HAIJA INTEL REPORT

An operator RCE'd a Langflow box, swept env vars, and stole Azure service principal creds, then LLMjacked an Azure AI Foundry endpoint serving Anthropic models. AWS is easy to catch: everyone has CloudTrail. Azure is tough: few stream Entra sign-ins, so a stolen SP trips

The @x33fcon conference was once again a complete success! I wanted to share the slides and demo videos from the "Downgrading FIDO MFA With AI Slop" talk I gave on the second day (the next day after the pirate ship party... ugh). Slides: https:// github.com/kgretzky/talks /tree/m

We're excited to partner with @OpenAI through the Daybreak Cyber Partner Program to help defenders solve one of cybersecurity's toughest challenges: attack path triage. The challenge isn't finding risk. It's knowing which attack paths matter most.

FortiBleed is a large-scale password spraying and credential theft campaign targeting Fortinet, Sophos and MSSQL devices. Threat actors are using a curated password list developed through previous breaches and vulnerability exploits. We detail mitigations: https:// bit.ly/4eDxSxY

Shout out to @Ph1R3574R73r for showing me some of his research!

Not purely original research, but a nice extension on the CA project @fabian_bader and I started last year.

I just wrote a new blog on bypassing CA policies in Entra ID that have a resource exclusion, and why you probably want to enable baseline enforcement if you have such policies. Enjoy!

Hello 1. If you're reading this, that means you live inside my computer. Please leave my computer. You are stinking the place up. 2. I am syncing 150,000+ malwares to the internet. Please download the malware. 3. I now possess 14TB (7z ultra compressed) of malware

Is there an existential threat to ProjectDiscovery? We aren’t buying into the AI "psychosis" or "apocalypse" narrative. Instead, our focus remains on ensuring we consistently deliver high value to the security community. Staying ahead means moving faster.

12 out of 15 top-tier hackers ignore standard security methodologies. New research into hacker cognition reveals that elite researchers don’t follow rigid checklists when testing a target. Instead, they rely on fast, intuitive pattern recognition built from years of

LLMjacking has evolved. A threat actor used an exposed Ollama server as the brain for an autonomous, multi-stage offensive hacking tool. Not reselling access. Building with it. Sysdig TRT caught the tool while it was still in development. Full research:

Research or Content? 3 Rules Most security research out there isn't research. It's content. There's a difference, and it comes down to three things. 1. Correct and Defensible Every claim, every payload, every technique must hold under scrutiny. Not "it worked once in my lab."