Official intelligence summary

HAIJA INTEL REPORT

Generated 20/04/2026, 01:08. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items13
Regular sources10
Tweets / X3
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

3 items
@albinowax avatar
albinowax @albinowax
17 Apr, 15:30 · core
0.26
HTTP/3 downgrade desync via a QUIC FIN! This is a really nice finding. There used to be a significant cognitive & fiddly-coding barrier to testing lower-level HTTP/2 & 3 techniques but AI has largely eliminated it. As ever, the fix is... upstream HTTP/1 must …
tweet media
open on X
@harmj0y avatar
harmj0y @harmj0y
17 Apr, 14:52 · core
0.14
Back in 2021, "Certified Pre-Owned" by @tifkin_ & @harmj0y aimed to fix this class of issues. But these misconfigs still everywhere? The reason isn’t just technical; it’s abt guidance, incentives, & responsibility. Read up before Martin's talk! https:// ghst.…
tweet media
open on X
@harmj0y avatar
harmj0y @harmj0y
18 Apr, 10:41 · core
0.00
Ho no... Defender...
tweet mediatweet media
open on X

Regular sources

10 items
1.00exploit · 19 Apr, 16:45seclists.orgRCE

[CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0)

Posted by Pico 🧬 on Apr 19 Hi, https://pypi.org/project/terminal-controller/) GitHub:...

primary · linked
1.00exploit · 18 Apr, 21:12seclists.orgRCEResearch

CVE-2026-41113: RCE in sagredo fork of qmail

Posted by Alan Coopersmith on Apr 18 https://blog.calif.io/p/we-asked-claude-to-audit-sagredos and https://github.com/califio/publications/tree/main/MADBugs/qmail https:…

primary · linked · linked · linked
1.00exploit · 18 Apr, 00:53seclists.orgAttack path

CVE-2026-40948: Apache Airflow Keycloak Provider: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager

Posted by Jarek Potiuk on Apr 17 Severity: low Affected versions: - Apache Airflow Keycloak Provider (apache-airflow-providers-keycloak) 0.0.1 before 0.7.0 Description: …

primary
1.00general · 17 Apr, 15:00sentinelone.comAttack pathResearch

The Good, the Bad and the Ugly in Cybersecurity – Week 16

Authorities take down W3LL phishing ring, AgingFly malware steals Ukrainian government data, and actors exploit Nginx flaw to hijack servers.

primary
1.00general · 17 Apr, 14:00securityweek.comWild exploit

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Other noteworthy stories that might have slipped under the radar: ShinyHunters targets Rockstar Games, ShowDoc vulnerability exploited in the wild, and EPA to boost cybe…

primary
1.00general · 17 Apr, 12:04helpnetsecurity.comPoCWild exploitTradecraft

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild

The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back…

primary
1.00general · 17 Apr, 11:50securityweek.comRCEWild exploit

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April. The post Recent Apache ActiveMQ Vulnerability Exploited in the Wild appea…

primary
0.89exploit · 19 Apr, 23:13seclists.org

Re: Go 1.26.2 and Go 1.25.9 are released with 10 security fixes

Posted by Matthias Ferdinand on Apr 19 [ hopefully, discussing binary releases is not off-topic ] Personally, I am guilty of not compiling packages myself (except for so…

primary
0.70exploit · 18 Apr, 19:383 mentionsseclists.orgResearch

Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability

Posted by cyber security on Apr 18 After deep analysis we confirm, that CVE-2026-33691 aka it alias https://unlockoldupload.hashnode.dev/disable-modsecurity-waf-using-cv… | Posted by Solar Designer on Apr 18 Hi, This gives a 404 Page Not Found, but more importantly actual content should have been d…

primary · linked · linked · linked
0.70exploit · 18 Apr, 14:30seclists.org

Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE

Posted by Abhinav Agarwal on Apr 18 MITRE assigned CVE-2026-41254 on 2026-04-17 -- Abhinav Agarwal

primary