HAIJA INTEL REPORT

London red teamers, join us on April 30 at 6:00 PM for an evening of knowledge sharing with fellow offensive experts! There will be drinks, presentations, and tradecraft discussions with both internal and consulting red teams. Register now: https:// info.fortra.com/c2lug-april-20

From disclosure to exploitation in just 12 hours. A newly disclosed SSRF vulnerability in LMDeploy (CVE-2026-33626) was exploited shortly after the GitHub advisory was published, with no public PoC available. ↳ Read the…

If MSSQL isn't in your attack path visibility yet, this is your sign. @Mayyhem just shipped a major MSSQLHound upgrade with Javier Azofra Ovejero ( https:// github.com/jazofra): faster, cross-platform, and pathfinding-ready in BloodHound. Check it out!

"Beyond the AI-control surface, the host also preserved the operator’s alerting and command channel on Telegram. Runner scripts across the Bissa scanner harness hardcoded a Telegram bot token tied to the bot bissapwned_bot (display name “BissaPwned”, bot user ID 8798206332)

Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness - Kimi K2.5 managed to find and exploit 6 vulnerabilities in browsers: a single page view or an extension install by victims equal full system hijack. Check https:// arxiv.org/abs/2604.20801

27 seconds. That’s the record for how quickly an adversary moved laterally after initial access last year. Is your SOC built for that kind of speed? See the science behind our human-backed AI agents at the Agentic SOC Summit: The New Standard for Autonomous Defense.

Your inbox is exploding. Then, “IT” calls to help. Think it’s a coincidence? Think again. Our researchers are seeing an uptick in campaigns that leverage email bombing and Teams phishing to cause trouble. See how it works and unpack all of our April findings here:

In this episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Chris Linklater, Practice Leader at Mandiant, to discuss key insights from the M-Trends 2026 report. Take a listen: https:// bit.ly/3QXGEyw

Think about the red teams you respect most. Now think about how they actually breach mature environments with strong stacks and strong defenders. It's almost never a memory corruption 0day. It's abuse of functionality.

More ConsentFix -- a "V3" some might say, shared amongst a dark web/cybercrime forum, and a treasure trove of tradecraft to see how bad actors leverage third-party sites and services to do their dirty work. Video link below B E C A U S E A L G O R I T H M