Official intelligence summary

HAIJA INTEL REPORT

Generated 29/04/2026, 09:09. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources6
Tweets / X9
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

9 items
@SpecterOps avatar
SpecterOps @SpecterOps
28 Apr, 15:15 · core
0.76
Identity risk is accelerating & orgs are adapting. Our Trends in Identity Attack Path Management Report shows: 35% fully implemented APM 75% increasing identity security spend AI is expanding identity risk Check it out: https:// ghst.ly/3Qv0cKJ
tweet media
open on X
H4
h4x0r_dz @h4x0r_dz
28 Apr, 02:58 · core
0.70
good research here Ghost Bits is a brilliant research: https:// i.blackhat.com/Asia-26/Presen tations/Asia-26-Bai-Cast-Attack-Ghost-Bits-4.23.pdf … Now you can reproduce CVE-2025-41242 in Vulhub, Spring/Jetty Path trave…
open on X
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
29 Apr, 00:33 · core
0.56
ps5-linux has been released! You can now turn your PS5 Phat console on 3.xx and 4.xx FWs into a fully functional Linux PC gaming device! https:// github.com/ps5-linux/ps5- linux-loader …
tweet media
open on X
@Jhaddix avatar
Jhaddix @Jhaddix
28 Apr, 21:48 · core
0.56
Our sponsor this week is @harmonicsec ! Want to see every plugin, skill, MCP server, connector, extension, and scheduled task running in Claude Desktop? Now you can thanks to @harmonicsec ’s free tool: claudit-sec: http:// github.com/HarmonicSecuri ty/claudit-sec …
tweet media
open on X
@Bugcrowd avatar
Bugcrowd @Bugcrowd
28 Apr, 18:25 · secondary
0.43
The latest data on Microsoft vulnerabilities shows a 6% drop in total bugs, but the critical flaws have doubled. Risk is concentrating in the cloud and Office suite, where Azure and Dynamics 365 saw a massive jump in severe findings. With AI speeding up how fast exploits are
tweet media
open on X
@mrgretzky avatar
mrgretzky @mrgretzky
28 Apr, 13:41 · core
0.42
Super proud and excited to be joining this year's extraordinary line-up at @x33fcon ! This time, I will be showing a new phishing technique that involves downgrading FIDO MFA to less secure, phishable fallbacks. See you in June!
tweet media
open on X
@brutelogic avatar
brutelogic @brutelogic
28 Apr, 16:35 · secondary
0.34
Released unKover, a 403 access bypass tester. Part of our open source recon suite. Built to ace our comprehensive testbed. Definitely worth checking this out. #Bypass #BugBounty #PenTesting
tweet media
open on X
@brutelogic avatar
brutelogic @brutelogic
28 Apr, 15:47 · secondary
0.34
Just released reKover, an URL mapper. Part of our open source recon tools suite. Designed to be simple, fast and stealthy. Worth checking it out. #Recon #BugBounty #PenTesting
tweet media
open on X
@Mandiant avatar
Mandiant @Mandiant
28 Apr, 19:00 · secondary
0.32
UNC6692 is impersonating IT helpdesk employees on Microsoft Teams to deploy custom malware. The SNOW ecosystem (SNOWBELT, SNOWGLAZE, SNOWBASIN) enables deep network penetration and exfiltration. Read the analysis and get indicators of compromise. https:// goo.gle/3OVpSzs
tweet media
open on X

Regular sources

6 items
1.00general · 29 Apr, 07:34thehackernews.comWild exploit

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has …

primary
1.00exploit · 29 Apr, 06:162 mentionsseclists.org

Re: Coordinated Disclosure in the LLM Age

Posted by Peter Gutmann on Apr 28 Jacob Bachmeyer writes: Not sure if this makes it better or worse, but I've found that Claude/Opus at least gives different answers for… | Posted by Jacob Bachmeyer on Apr 28 The biggest risk is parallel discovery. If an LLM can find a bug for a whitehat, it can do the same for a blackhat. You are correct h…

seclists.org/oss-sec/2026/q2/262
primary · linked
1.00general · 28 Apr, 13:18thehackernews.comRCE

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub st…

primary
1.00general · 28 Apr, 08:37thehackernews.comTradecraftAttack path

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according…

primary
1.00general · 28 Apr, 07:50thehackernews.comWild exploit

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the…

primary
0.92exploit · 29 Apr, 05:214 mentionsseclists.org

Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing - traceroute 2.1.2

Posted by Alan Coopersmith on Apr 28 No, you cc'ed oss-security, a public mailing list with public archives: https://www.openwall.com/lists/oss-security/2026/04/28/20 so… | Posted by Jacob Bachmeyer on Apr 28 Oops. The oss-security mailing list is public. If you want to do coordinated disclosure, you might want to avoid sending the initial … | Posted by Solar Designer on Apr 28 Thank you, Dmitry! FWIW, I've just checked that traceroute-2.1.1-1.el9.src.rpm also contains the "n -= hlen;" line where Mohamed propo…

www.openwall.com/lists/oss-security/2026/…seclists.org/oss-sec/2026/q2/258seclists.org/oss-sec/2026/q2/261seclists.org/oss-sec/2026/q2/260
primary · linked · linked · linked