Official intelligence summary

HAIJA INTEL REPORT

Generated 30/04/2026, 09:09. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources9
Tweets / X6
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

6 items
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
29 Apr, 00:33 · core
0.56
ps5-linux has been released! You can now turn your PS5 Phat console on 3.xx and 4.xx FWs into a fully functional Linux PC gaming device! https:// github.com/ps5-linux/ps5- linux-loader …
tweet media
open on X
@mrgretzky avatar
mrgretzky @mrgretzky
29 Apr, 12:36 · core
0.42
Edoardo has released a great write-up on setting up Caddy in front of Evilginx and automating the process with the tool he wrote - kCaddy. Take a look, as there are not that many posts on properly setting up redirectors for your phishing infrastructure. Finally back to the forge.
tweet media
open on X
@vxunderground avatar
vxunderground @vxunderground
29 Apr, 21:49 · secondary
0.35
CVE-2026-31431 a/k/a CopyFail > Linux LPE > Description sounds like AI slop > Exploit is legit > Impacts every Linux kernel from 2017 - Now > Proof-of-concept released > It's Wednesday?
tweet media
open on X
@SpecterOps avatar
SpecterOps @SpecterOps
29 Apr, 19:31 · core
0.34
ICYMI: @JustinKohler10 joined @thecyberwire to explain a key shift in modern attacks: no exploits required. Instead, attackers chain identities and permissions across systems to escalate access and stay under the radar. Listen: https:// explore.thecyberwire.com/specterops
tweet media
open on X
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
29 Apr, 17:04 · core
0.32
Brand new blog post by @streypaws Three Adobe Reader prototype pollution bugs chained into arbitrary file read, first identified by @HaifeiLi of @EXPMON_ Check it out
open on X
@intigriti avatar
intigriti @intigriti
29 Apr, 11:05 · secondary
0.28
Intigriti's April Challenge is over! 80 hackers found the correct solution 18 hackers wrote a cool writeup Check out the winners below and drop your write-up in the comments! It's CHALLENGE O'CLOCK! Capture the flag before Monday the 27th of April Win €400 in SWAG prizes We'll re
tweet media
open on X

Regular sources

9 items
1.00exploit · 29 Apr, 19:43seclists.orgRCE

Re: SEC Consult SA-20260427-0 :: Missing TLS Certificate Validation leading to RCE in DeskTime Time Tracking App

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 29 *Update 2026-04-28:* The vendor contacted us and now provides a patched version v1.3.674 which can b…

desktime.com/download
primary · linked
1.00general · 29 Apr, 15:33redcanary.comTradecraftResearch

How AI can streamline your security testing

Atomic Red Team’s new MCP server helps you test more, faster as you validate your detection coverage against MITRE ATT&CK techniques

primary
1.00general · 29 Apr, 07:34thehackernews.comWild exploit

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has …

primary
1.00exploit · 29 Apr, 06:162 mentionsseclists.org

Re: Coordinated Disclosure in the LLM Age

Posted by Peter Gutmann on Apr 28 Jacob Bachmeyer writes: Not sure if this makes it better or worse, but I've found that Claude/Opus at least gives different answers for… | Posted by Jacob Bachmeyer on Apr 28 The biggest risk is parallel discovery. If an LLM can find a bug for a whitehat, it can do the same for a blackhat. You are correct h…

seclists.org/oss-sec/2026/q2/262
primary · linked
0.92exploit · 29 Apr, 05:214 mentionsseclists.org

Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing - traceroute 2.1.2

Posted by Alan Coopersmith on Apr 28 No, you cc'ed oss-security, a public mailing list with public archives: https://www.openwall.com/lists/oss-security/2026/04/28/20 so… | Posted by Jacob Bachmeyer on Apr 28 Oops. The oss-security mailing list is public. If you want to do coordinated disclosure, you might want to avoid sending the initial … | Posted by Solar Designer on Apr 28 Thank you, Dmitry! FWIW, I've just checked that traceroute-2.1.1-1.el9.src.rpm also contains the "n -= hlen;" line where Mohamed propo…

www.openwall.com/lists/oss-security/2026/…seclists.org/oss-sec/2026/q2/258seclists.org/oss-sec/2026/q2/261seclists.org/oss-sec/2026/q2/260
primary · linked · linked · linked
0.89exploit · 29 Apr, 19:35seclists.orgResearch

Research: When Trusted Tools Become Attack Primitives

Posted by Nir Yehoshua on Apr 29 Hi Full Disclosure list, I published a technical research article titled: When Trusted Tools Become Attack Primitives The article examin…

primary
0.89exploit · 29 Apr, 19:35seclists.org

[KIS-2026-08] SocialEngine <= 7.8.0 (get-memberall) SQL Injection Vulnerability

Posted by Egidio Romano on Apr 29 ----------------------------------------------------------------- https://socialengine.com [-] Affected Versions: Versions 7.8.0, 7.7.0…

socialengine.com
primary · linked