HAIJA INTEL REPORT

Attackers continued to rely heavily on phishing - an easy and low-cost social engineering operation - for initial access in 2025. For phishing lure trends and more, read the full 2025 Year in Review: https:// cs.co/6018BBBeDQ

Phishing is making a comeback with an AI-powered twist. Read Talos' Q1 2026 Incident Response Trends report to see how threat actors are targeting public administration and how you can lock down your defenses against these evolving tactics: https:// cs.co/6011B6hCjZ

We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code and OpenClaw were embedded in the operator's day-to-day workflow, supporting troubleshooting,

Tool Spotlight: CloudFox Cloud pentesting is hard, but it's not because the attacks are so clever. It’s hard because the environment is such a mess. CloudFox helps find the exploitable paths in AWS and GCP.

The number of device registration events reported by users as fraud increased 178% from 2024 to 2025. Dive deeper into these trends in our Year in Review: https:// cs.co/6014BBBjiA

Attacks are becoming faster to build, easier to scale, and increasingly designed to blend into normal activity. Watch the latest TTP for more incident response trends from Q1 2026: https:// cs.co/6010BBDTna

Gone are the days of risking a Rubeus monitor run (even via the amazing BOF[.]NET by @_EthicalChaos_ ) in your conquest beacon. @virtualloc is crushing it!

Meanwhile in Bug Bounty: AI slop bug reports overflowing vendors. Vendors can't handle the slop. Slop code, slop exploits, and slop write-ups result in vendor exiting program. AI slop is choking Bug Bounty

Three weeks. Three tier-1 supply chain attacks. SentinelOne stopped all three from the moment they were observed in the wild - with no prior knowledge of any payload. LiteLLM. Axios. CPU-Z. Different vectors. Different threat actors. Different techniques. One thing in common:

Just released v6.0.0 It supports ECMA 2025 so you can parse js files with cutting-edge syntax. 4x speedup too ^_^ Parse javascript in python Introducing esprima2: https:// github.com/s0md3v/esprima2

The High Stakes: These devices are capable of mesh networking and software-defined control. Centralized cloud control over thousands of these devices means a single configuration change could repurpose them at scale - a risk compounded by the lack of transparency over who

Exploited high and critical vulnerabilities are up 105% YoY. The 2026 Global Threat Landscape Report breaks down how shrinking disclosure-to-exploitation timelines are reshaping how teams assess and respond. Download it here: https:// r-7.co/3PicnK6

Normal programs are like straight-A students who go to church on Sunday and respect their parents and elders. Malware is like the kid who skips school, smokes marijuana, and has pre-marital sex. Malware is BAD. Malware, not even once