HAIJA INTEL REPORT

good research here Ghost Bits is a brilliant research: https:// i.blackhat.com/Asia-26/Presen tations/Asia-26-Bai-Cast-Attack-Ghost-Bits-4.23.pdf … Now you can reproduce CVE-2025-41242 in Vulhub, Spring/Jetty Path trave…

We've launched a new @WebSecAcademy topic on exploiting AI-powered security scanners! Learn how to use indirect prompt injection to steal data, cause damage & trigger exploit chains!

Who the fuck is still hosting his bug bounty program on HackerOne? i went to http:// clickup.com. opened the page source. found a hardcoded API key in the javascript. copied it. sent one GET request. got back 959 email addresses and 3,165 internal feature flags. employees from Ho

We're about to release an open source recon tool on GitHub. Try to get the most URLs out of its testbed with your recon methods (in the shortest time possible) and let us know in the comments. https:// recon.brutelogic.net

ICYMI @_Mayyhem & Javier Azofra Ovejero shipped MSSQLHound in Go. Same lab, 17 min → under 17 sec Cross-platform, SOCKS, Kerberos/NT hash auth, + 37 BloodHound edges with pathfinding. If MSSQL isn't in your attack paths yet, it should be.

A red team is only as strong as its ability to think like the threats you’re actually up against. Bugcrowd’s RTaaS brings crowdsourced specialization to your unique attack surface, helping uncover deeper weaknesses and validate defenses beyond static testing. If you’re

The rush to adopt AI is creating more connections, more identities, and more potential attack paths. @ne0nd0g joined Risky Business to talk through what that means for red teaming & why the fundamentals matter more than ever. : https:// risky.biz/SOAPBOX106/

"The Claude project transcripts under the /bissascanner/ project show the operator using Claude Code to read the scanner codebase, understand lease and acknowledgement flow, troubleshoot misses, review benchmark output, and document the project well enough to rebuild parts of the

Attackers are currently exploiting a command injection flaw in DVRs to build out a new Mirai-based botnet. The catch here is that automated scans only tell part of the story. Our Chief Strategy and Trust Officer, @treyford , points out that machine analysis identifies the flaw,

ProjectDiscovery @pdiscoveryio · 12h projectdiscovery.io Benchmarking Neo's Black-Box DAST Capabilities - ProjectDiscovery Blog Since the launch of Neo, we've been steadily expanding what it can do. Neo has found 33+ real CVEs across open-source projects, performed well on white-

New from @Sysdig Threat Research: CVE-2026-42208 is a critical pre-auth SQL injection in LiteLLM, an open-source gateway for OpenAI, Anthropic, and more. It was a very targeted AI attack: • Direct access to API keys, provider creds, env configs • Clear schema awareness