropic has a long article at [0]. If you scroll down beyond the explanations for the vulnerabilities the tool found, you land in a … | Posted by Jacob Bachmeyer on May 21 You apparently do not understand. Most projects take keeping embargoed security issues private rather seriously---and that *itself* h…

seclists.org/oss-sec/2026/q2/661seclists.org/oss-sec/2026/q2/660seclists.org/oss-sec/2026/q2/659seclists.org/oss-sec/2026/q2/679
primary · linked · linked · linked
1.00exploit · 24 May, 18:45seclists.orgResearch

Sv: Coordinated Disclosure in the LLM Age

Posted by ROI AI on May 24 Yes, reporting issues without proper analysis is and always has been grossly negligent. For that I strongly encourage people to fight fire wit…

primary
1.00general · 23 May, 22:48bleepingcomputer.com

Laravel Lang packages hijacked to deploy credential-stealing malware

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abu…

primary
1.00general · 23 May, 18:07thehackernews.com

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub…

primary
1.00general · 23 May, 09:35thehackernews.comWild exploit

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 …

primary
1.00general · 23 May, 09:23thehackernews.comWild exploit

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnera…

primary
1.00general · 22 May, 17:08sentinelone.comWild exploitResearch

The Good, the Bad and the Ugly in Cybersecurity - Week 21

Cops seize First VPN and share intel on users, Reaper spoofs multiple brands to infect Macs, and two Microsoft Defender zero-days exploited in the wild.

primary
1.00general · 22 May, 16:00helpnetsecurity.com

$20 per zero-day is already the WordPress plugin reality

Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in…

primary
1.00general · 22 May, 15:39bleepingcomputer.comWild exploit

Trend Micro warns of Apex One zero-day exploited in the wild

Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]

primary