HAIJA INTEL REPORT

Phishing sandboxes don’t play fair. In his latest blog, @synzack21 walks through a real red team engagement against modern email sandboxes and techniques that helped keep payload redirects hidden from crawlers while preserving a familiar user experience.

#TuxBot v3 Evolution: IoT malware/C2 framework tied to AISURU/Keksec. Self-ID "Akiru." 30-plus exploit targets, 1,496 credential pairs, encrypted C2, and DGA. Developers used an LLM to port exploits and write code, leaving traces in some files. Details at https:// bit.ly/3RAFJ7N

Found an unpatched RCE in Gogs Any authenticated user can get code execution on the server through argument injection into git rebase. Full @rapid7 writeup + @metasploit module available now! https:// rapid7.com/blog/post/ve-a uthenticated-rce-via-argument-injection-gogs-unfixed/

Heading to TechNet Cyber 2026 in Baltimore? Join Synack at Booth 2644 to discuss how AI-powered pentesting and human validation can help your team continuously identify and reduce exploitable risk. Book a 1:1 meeting here: https:// hubs.ly/Q04jfSD_0 #technetcyber2026

Red team engagement ≠ red team exercise. One measures your detection and response. The other develops it. Most orgs invest in the first. Far fewer invest in the second. @Ne0nd0g explains why structured practice belongs in every mature security program.

Getting Oracle vibes xD https:// x.com/mikko/status/6 31110787252232192?s=20 … What next? MSRC Swatting researchers? "Our Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity - coordinating as needed with law enforcem