Official intelligence summary

HAIJA INTEL REPORT

Generated 17/07/2026, 09:27. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources9
Tweets / X6
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

6 items
@Unit42_Intel avatar
Unit42_Intel @Unit42_Intel
16 Jul, 20:53 · secondary
0.45
An update to our Threat Brief on npm supply chain attacks discusses the latest campaign, where attackers exploited a process gap in the CI/CD pipeline itself. Unit 42 also observed activity where an attacker used GitHub Copilot to trigger infection: https:// bit.ly/4cwtCk3
tweet mediatweet media
@mrgretzky avatar
mrgretzky @mrgretzky
16 Jul, 15:46 · core
0.42
Is reverse proxy phishing slowly dying? This is what I've been trying to find out during the past several months. Major websites have caught up and vastly improved their security, successfully detecting malicious traffic originating from reverse-proxy phishing servers.
tweet media
@mrgretzky avatar
mrgretzky @mrgretzky
16 Jul, 19:12 · core
0.32
Nighthawk 1.0 is now released to customers, blog post to follow. Here's a sneak peak of our new CET compatible, per API, custom configurable stack masking ... just one of many new features
tweet media
@Bugcrowd avatar
Bugcrowd @Bugcrowd
16 Jul, 02:33 · secondary
0.32
AI has drastically accelerated vulnerability research and exploitation. Because of this speed, the half-life of a security team's baseline skills is now measured in months. Keeping up requires treating continuous upskilling as a strict operational requirement. Organizations
tweet mediatweet media
@SentinelOne avatar
SentinelOne @SentinelOne
16 Jul, 21:49 · secondary
0.24
Who would win in a fight: You or the Autonomous SOC? Tag a friend below who you think couldn’t walk away the champion Find out at Black Hat! Purple AI, Purple MCP, and Auto-Investigation are the machine. Your goal: beat the machine, by detecting threats earlier and responding
tweet media
@pdiscoveryio avatar
pdiscoveryio @pdiscoveryio
16 Jul, 21:38 · secondary
0.24
http:// securitycontext.dev now has two new MCP tools. Now your agent can hit the full dataset directly: search thousands of enriched CVEs and Nuclei templates, and pull the complete record for any CVE or template. Repo security context plus vulnerability intel. Better signal for
tweet media

Regular sources

9 items
1.00general · 16 Jul, 14:08helpnetsecurity.com

Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes

A Russian-speaking threat actor known as “bandcampro” used a jailbroken Gemini CLI, Google’s open-source terminal-based AI agent, to deploy and operate a small command-a…

1.00general · 16 Jul, 13:32thehackernews.com

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click "Buy Now" instead. Ask a coding assistant to apply a maintainer…

1.00general · 16 Jul, 11:13embracethered.comResearch

From Indirect Prompt Injection to DNS Exfiltration in macOS Terminal

This is a follow-up to my previous Terminal DiLLMa research, and there is a positive outcome: Apple fixed a macOS Terminal behavior that enabled a DNS-based data exfiltr…

1.00general · 16 Jul, 08:48securityweek.comPoC

Nightmare Eclipse Drops ‘LegacyHive’ Windows Zero-Day

The researcher stripped the proof-of-concept (PoC) exploit to prevent immediate exploitation of the vulnerability. The post Nightmare Eclipse Drops ‘LegacyHive’ Windows …

1.00general · 16 Jul, 05:30helpnetsecurity.comAttack path

Finance phishing works because it sounds boringly normal

Finance departments process a constant stream of invoices, contracts, payment notices, and procurement emails, making email one of the most common initial access vectors…

1.00general · 16 Jul, 03:36microsoft.comWild exploitAttack pathResearch

Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery

Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This analysis breaks down the attack chain, payload…

0.91general · 16 Jul, 21:41darkreading.comAttack path

1M+ Emails Use Hidden Text to Dupe AI Security Filters

Artificial intelligence and LLMs can be surprisingly ineffective against text salting, allowing phishing emails to slide right into your inbox.

0.89exploit · 16 Jul, 21:27seclists.org

CERT VU#885548 - Denial-of-service vulnerability in HTTP/2 servers via stalled flow-control conditions

Posted by Alan Coopersmith on Jul 16 https://kb.cert.org/vuls/id/885548 was published today, and states: I have not included the Vendor Information above - it contains s…

0.89exploit · 16 Jul, 06:42seclists.org

Subject: Advisory Submission: EZ Game Booster - Cleartext Storage of Sensitive Credentials (CWE-312)

Posted by AliReza on Jul 15 # Exploit Title: EZ Game Booster v1.0.0 - Cleartext Credentials in user.config https://ezsystemrepairs.com https://ezsystemrepairs.com (Free …