HAIJA INTEL REPORT

AzureHound now has least-privilege permission documentation + @martinsohndk shows the internal research that made it. TL;DR of changes: http:// Directory.Read.All → 8 MS Graph permissions Reader role → 16 ARM actions Directory Readers → not required https:// ghst.ly/4vzI8yk

What kind of bugs ? *ANTHROPIC TESTING CONFIRMS MYTHOS SUCCESSFULLY EXPLOITED 18 OF 21 WINDOWS KERNEL BUGS DISCLOSED RECENTLY *ANTHROPIC RESEARCH SHOWS MYTHOS EXPLOITS WINDOWS KERNEL FLAWS AT A COST OF $2,000 EACH *ANTHROPIC'S MYTHOS MODEL CREATES WORKING CYBER EXPLOITS FROM PUBL

Assistive AI agents aren’t always so helpful - it all depends on whose behalf they're working. The final installment of our series on suspicious AI workflows in Microsoft Entra ID highlights an "on behalf of" authentication workflow. Take a look at the logs:

$100K. One world title. 400+ flags pulled from live attack campaigns. Your move. The Threat Hunting World Championship 2026 opened June 2. Compete against threat hunters around the world in brand-new 30-minute capture-the-flag rounds. The Top 200 players per region will

If your tech stack is a force multiplier, but your “human tool” is at zero, what exactly are you multiplying? Join Keith McCammon and Katie Nickels live on SecOps Weekly to hear how to lead your SOC team through the anxiety of the agentic AI shift - and how better

That’s a wrap on #GartnerSEC 2026! From whiskey tasting to theater sessions to rolling dice at our booth, the energy was unmatched! Huge thanks to everyone who stopped by to chat about the future of cybersecurity! #AIPentesting #Synack #InfoSec

We just launched an EU data residency option to help organizations manage their evolving data sovereignty and compliance needs. This update allows customers to store and process their crowdsourced security data entirely within the European Union. As data privacy

Adversaries aren't slowing down. Are you keeping up? 27-second breakout times 89% increase in AI-enabled attacks 82% of intrusions are malware-free The threat landscape has changed. Has your defense strategy? Watch the full video: https:// crwdstr.ke/6014B8LHu8

Sparkplug B is widely used across ICS and SCADA environments. Until now, there wasn’t a publicly available security fuzzer built for it. New research from David Colón and Shad Malloy explores how they built a Sparkplug B fuzzer covering all 9 message types, all 19 data types,

@pdiscoveryio has had a huge impact on the bug bounty community with tools like Nuclei, Httpx, Katana, Subfinder, Naabu, and many more. But beyond the popular tools, they have built several lesser-known gems that can make recon, validation, and vulnerability research much

We going to have The worst World cup version ever Named by FIFA to officiate during the World Cup, the Somali referee Omar Artan was denied entry to U.S. territory Due to his difficulties in obtaining a visa, he had benefited from the support of the Somali embassy in Nairobi, whi

Pretty sure this is how Skynet started! Siri AI can now create reminders and start timers