Official intelligence summary

HAIJA INTEL REPORT

Generated 22/06/2026, 09:28. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources9
Tweets / X6
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

6 items
@_dirkjan avatar
_dirkjan @_dirkjan
19 Jun, 11:48 · core
0.66
We've been working on something for a while. The talks your blue team doesn't want you to see. Red Teaming. Initial Access. AD. Cloud & Web exploitation. Paris - Le Dernier Étage March 19 - 20, 2027 http:// entrypoint.fr CFP and additional details coming soon.
tweet media
open on X
@SentinelOne avatar
SentinelOne @SentinelOne
19 Jun, 23:50 · secondary
0.53
Law enforcement dismantled massive phishing and malware networks, a ransomware cartel abused Microsoft Teams infrastructure, and a state-sponsored group targeted medical research data. This is the Good, Bad & Ugly. GOOD - Authorities dismantled Outsider Enterprise, a
tweet mediatweet media
open on X
@outflanknl avatar
outflanknl @outflanknl
19 Jun, 11:30 · core
0.42
See what we've put on the board for Team OST. Catch the latest additions to our evasive red team toolset at our live demo. Match starts at 2:00pm GMT on June 22nd! Secure your seats: https:// attendee.gotowebinar.com/register/22489 95414666319710?/source=X …
tweet mediatweet media
open on X
@_RastaMouse avatar
_RastaMouse @_RastaMouse
20 Jun, 23:26 · core
0.36
new version of aardwolf (my async python rdp client library) is out on pip and github. thank you for the PRs fixing some connection issues and support for python3.14 Also I added clipboard file download as an extra. (upload was already there but I was lazy) enjoy
open on X
@mrgretzky avatar
mrgretzky @mrgretzky
19 Jun, 21:16 · core
0.36
I’m sharing my slides from @x33fcon 2026. Inside ~15 examples of abusing traitorware to execute your payload via trusted & signed binaries (e.g. VLC Player, SublimeText) and how to find more of them. Recording will be published soon. https:// github.com/Print3M/MyTalk s/blob/main
tweet mediatweet media
open on X
@TheDFIRReport avatar
TheDFIRReport @TheDFIRReport
19 Jun, 13:30 · core
0.36
Private DFIR Report: ViewState of Mind: Gladinet Exploit Opens the Door The threat actor changed to a new execution pattern that would be used throughout the intrusion. This pattern followed the execution chain common for tools such as http:// atexec.py or the NetExec
tweet mediatweet media
open on X

Regular sources

9 items
1.00general · 19 Jun, 19:08rapid7.comRCETradecraftResearch

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exp…

primary
1.00general · 19 Jun, 17:30thehackernews.comRCE

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent …

primary
1.00general · 19 Jun, 14:11helpnetsecurity.com

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware

A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading…

primary
1.00general · 19 Jun, 02:17microsoft.comRCEResearch

AutoJack: How a single page can RCE the host running your AI agent

AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusin…

primary
1.00exploit · 19 Jun, 00:39seclists.org

Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse)

Posted by Jeremy Stanley on Jun 18 [...] [...] I suppose it depends on the project's practices. For some projects in which I'm involved doing upstream vulnerability coor…

primary
0.91general · 19 Jun, 14:12bleepingcomputer.comAttack path

Webinar: How attackers bypass MFA and how defenders can respond

Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This …

primary
0.89exploit · 21 Jun, 05:54seclists.org

OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read

Posted by shj on Jun 20 ------------------------------------------------------------------------ OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label Sta…

primary
0.89exploit · 21 Jun, 05:54seclists.org

OpenBSD sppp_pap_input: PAP authentication bypass

Posted by shj on Jun 20 ------------------------------------------------------------------------ OpenBSD sppp_pap_input: PAP Authentication Bypass via Zero-Length bcmp -…

primary