Official intelligence summary

HAIJA INTEL REPORT

Generated 18/06/2026, 09:20. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources5
Tweets / X10
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

10 items
@brutelogic avatar
brutelogic @brutelogic
17 Jun, 14:10 · secondary
0.48
OAuth Bypass Testbed https:// 403.brutelogi.net/authz/oauth Test your skills against a LOGIN (randomly vulnerable) and/or 17 AUTHENTICATION SERVER endpoints. Like with JWT, a fully automated OAuth tool with complete FFF (Find, Forge, Fire) PoCs is on the way, exclusively for Brut
tweet mediatweet media
open on X
@SpecterOps avatar
SpecterOps @SpecterOps
17 Jun, 22:57 · core
0.42
Most orgs think of GitHub as a code platform. Attackers increasingly see it as a gateway to everything connected to it. @jaredcatkinson joined @riskydotbiz to discuss CI/CD attack paths and why GitHub is often a pivot point into the enterprise. : https:// ghst.ly/4ezC0zf
tweet mediatweet media
open on X
@brutelogic avatar
brutelogic @brutelogic
17 Jun, 16:24 · secondary
0.38
URL typo, correct below: https:// 403.brutelogic.net/authz/oauth
open on X
@Rapid7 avatar
Rapid7 @Rapid7
17 Jun, 13:33 · secondary
0.38
Rapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor #DroppingElephant, characterized by the use of a China-themed decoy document to deliver a heavily reworked, in-memory RAT. Technical analysis, IoCs & more: https:// r-7.co/4va2vSF
tweet mediatweet media
open on X
@mrgretzky avatar
mrgretzky @mrgretzky
17 Jun, 18:22 · core
0.34
If any of my US followers fancy joining the NetSPI Red Team, we have a principal position open for US candidates. Interesting projects, large enterprises, great tooling and a great team. https:// netspi.rec.pro.ukg.net/NET1500NSPI/Jo bBoard/944d4e9c-f503-4e74-bb8b-f79214e2a5e1/Op
open on X
@vxunderground avatar
vxunderground @vxunderground
17 Jun, 23:48 · secondary
0.32
Other smart nerds, who do kernel WinDBG stuff, and bonk the kernel with a stick, have documented the PEB pretty well. I've stolen their research notes and have copy-pasta'd their stuff into my malware stuff. The PEB is great for malware.
tweet media
open on X
@Synack avatar
Synack @Synack
17 Jun, 23:16 · secondary
0.29
Join us LIVE on June 24 as @Dinosn breaks down Synack’s 2026 State of Vulnerabilities Report: https:// webinar.synack.com/synack-state-o f-vulnerabilities-2026-webinar?utm_campaign=44163884-FY27-State-of-Vulnerabilities-Report&utm_source=organic-social&utm_medium=organic-social&u
tweet mediatweet media
open on X
@CrowdStrike avatar
CrowdStrike @CrowdStrike
17 Jun, 21:58 · secondary
0.24
ICYMI At @Identiverse , CrowdStrike's Mat Hamlin and Faraz Jamal explored why traditional identity controls aren't enough in a world where exploitation timelines keep shrinking. The answer: continuous identity. Here's the 60-second version.
tweet media
open on X
@RedCanary avatar
RedCanary @RedCanary
17 Jun, 20:31 · secondary
0.24
Adversaries aren't just using malware - they're hiding behind your IT tools. Remote monitoring and management (RMM) abuse has surged in the last year. Ransomware groups weaponize tools like ScreenConnect, NetSupport Manager, and SimpleHelp because they're signed, trusted, and
tweet media
open on X
@_JohnHammond avatar
_JohnHammond @_JohnHammond
17 Jun, 20:18 · secondary
0.24
If you enjoyed my killing AD attack paths ContinuumCon talk, then I think you will like this too. In this podcast, my teammate Tyler and I talk about how you can use ADeleg to find attack paths in Active Directory. This is like literally the process I use on internals.
tweet mediatweet media
open on X

Regular sources

5 items
1.00exploit · 17 Jun, 16:52seclists.org

Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse)

Posted by David A. Wheeler on Jun 17 That sounds good to me. "Have to" will be in the eye of the beholder. It appears we have about ~400-500 messages/month. I hope peopl…

primary
1.00general · 17 Jun, 13:20rapid7.comTradecraftResearch

Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain

Executive summary Rapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a C…

primary
1.00general · 17 Jun, 12:09bleepingcomputer.comWild exploit

CISA orders feds to patch max severity Joomla plugin flaw by Friday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Edito…

primary
1.00general · 17 Jun, 11:41securityweek.comPoC

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

The public PoC code exploits a race condition in Microsoft Defender to spawn a command prompt with System privileges. The post Microsoft Working on Patch for ‘RoguePlane…

primary
0.89exploit · 17 Jun, 00:07seclists.org

[vim-security] Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename affects Vim < 9.2.0663

Posted by Christian Brabandt on Jun 16 Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename affects Vim < 9.2.0663 =================================…

primary