0.24
Ho no... Defender...
Official intelligence summary
HAIJA INTEL REPORT
Generated 19/04/2026, 22:38. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items6
Regular sources3
Tweets / X3
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.
Tweets / X
3 items
0.24
HTTP/3 downgrade desync via a QUIC FIN! This is a really nice finding. There used to be a significant cognitive & fiddly-coding barrier to testing lower-level HTTP/2 & 3 techniques but AI has largely eliminated it. As ever, the fix is... upstream HTTP/1 must …
0.24
Back in 2021, "Certified Pre-Owned" by @tifkin_ & @harmj0y aimed to fix this class of issues. But these misconfigs still everywhere? The reason isn’t just technical; it’s abt guidance, incentives, & responsibility. Read up before Martin's talk! https:// ghst.…
Regular sources
3 itemsCVE-2026-41113: RCE in sagredo fork of qmail
Posted by Alan Coopersmith on Apr 18 https://blog.calif.io/p/we-asked-claude-to-audit-sagredos and https://github.com/califio/publications/tree/main/MADBugs/qmail https:…
CVE-2026-40948: Apache Airflow Keycloak Provider: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager
Posted by Jarek Potiuk on Apr 17 Severity: low Affected versions: - Apache Airflow Keycloak Provider (apache-airflow-providers-keycloak) 0.0.1 before 0.7.0 Description: …
Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability
Posted by cyber security on Apr 18 After deep analysis we confirm, that CVE-2026-33691 aka it alias https://unlockoldupload.hashnode.dev/disable-modsecurity-waf-using-cv… | Posted by Solar Designer on Apr 18 Hi, This gives a 404 Page Not Found, but more importantly actual content should have been d…