0.50
The wait is over! mona v3 is now available. Supports Python 2 & 3, 32- and 64-bit targets, WinDBG/WinDBGX. Faster, leaner, broader built for modern Windows debugging & exploit dev. https:// github.com/corelan/mona3 Sharing is caring
Official intelligence summary
HAIJA INTEL REPORT
Generated 04/05/2026, 09:10. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources6
Tweets / X9
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.
Tweets / X
9 items
0.42
HackerOne is a trash On December 11, We reported a AWS token leaked on a public repository belonging to marriot infrastructure which had SES service with verified domain of @marriot.com on December 12 @Hacker0x01 closed the report as n/a saying http:// github.com is explicitly ou
0.36
Any URL is an array of chars. https://x55 .is/brutelogic/xss.php?b1=1)lrte:jvrcaisp("><Svg+OnLoad=u=URL,location=u[44]%2Bu[48]%2Bu[45]%2Bu[48]%2Bu[50]%2Bu[47]%2Bu[46]%2Bu[49]%2Bu[51]%2Bu[41]%2Bu[43]%2Bu[48]%2Bu[39]%2Bu[42]%2Bu[40]%2Bu[41]%2Bu[52]%2Bu[37]%2Bu[38]> Just another #XS
0.36
Monday's "Becoming an AI hacker" episode with @TakSec is legit. Thanks to my conversation with Mike, I was able to finally exploit this application I have been hacking on. I highly recommend y'all check it out!
0.35
Your AI agent reads a resume. Hidden inside: a command to steal data. No malware. Just prompt injection. Agent executes it Data gets exfiltrated Tokens exposed Falcon AIDR stops it before the agent ever sees it. Full demo: https:// crwdstr.ke/6018BBTHsq
0.35
SQL Injections aren't dead! You just need to know where and how to test for them! In our latest article, we explored how SQL injections arise, how to test and exploit them to leak secrets, bypass authentication, and even achieve RCEs! Read the article today!
0.35
NIST is changing how they prioritize CVEs in the National Vulnerability Database after a huge surge in submissions. They are moving to a model that prioritizes vulnerabilities already being exploited in the wild or those affecting critical software. This marks a shift for
0.34
We pointed to the vulnerable line of code and said to a 3B model… “is this the vulnerability?”. 50% of the time, it got it right! Mythos debunked!!! We tested the Mythos showcase vulnerabilities with open models. 8/8 models found the flagship FreeBSD zero-day - including a 3B mo…
0.34
NVIDIA's GeForce got owned by Shiny Hunters.
Regular sources
6 itemssyzkaller "Reporting Linux kernel bugs" out of date
Posted by Solar Designer on May 02 Hi, https://github.com/google/syzkaller/blob/master/docs/linux/reporting_kernel_bugs.md are years out of date. They assume the good ti…
CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments
A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads. With a working e…
Social Engineering Leveled Up. Has Your Security Program?
Social engineering has evolved. Device code phishing and AI lures bypass MFA and blend in. Build a cyber resilience strategy before the next attack lands.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-31431 Linux Kernel Incorrec…
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, …
Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hir…