HAIJA INTEL REPORT

We've all been there. A major breach drops and you're piecing together the story from a dozen different sources. The GitHub/TeamPCP incident is a perfect example. ~3,800 internal repos exfiltrated, LAPSUS$ involved as the monetization arm, a supply chain campaign that had been

Sucky outcome but not untrue. Muti-turn model forcing, several evasions, context overload, and a verbatim jailbreak by BT6 and @elder_plinius were all going around. They all illustrated the ability of the model to do simple exploitation, but every demonstration I saw to do

Unit 42 is tracking the active targeting of Oracle PeopleSoft servers by Bling Libra (aka #ShinyHunters). Our analysis reveals suspected exploitation of RCE flaw CVE-2026-35273 and primary targeting of the education sec…

This is a tricky question and, in a bit of irony, there is a kind of like ... an unspoken ... or poorly documented philosophy of malware development. You kind of learn tricks of the trade as you write malware and witness malware campaigns operating in the wild. tl;dr idk it what

Wall Street Journal is reporting that Amazon reported the jailbreaks to the Department of Commerce, who instituted the ban

I’m once again here to tell you that *most* bug bounty platforms will or have used your hunting data in AI endeavors. bug bounty as an enterprise strategy is much lower margin than AI security. Or they will use it for auto triage. Which then they will conveniently forget

This Week on BRute Logic JWT Auth Bypass TestBed https:// x.com/BRuteLogic/sta tus/2063970745504371053 … Brute One v0.2 with JBroken https:// x.com/BRuteLogic/sta tus/2064359531522535477 … Crack Me Challenge https:// x.com/BRuteLogic/sta tus/2064722656599892121 … New Ebook - Brok

Very happy the Google phishing live demo was a success after the internet connection suddenly stopped working briefly on stage. Demo gods today tried to play some tricks. #Evilginx is back this year at #x33fcon, @mrgretzky is presenting "Downgrading #FIDO #MFA With #AI Slop" - #r

Talk is over and reel is finally public. https:// github.com/trustedsec/Reel #x33fcon "Towards Continuous #Social #Engineering" talk by @two06 - https:// x33fcon.com/#!/s/JamesWill iams.md … - #red, #demo, #social_engineering

And there we go, digital id… fuck sake!! NEW: The UK social media ban for under-16s will be enforced through facial recognition, digital IDs, credit cards, open banking, passports, mobile provider checks or email age estimation

Matthew Nguyen starting the party for ContinuumCon Day 3, walking us through using Malcat (), FakeNet, and more for some sweet malware analysis! https:// continuumcon.com Workshop Spotlight #8 "How to Analyze Malware" by Matthew Nguyen Description A practical introduction to malw