Generated 01/07/2026, 09:24. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources6
Tweets / X9
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.
Tweets / X
9 items
_RastaMouse @_RastaMouse
30 Jun, 15:00 · core
0.60
The creator of Cobalt Strike left the industry in 2021, came back, and is now publishing everything he knows about evasion tradecraft openly and for free. Tradecraft Garden separates evasion tradecraft from capability. Crystal Palace is the linker that makes it work:
Today we updated our @arcanuminfosec Prompt Injection Taxonomy to 1.6!!! - Several new inputs and intents - MANY new techniques and evasions, a combined 70 node growth! - New tagging taxonomy - Legend for direct and indirect methods - Tagging for local-only attacks - “Aka”
CVSS 9.9 vulnerability. Treated as a two-request afterthought by the attacker. The 9.3 scored sibling? Four sustained attack waves and thousands of exploitations in the wild. CVSS score is not an exploitation rank. Sysdig TRT has the firsthand data. Full research:
New GhostWorks blog! @_xpn_ continues his series, exploring how LLMs are impacting how we approach endpoint security, from EDR analysis to evasion research. Read more
I'm currently working on reviving the OG social engineering technique for phishing attacks to be natively supported in Evilginx Pro. The Browser-in-the-Browser (BITB) technique (pioneered by @mrd0x ) is making a well-deserved comeback soon. - Displays a fake OS pop-up window
"From network traffic recorded during the second round of exploitation, we saw the ActiveMQ Server process downloading the malicious XML file containing the commands to be run in the command-line interface: " Report: https:// thedfirreport.com/2026/02/23/apa che-activemq-exploit-
What happens when network exposure data meets attack path analysis? @hdmoore joins #KnowYourAdversary to discuss RunZeroHound, BloodHound OpenGraph, and how defenders can uncover attack paths that traditional vulnerability management misses. https:// ghst.ly/4g9XtkB
When vulnerability discovery and exploit development can happen in under 10 hours, annual testing starts to look a little… dusty @davegerryjr and @thedavidbrumley discuss why security teams need to move toward continuous validation, red teaming, and active adversary
ATO with Open Redirect OAuth apps trust a registered redirect_uri to receive the authorization code after login. The problem: most servers only check that the value starts with the right domain, not that it matches exactly. That loose check is the whole bug. No injection, no
Phishers Gain Persistence at EU, Asia Hospitality Orgs
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockch…
1.00general · 30 Jun, 17:57microsoft.comResearch
Securing AI agents: When AI tools move from reading to acting
MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized actions, and …
CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been ab…
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-…
0.89exploit · 30 Jun, 05:04seclists.org
hostapd: OOB write in Wi-Fi 7 MLD association parsing (pre-auth DoS)
Posted by Abhinav Agarwal on Jun 29 A Wi-Fi 7 / IEEE 802.11be MLD parsing issue in hostapd AP mode has https://w1.fi/security/2026-1/missing-ml-parsing-validation.txt Is…
View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileg…