Official intelligence summary

HAIJA INTEL REPORT

Generated 04/06/2026, 09:24. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources7
Tweets / X8
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

8 items
@SpecterOps avatar
SpecterOps @SpecterOps
03 Jun, 23:32 · core
0.60
#BHUSA is right around the corner! Save your spot in our Detection course while you can. It's designed for defenders looking to improve threat hunting, strengthen detection coverage, & create analytics that remain effective as attacker tradecraft evolves. https:// ghst.ly/4e2C22g
tweet media
open on X
@vxunderground avatar
vxunderground @vxunderground
03 Jun, 18:00 · secondary
0.39
Pretty slow couple of days in cybersecurity, only 15 companies hit by ransomware, only 18,000,000 malwares noted in the wild, only three or four North Korean and Russian cyber operations discussed, and only two new Microsoft 0days
tweet media
open on X
@SpecterOps avatar
SpecterOps @SpecterOps
03 Jun, 17:22 · core
0.34
Is that a three-way tie we spy at the top of the #BloodHoundUnleashed leaderboard? Competition is fierce! Lots of great chats and demos are still happening outside at the Kennel Club. We'd love to see you there in this last hour of Day 2 at #InfoSecEurope!
tweet mediatweet media
open on X
@Jhaddix avatar
Jhaddix @Jhaddix
03 Jun, 17:04 · core
0.34
From our sponsor, @DelineaInc : AI is moving faster than identity controls can keep up. Most teams say they're ready, but few can explain what their identities are doing in real-time. That's the AI security confidence paradox. Delinea's 2026 Identity Security Report unpacks this
tweet media
open on X
@CrowdStrike avatar
CrowdStrike @CrowdStrike
03 Jun, 00:00 · secondary
0.32
Adversary tradecraft has evolved to evade detection better than ever before. Discover how adversaries are staying hidden and expanding the threat landscape in the CrowdStrike 2026 Global Threat Report. Download now: https:// crwdstr.ke/6011B8lGqS
tweet media
open on X
@Synack avatar
Synack @Synack
03 Jun, 17:23 · secondary
0.29
SRT Ty Bross breaks down what a business logic vulnerability looks like in the wild. The takeaway? AI finds more. Humans prove what matters. Listen to the full podcast episode here: https:// hubs.ly/Q04jpSqP0
tweet media
open on X
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
03 Jun, 20:03 · core
0.28
HackerOne Still lying. Your Continuous Testing page openly says Hai uses 12+ years of real-world vuln data + researchers’ prior H1 Bounty findings to power your AI agents and mimic our workflows. You got caught, updated the wording, but the product was built on our reports. Stop
open on X
@vxunderground avatar
vxunderground @vxunderground
03 Jun, 22:52 · secondary
0.24
This thing can have full access to your file system and is always on. I can't imagine a better thing to abuse on Windows. Imagine all the cool malware and system components we can abuse, oh my lord
open on X

Regular sources

7 items
1.00general · 03 Jun, 18:41blog.gitguardian.comResearch

Four Credential-Harvesting Campaigns Hit Open Source Ecosystems in Two Weeks

The pace is not slowing down. Between May 18 and June 1, 2026, four distinct supply chain campaigns swept through npm, PyPI, Crates.io, GitHub Actions, and Composer.

primary
1.00general · 03 Jun, 15:00bishopfox.comResearch

Otto Support - Testing MCP Servers

MCP servers introduce a new attack surface, but the security fundamentals are familiar. In this final otto-support post, we use nmap, a Nuclei template, and MCP Inspecto…

primary
1.00general · 03 Jun, 14:58thehackernews.comAttack path

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by cl…

primary
1.00general · 03 Jun, 08:50bleepingcomputer.com

VS Code zero-day lets hackers steal GitHub tokens in one click

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by …

primary
1.00exploit · 03 Jun, 04:38seclists.orgResearch

HTTP/2 Bomb affects Apache httpd, nginx, envoy, & pingora

Posted by Alan Coopersmith on Jun 02 https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb says: The blog tells the story of how it was found and provides technic…

blog.calif.io/p/codex-discovered-a-hidden…
primary · linked
0.93exploit · 03 Jun, 20:573 mentionsseclists.orgPoC

Re: Linux kernel TLS ULP use-after-free in tls_sk_proto_close()

Posted by Emily Shepherd on Jun 03 This reads like AI. Given the original mistake in publicly submitting a PoC when you intended not to, I have to ask: is a human proper… | Posted by Jacob Bachmeyer on Jun 02 Looking at the kernel code in the report, I suspect that there is a pattern here: a lock that will be unconditionally taken is deferr… | Posted by Oleg Sevostyanov on Jun 03 Thank you for the comments. You are right about the reproducer. I mistakenly included it despite saying that I was not including it.…

seclists.org/oss-sec/2026/q2/793seclists.org/oss-sec/2026/q2/795
primary · linked · linked
0.89exploit · 03 Jun, 03:07seclists.org

Fwd: Go 1.26.4 and Go 1.25.11 are released

Posted by Alan Coopersmith on Jun 02 -------- Forwarded Message -------- https://go.dev/doc/security/policy>: * mime: quadratic...

go.dev/doc/security/policy
primary · linked