Official intelligence summary

HAIJA INTEL REPORT

Generated 01/07/2026, 09:24. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources6
Tweets / X9
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

9 items
@_RastaMouse avatar
_RastaMouse @_RastaMouse
30 Jun, 15:00 · core
0.60
The creator of Cobalt Strike left the industry in 2021, came back, and is now publishing everything he knows about evasion tradecraft openly and for free. Tradecraft Garden separates evasion tradecraft from capability. Crystal Palace is the linker that makes it work:
tweet mediatweet media
@Jhaddix avatar
Jhaddix @Jhaddix
30 Jun, 03:11 · core
0.56
Today we updated our @arcanuminfosec Prompt Injection Taxonomy to 1.6!!! - Several new inputs and intents - MANY new techniques and evasions, a combined 70 node growth! - New tagging taxonomy - Legend for direct and indirect methods - Tagging for local-only attacks - “Aka”
tweet mediatweet media
@Sysdig avatar
Sysdig @Sysdig
30 Jun, 16:00 · secondary
0.48
CVSS 9.9 vulnerability. Treated as a two-request afterthought by the attacker. The 9.3 scored sibling? Four sustained attack waves and thousands of exploitations in the wild. CVSS score is not an exploitation rank. Sysdig TRT has the firsthand data. Full research:
tweet mediatweet media
@SpecterOps avatar
SpecterOps @SpecterOps
30 Jun, 13:45 · core
0.46
New GhostWorks blog! @_xpn_ continues his series, exploring how LLMs are impacting how we approach endpoint security, from EDR analysis to evasion research. Read more
tweet media
@mrgretzky avatar
mrgretzky @mrgretzky
30 Jun, 18:01 · core
0.42
I'm currently working on reviving the OG social engineering technique for phishing attacks to be natively supported in Evilginx Pro. The Browser-in-the-Browser (BITB) technique (pioneered by @mrd0x ) is making a well-deserved comeback soon. - Displays a fake OS pop-up window
tweet media
@TheDFIRReport avatar
TheDFIRReport @TheDFIRReport
30 Jun, 14:15 · core
0.42
"From network traffic recorded during the second round of exploitation, we saw the ActiveMQ Server process downloading the malicious XML file containing the commands to be run in the command-line interface: " Report: https:// thedfirreport.com/2026/02/23/apa che-activemq-exploit-
tweet mediatweet media
@SpecterOps avatar
SpecterOps @SpecterOps
30 Jun, 23:03 · core
0.40
What happens when network exposure data meets attack path analysis? @hdmoore joins #KnowYourAdversary to discuss RunZeroHound, BloodHound OpenGraph, and how defenders can uncover attack paths that traditional vulnerability management misses. https:// ghst.ly/4g9XtkB
tweet media
@Bugcrowd avatar
Bugcrowd @Bugcrowd
30 Jun, 12:30 · secondary
0.39
When vulnerability discovery and exploit development can happen in under 10 hours, annual testing starts to look a little… dusty @davegerryjr and @thedavidbrumley discuss why security teams need to move toward continuous validation, red teaming, and active adversary
tweet media
@brutelogic avatar
brutelogic @brutelogic
30 Jun, 16:24 · secondary
0.38
ATO with Open Redirect OAuth apps trust a registered redirect_uri to receive the authorization code after login. The problem: most servers only check that the value starts with the right domain, not that it matches exactly. That loose check is the whole bug. No injection, no
tweet mediatweet media

Regular sources

6 items
1.00general · 30 Jun, 20:59darkreading.com

Phishers Gain Persistence at EU, Asia Hospitality Orgs

Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockch…

1.00general · 30 Jun, 17:57microsoft.comResearch

Securing AI agents: When AI tools move from reading to acting

MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized actions, and …

1.00general · 30 Jun, 10:53bleepingcomputer.comTradecraft

CISA: Windows BlueHammer flaw now exploited by ransomware gangs

CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been ab…

1.00general · 30 Jun, 07:04thehackernews.comWild exploit

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-…

0.89exploit · 30 Jun, 05:04seclists.org

hostapd: OOB write in Wi-Fi 7 MLD association parsing (pre-auth DoS)

Posted by Abhinav Agarwal on Jun 29 A Wi-Fi 7 / IEEE 802.11be MLD parsing issue in hostapd AP mode has https://w1.fi/security/2026-1/missing-ml-parsing-validation.txt Is…

0.86critical · 30 Jun, 14:00cisa.gov

StoneFly Storage Concentrator

View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileg…