HAIJA INTEL REPORT

NEW THREAT INTEL: Zero-day exploitation (CVE-2026-20245) of Cisco Catalyst SD-WAN Manager. A threat actor gained root access via malicious CSV upload, and used anti-forensic techniques for evasion. Get the details, IOCs…

We detected a Browser-in-the-Browser phishing kit for malware delivery rather than credential theft. It uses a draggable pop-up with a spoofed URL to serve a fake "software out of date" warning. It sends malware that it instructs users to run. Details at https:// bit.ly/3SFpmHp

At the time of writing: 0/61 detections on VirusTotal. The rest of the tradecraft is hardened: - C2 runs over Telegram, AES-GCM encrypted, certificate-pinned TLS - The bot token self-redacts, leaving only a placeholder in logs and crash artifacts - Python stealer harvests

SRT researcher @ozgur_bbh walks through two real-world 2FA bypasses: https:// synack.com/exploits-expla ined/how-attackers-bypass-2fa-with-response-tampering/?utm_campaign=5710519-PTAAS-FY26&utm_source=organic-social&utm_medium=organic-social&utm_audience=all&utm_content=exploits

Today’s threat actors are evolving. They’re accelerating their tradecraft with AI, evading detection, and challenging traditional security defenses. Get to know their methods and motivations in the CrowdStrike 2026 Global Threat Report: https:// crwdstr.ke/6015BDgU6P

First blog post in a mini series where I look at "disposable tooling". This post shares what I have found to be useful when 1-shot'ing LLM generated Stage-0 agents for Mythic.

Just wanted to give kudos to how the Zscaler @Threatlabz team have been crushing it recently Two awesome blogs caught my eye on novel malware families linked to ransomware gangs: 1. MLTBackdoor https:// zscaler.com/blogs/security -research/technical-analysis-mltbackdoor … 2. Edge

Will a powerful enough model wipe out harnessing gains? My research suggests: not yet! And cost savings matter more and more as capabilities democratize. See you down under We are excited to announce our first speaker for http:// Unprompted.au: Valentina Palmiotti (@chompie1337),

Learn how @Accenture eliminated entire vulnerability classes w/ Synack: https:// go.synack.com/continuous-off ensive-security-accenture-case-study?utm_campaign=5710519-PTAAS-FY26&utm_source=organic-social&utm_medium=organic-social&utm_audience=general&utm_content=case-study-accen

Intigriti's June Challenge is over! 43 hackers found the correct solution 10 hackers wrote a cool writeup Check out the winners below and drop your write-up in the comments! It's CHALLENGE O'CLOCK! Capture the flag before Monday the 22nd of June Win €400 in SWAG prizes We'll rele