Official intelligence summary

HAIJA INTEL REPORT

Generated 12/05/2026, 09:12. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources7
Tweets / X8
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

8 items
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
11 May, 13:40 · core
0.80
Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's
tweet mediatweet media
open on X
@h4x0r_dz avatar
h4x0r_dz @h4x0r_dz
11 May, 12:05 · core
0.80
Codex App RCE from prompt injection https:// gist.github.com/Metnew/26331ac 3ed48c37953f5fb69be8e46dc …
open on X
@SpecterOps avatar
SpecterOps @SpecterOps
11 May, 18:53 · core
0.60
Adversary Tactics: Red Team Operations Hands-on training focused on operational tradecraft, planning, execution, and adversary emulation techniques against live defenders in a simulated enterprise network. https:// ghst.ly/4uKAWyU : 5/6
tweet media
open on X
@SpecterOps avatar
SpecterOps @SpecterOps
11 May, 18:53 · core
0.46
Adversary Tactics: Identity-driven Offensive Tradecraft Learn how attackers abuse identity systems, privilege relationships, and authentication pathways to achieve objectives in enterprise environments. https:// ghst.ly/42smcZs : 6/6
tweet media
open on X
@Mandiant avatar
Mandiant @Mandiant
11 May, 18:00 · secondary
0.41
AI isn’t just a tool for attackers; it’s a target. Our latest report shows how adversaries use AI to build exploits and target AI infrastructure for initial access. https:// goo.gle/4djxILu
tweet media
open on X
@TheDFIRReport avatar
TheDFIRReport @TheDFIRReport
11 May, 16:16 · core
0.34
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware In April, we observed an intrusion that began with a malicious MSI masquerading as Sysinternals RAMMap and ended in domain-wide deployment of The Gentlemen ransomware. The intrusion featured EtherRAT,
tweet media
open on X
@Jhaddix avatar
Jhaddix @Jhaddix
11 May, 13:57 · core
0.34
"Don't worry, the frontier model will stop the prompt injection" is the same thing as "don't worry, the cloud WAF will save us."
open on X
@_RastaMouse avatar
_RastaMouse @_RastaMouse
11 May, 17:36 · core
0.32
Upcoming maintenance update: Change in our backend infrastructure that affects automated downloads of the Cobalt Strike Distribution Package. Get more info: https:// cobaltstrike.com/blog/cobalt-st rike-infrastructure-maintenance-may-2026 …
tweet media
open on X

Regular sources

7 items
1.00exploit · 11 May, 20:302 mentionsseclists.orgTradecraft

Re: dnsmasq vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation

Posted by Alan Coopersmith on May 11 CERT has now corrected their advisory to list version 2.92rel2 as well. | Posted by Alan Coopersmith on May 11 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html https://www.kb.cert.org/vuls/id/471747 provides additio…

lists.thekelleys.org.uk/pipermail/dnsmasq…www.kb.cert.org/vuls/id/471747seclists.org/oss-sec/2026/q2/480
primary · linked · linked · linked
1.00general · 11 May, 17:45thehackernews.com

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) sys…

primary
1.00general · 11 May, 16:00cloud.google.comResearch

GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

Executive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from…

primary
1.00general · 11 May, 15:04securityweek.com

Google Detects First AI-Generated Zero-Day Exploit

The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group. The post Google Detects First AI-Generated Zero-Day Exploit appeared first …

primary
1.00general · 11 May, 15:02bleepingcomputer.com

Google: Hackers used AI to develop zero-day exploit for web admin tool

Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI.…

primary
1.00general · 11 May, 15:00helpnetsecurity.com

Google researchers uncover criminal zero-day exploit likely built with AI

Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-ba…

primary
0.95exploit · 11 May, 17:112 mentionsseclists.orgPoC

Re: Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption

Posted by xw x on May 11 I have integrated my PoC into the selftests and submitted the patch to https://lore.kernel.org/all/20260511123721.13906-1-v3rdant.xiang () gmail… | Posted by xw x on May 11 The kernel team hasn't gotten back to me with a specific fix yet; instead, they've asked me to focus on integrating it into the BPF tests first.

lore.kernel.org/all/20260511123721.13906-…seclists.org/oss-sec/2026/q2/475
primary · linked · linked