Official intelligence summary

HAIJA INTEL REPORT

Generated 08/07/2026, 09:22. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources5
Tweets / X10
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

10 items
@_xpn_ avatar
_xpn_ @_xpn_
07 Jul, 13:08 · core
0.46
From now on, if you want access to the nudes from my blog, you're gonna have to pay $$$!! (not for the content, that will stay free). We're opening the waitlist for our Monetization Gateway, which will allow you to charge for any web page, dataset, API, or MCP tool behind Cloudfl
tweet media
@CrowdStrike avatar
CrowdStrike @CrowdStrike
07 Jul, 18:00 · secondary
0.38
Day Zero Threat Research Summit: Three days dedicated to sharing original research, uncovering emerging adversaries, and advancing the future of cyber defense. Virgin Hotel Las Vegas August 30 - September 1, 2026 Space is extremely limited. Apply: https:// crwdstr.ke/6015BEDYhd
tweet media
@brutelogic avatar
brutelogic @brutelogic
07 Jul, 01:27 · secondary
0.38
OBroken - OAuth Authorization Bypass Scanner https:// brutelogic.net/obroken
tweet mediatweet media
@Unit42_Intel avatar
Unit42_Intel @Unit42_Intel
07 Jul, 00:41 · secondary
0.35
We identified a phishing campaign impersonating US state government and motor vehicle agencies across 23 jurisdictions. Hundreds of lookalikes on .one/.shop/.cc/.help/.click domains. Phishing sites copy content from .gov sites. Details at https:// bit.ly/4p3Hxmg
tweet mediatweet media
@SpecterOps avatar
SpecterOps @SpecterOps
07 Jul, 20:08 · core
0.34
Most red team scope gets written the same way: "find what you can." @Ne0nd0g breaks down why that approach leaves the most important questions unanswered and what to do instead. Check it out!
tweet media
@_RastaMouse avatar
_RastaMouse @_RastaMouse
07 Jul, 18:00 · core
0.34
Building red team curriculum from scratch is expensive. Get student-ready courses that use real red team tools with labs, assessments, and cert pathways included. Less overhead. More impact. #HigherEd #CyberPrograms #CobaltStrike
tweet mediatweet media
@brutelogic avatar
brutelogic @brutelogic
07 Jul, 13:16 · secondary
0.34
Win Brute One & Hunt Together We are giving away a Brute One plan to one lucky team. To enter: Like this post Repost it Mention 2 friends in the replies to hunt with All 3 of you win together. Winner picked Fri Jul 10th. Brute One now with OBroken (video 2x below). OAuth - More o
tweet mediatweet media
@mrgretzky avatar
mrgretzky @mrgretzky
07 Jul, 16:59 · core
0.32
@X @nikitabier @elonmusk I am once again asking you to review your policies and procedures around offensive security research.
tweet mediatweet media
@albinowax avatar
albinowax @albinowax
07 Jul, 16:32 · core
0.32
Tom Stacey has joined @PortSwiggerRes ! Don't miss his @BlackHatEvents & @defcon presentation "CRLF-Powered Desync Attacks: Beheading HTTP Streams" next month! Excited to share that I've just joined the @PortSwiggerRes team. Having gotten an early look at what the team is bringin
@SpecterOps avatar
SpecterOps @SpecterOps
07 Jul, 23:23 · core
0.28
Frontier AI agents are tackling increasingly complex offensive tasks. Are today's benchmarks keeping up? Hear from Philippos Maximos Giavridis ( @AISecurityInst ) & @v3r5ace on realistic cyber range evals at the Kennel Club during #BHUSA. https:// ghst.ly/4vlZa2e
tweet mediatweet media

Regular sources

5 items
1.00critical · 07 Jul, 14:00cisa.govTradecraft

Hydro-Québec Le Circuit Electrique charging station backend

View CSAF Summary Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack. The following versions of…

0.95exploit · 07 Jul, 16:282 mentionsseclists.org

Re: Wasm OCI Image Fetcher Bearer Realm SSRF Bypass

Posted by Solar Designer on Jul 07 Hi, This reply by "yan xu" convinced me that we're probably still talking to AI running with little or no human supervision (maybe jus… | Posted by yan xu on Jul 07 Thanks for the question - let me clarify both points honestly. ## On the X-Mailer header The header is set by my own disclosure-sending tool (…

0.92general · 07 Jul, 17:14thehackernews.comAttack path

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 20…

0.89exploit · 07 Jul, 08:38seclists.org

SCHUTZWERK-SA-2025-001: Authentication Bypass for SafeLine SL6 and SL6+

Posted by Jan Hüber via Fulldisclosure on Jul 06 Authentication Bypass for SafeLine SL6 and SL6+ =============================================== The SafeLine SL6 and SL6…

0.86critical · 07 Jul, 14:00cisa.gov

Digi International PortServer TS, Digi One SP IA

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain crede…