Official intelligence summary

HAIJA INTEL REPORT

Generated 14/05/2026, 09:12. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources8
Tweets / X7
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

7 items
TH
TheDFIRReport @TheDFIRReport
13 May, 13:30 · core
0.82
Private DFIR Report: ViewState of Mind: Gladinet Exploit Opens the Door In January, we observed a threat actor gain initial access to an environment by exploiting CVE-2025-30406 on an exposed Gladinet CentreStack server…
open on X
@mrgretzky avatar
mrgretzky @mrgretzky
13 May, 05:47 · core
0.56
here's the easiest guide on finding oopsies on github curl -s " https:// login.microsoftonline.com<domain>/metadata/json/1" | jq .realm - and search for the tenant ID - "OneDrive - <Tenant Brand>" - <company>.salesforce.com you get the idea, once you can tie a user back to an
open on X
@SentinelOne avatar
SentinelOne @SentinelOne
13 May, 20:20 · secondary
0.48
This is what a realistic AI-era attack chain looks like. Drawn from 11,000+ anonymized cloud environments in our 2026 report. No zero-day. No prompt injection research paper. No novel technique. What we see instead is a misconfigured bucket, one hardcoded key, and a model
tweet media
open on X
@pdiscoveryio avatar
pdiscoveryio @pdiscoveryio
13 May, 06:28 · secondary
0.48
Nuclei Templates April 2026 Recap is live. 226 new templates. 123 CVEs. ~10 actively exploited in the wild Running Fortinet, cPanel, Apache, WordPress, or AI/LLM infra in your environment? Time to refresh your templates https:// projectdiscovery.io/blog/nuclei-te mplates-april-20
tweet media
open on X
@outflanknl avatar
outflanknl @outflanknl
13 May, 19:47 · core
0.46
New release: kicking off Red Macros Factory integration into OST by @OutflankNL researcher @mariuszbit ! Builder tool now ships with better script payload gen, obfuscation, guardrails, LNK tradecraft, and new conversion paths. More formats and payload shenanigans coming soon!
tweet media
open on X
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
13 May, 02:37 · core
0.44
How @Xbow Found an Unauthenticated RCE on Exim
tweet media
open on X

Regular sources

8 items
1.00general · 13 May, 22:23bleepingcomputer.comRCE

New critical Exim mailer flaw allows remote code execution

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute…

primary
1.00general · 13 May, 18:37bleepingcomputer.comPoC

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a…

primary
1.00general · 13 May, 16:50securityweek.com

Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’

New “Sweet Attack” platform uses runtime intelligence and continuous agentic red teaming to identify exploitable attack chains human teams may miss. The post Sweet Secur…

primary
1.00general · 13 May, 13:30thehackernews.com

Most Remediation Programs Never Confirm the Fix Actually Worked

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report put…

primary
1.00general · 13 May, 12:41helpnetsecurity.comRCE

Microsoft’s agentic security system found four critical Windows RCE flaws

Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Wi…

primary
0.95exploit · 13 May, 19:372 mentionsseclists.orgResearch

Re: Linux kernel LPE ("fragnesia", copyfail 3.0)

Posted by Sam James on May 13 v12-security have disclosed "Fragnesia" [0]. Quoting their disclosure: https://github.com/v12-security/pocs/tree/main/fragnesia [1]... | Posted by Solar Designer on May 13 Hi, Here's analysis by the Dirty Frag researcher: I hear that this specific exploit spawns the root shell while in a namespace, so you…

github.com/v12-security/pocs/tree/main/fr…seclists.org/oss-sec/2026/q2/515
primary · linked · linked
0.91exploit · 13 May, 01:51seclists.orgTradecraftResearch

Re: dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation

Posted by Sam James on May 12 Alan Coopersmith writes: https://xchglabs.com/blog/dnsmasq-five-cves.html

xchglabs.com/blog/dnsmasq-five-cves.html
primary · linked
0.89exploit · 13 May, 09:00projectzero.google

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. …

primary