Official intelligence summary

HAIJA INTEL REPORT

Generated 09/07/2026, 09:24. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources4
Tweets / X11
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

11 items
AL
albinowax @albinowax
08 Jul, 16:35 · core
0.70
The field of desync flaws arising from deep implementation bugs is absolutely wild. This finding from @calif_io using a fake pseudo-header than gets weaponized by a dodgy length calculation is a great example MAD Bugs: …
@TheDFIRReport avatar
TheDFIRReport @TheDFIRReport
08 Jul, 15:02 · core
0.46
Step into real investigations. Real data, real cases, real threat actors, real tradecraft. Join us at DFIR Labs to put your skills to the test and gain insight from the real intrusions. Your lab is waiting: https:// thedfirreport.com/products/dfir- labs/ …
tweet mediatweet media
@_dirkjan avatar
_dirkjan @_dirkjan
08 Jul, 19:11 · core
0.32
I've been out of the research game for a while, head down working on internal projects at @NetSPI . Finally had some free time to put in some vulnerability research which turned out to be fruitful. Lets see if MSRC agree.
tweet mediatweet media
@vxunderground avatar
vxunderground @vxunderground
08 Jul, 18:17 · secondary
0.32
I'm not sure if this is an anti-malware analysis technique, or legitimately child pornography. I don't want to find out. If this is child pornography, shoot them in the head. If this isn't child pornography, this is the most brazen anti-malware analysis technique I've ever
tweet mediatweet media
@vxunderground avatar
vxunderground @vxunderground
08 Jul, 08:39 · secondary
0.29
Yesterday two different people contacted me about two different projects on GitHub. "Tito" DMd me about someone making a comment on GitHub claiming to have a patch for "synara" (Image 1) "Robert Z" emailed about something similar on a different GitHub project (image 2).
tweet mediatweet media
@_JohnHammond avatar
_JohnHammond @_JohnHammond
08 Jul, 23:53 · secondary
0.24
We've seen four logistics firms getting hit by Teams messages (today!) that lead to Quick Assist, then a RAT/C2 that seems fairly novel. I'll get some IoCs later, but for now keep an eye out for Teams messages from .onmicrosoft.com accounts. @HuntressLabs
@vxunderground avatar
vxunderground @vxunderground
08 Jul, 18:25 · secondary
0.24
In regards to these files inside of "child porn folder", the files present inside all end in *.lnk (A Windows shortcut). This is a very common file masquerading technique to give the facade of a legitimate file, but it's actually malware (shortcut pulls a file that it detonates,
tweet media
@vxunderground avatar
vxunderground @vxunderground
08 Jul, 07:39 · secondary
0.24
> be me > get dm > "is this malware?" > "windows defender went crazy when i tried this video game mod" > download > look inside > not malware There is a function in Windows you can invoke called "GetAsyncKeyState". In simplest terms, this function waits for user input on the
tweet mediatweet media
@Unit42_Intel avatar
Unit42_Intel @Unit42_Intel
08 Jul, 23:44 · secondary
0.20
We are tracking a new #ClickFix campaign targeting #macOS users that installs a backdoor using LaunchAgent. Utilizes affiliate/cloaking redirect URLs to distribute lure pages hosted on pages[.]dev sites leading to 9 distinct payload URLs so far. Details at https:// bit.ly/4gnSkWd
tweet mediatweet media
@SpecterOps avatar
SpecterOps @SpecterOps
08 Jul, 19:08 · core
0.20
How do you make sense of a Kubernetes environment that's constantly changing? Hector Riestra explores how Codex helped shape a reusable framework for reasoning about AKS identity, trust relationships, and attack surface. Read more
tweet media
@harmj0y avatar
harmj0y @harmj0y
08 Jul, 19:02 · core
0.20
i like to leave a few artifacts of early drafts when i submit papers. maybe a grammatical error or two. want the reviewers to know all these hallucinations are home grown, baby

Regular sources

4 items
1.00exploit · 08 Jul, 23:28seclists.orgTradecraft

CVE-2026-46242 ("Bad Epoll") local privilege escalation on Linux, including Android

Posted by Jan Schaumann on Jul 08 Hey, https://github.com/J-jaeyoung/bad-epoll That repository's README follows: --- Bad Epoll (CVE-2026-46242) is a race-condition use-a…

1.00general · 08 Jul, 15:00rapid7.comResearch

Security Teams Are Ready To Become More Preemptive. What’s Holding Them Back?

The shift toward preemptive security is underway, but most organizations are still navigating the realities of limited resources, fragmented tools, and emerging AI risk.…

1.00general · 08 Jul, 12:30securityweek.com

Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection

Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication. T…

0.89exploit · 08 Jul, 17:31seclists.org

[OSSA-2026-026] Ironic: Insufficient Access Controls regarding parent/child nodes

Posted by Jay Faulkner on Jul 08 ================================================================================== OSSA-2026-026: Insufficient Access Controls in Ironic…