Official intelligence summary

HAIJA INTEL REPORT

Generated 02/07/2026, 09:25. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources6
Tweets / X9
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

9 items
@mrgretzky avatar
mrgretzky @mrgretzky
01 Jul, 05:51 · core
0.74
Markus Vervier ( @marver ) breaks down a wild ride to achieving RCE in VSCode and forcing GitHub Copilot to inject malicious code. Discover why "context" is the new attack surface and why attacking these systems requires your own AI agents! More info: https:// offbyone.sg/talk/ma
tweet mediatweet media
@TalosSecurity avatar
TalosSecurity @TalosSecurity
01 Jul, 15:25 · secondary
0.57
Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration. https:// cs.co/6015BDLH
tweet media
@mrgretzky avatar
mrgretzky @mrgretzky
01 Jul, 10:00 · core
0.56
Just open-sourced CredSpy Couldn't find any tools that allowed unauthenticated enumeration of auth methods for @Microsoft accounts, so I created it. Shows whether target accounts use Passkeys, certificate auth, passwordless push, etc... Find it here: https:// github.com/RedByte13
tweet mediatweet media
SY
Sysdig @Sysdig
01 Jul, 20:46 · secondary
0.50
The Sysdig TRT just documented what we assess to be the first-ever agentic ransomware operation. We're calling the operator JADEPUFFER. It exploited CVE-2025-3248 in an internet-facing Langflow instance, then ran a full…
@intigriti avatar
intigriti @intigriti
01 Jul, 11:07 · secondary
0.49
Bypassing LLM security guardrails for AI red teaming usually means crafting payloads from scratch every time... P4RS3LT0NGV3 by @elder_plinius is a web-based toolkit that automatically transforms prompts using a wide range of obfuscation and encoding techniques to help test
tweet mediatweet media
@brutelogic avatar
brutelogic @brutelogic
01 Jul, 15:28 · secondary
0.48
OAuth - More oBroken Than You Think oBroken is here. The first tool to autonomously find, exploit and prove OAuth authorization bypasses end to end. Our new proprietary OAuth Authorization Bypass Scanner, exclusive to Brute One, covers 23 techniques across 17 vulnerability OAuth
tweet mediatweet media
@SpecterOps avatar
SpecterOps @SpecterOps
01 Jul, 23:16 · core
0.46
Detection gets easier when you understand the tradecraft behind the techniques. Join our Tradecraft Analysis course at #BHUSA to connect attacker behavior with the telemetry and detection opportunities that matter. Save your spot https:// ghst.ly/43eLw5s
tweet mediatweet media
@RedCanary avatar
RedCanary @RedCanary
01 Jul, 00:35 · secondary
0.43
Phishing attacks topped 3.8 million in 2025 - and AI is making them harder to catch than ever. So we built an AI agent to fight back. Our latest blog breaks down how Red Canary's phishing triage agent blends machine learning, a rules engine, agentic AI, and LLMs into an
tweet mediatweet media
@Bugcrowd avatar
Bugcrowd @Bugcrowd
01 Jul, 01:10 · secondary
0.38
Yaaaa, AI can scan at scale, but it lacks the instinct to exploit business logic. Bugcrowd Chief Strategy and Trust Officer @treyford notes that specialized human talent remains irreplaceable "My expectation is bug bounty hunters will achieve a level of specialization
tweet media

Regular sources

6 items
1.00general · 01 Jul, 22:08bleepingcomputer.comPoCWild exploit

New ChocoPoC malware targets researchers via trojanized PoC exploits

Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands an…

1.00general · 01 Jul, 17:17darkreading.com

'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat

LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.

1.00general · 01 Jul, 15:56thehackernews.comRCEWild exploit

Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts

A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Re…

0.95exploit · 01 Jul, 23:212 mentionsseclists.org

Re: check_icmp (Monitoring Plugins): host-count overflow leads to heap buffer overflow in setuid-root binary

Posted by Michael Orlitzky on Jul 01 If anyone was wondering, nagios-plugins has the same problem. https://github.com/nagios-plugins/nagios-plugins/pull/833 | Posted by Holger Weiß on Jul 01 We released Monitoring Plugins 3.0.1, which fixes a security issue in the check_icmp plugin. Product: Monitoring Plugins (check_icmp) Dat…

0.84general · 01 Jul, 08:46thehackernews.com

Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls

Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tight…