Official intelligence summary

HAIJA INTEL REPORT

Generated 06/07/2026, 09:36. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources1
Tweets / X14
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

14 items
@_xpn_ avatar
_xpn_ @_xpn_
05 Jul, 14:03 · core
0.56
Us: "I can't believe CaviarLobsters group were caught by FBI by browing a ceased forum with their home IPs" GitHub: "FREE CD's, JUST GIVE YOUR NAME, ADDRESS, SOCIAL SECURITY NUMBER AND WE WILL SHIP YOUR C2 AGENT BY POST" I see you h4xx0rs, requesting CD's of your GitHub xD We hea
tweet media
@SpecterOps avatar
SpecterOps @SpecterOps
03 Jul, 20:00 · core
0.50
Hygiene findings surface conditions that attackers routinely take advantage of, such as: Large default groups with delegated privileges that make lateral movement much easier AS-REP roastable accounts Kerberoastable accounts. : 2/3
@_xpn_ avatar
_xpn_ @_xpn_
04 Jul, 12:09 · core
0.42
Good watch!! New full episode of 'whoami' podcast. I had the opportunity to talk with @C5pider , author of Havoc & Havoc Pro. I had a great time learning from one of the best c2/malware devs out there. Check it out for some awesome insights.
tweet media
@PortSwiggerRes avatar
PortSwiggerRes @PortSwiggerRes
03 Jul, 16:20 · core
0.40
This is a great analysis. Narrowing the Response Queue Poisoning race-window is a worthwhile mitigation to make desync exploitation harder, but it's not patching a specific vulnerability. Also a great illustration of the blast-radius you get when trying to harden HTTP/1.1... Hey
@vxunderground avatar
vxunderground @vxunderground
05 Jul, 18:07 · secondary
0.39
A lot of malware campaigns use CloudFlare to mask their C2 infrastructure. They do this for a few reasons, but the primary reason is that it delays the inevitable of their C2 being taken down. The malware developers using CloudFlare isn't necessarily bad, and it isn't So basicall
@Jhaddix avatar
Jhaddix @Jhaddix
04 Jul, 18:06 · core
0.36
https:// arcanum-sec.github.io/ai-sec-resourc es/ …
@vxunderground avatar
vxunderground @vxunderground
05 Jul, 02:54 · secondary
0.34
Literally shaking, screaming, crying, THROWING UP. The .exe is bundled with BUN (some Javascript bullshit). I deobfuscated the main goop inside of it, found the C2 configuration (where it downloads cool malware from), and ... it's dead. @Cloudflare KILLED THEIR C2. THE MALWARE Ch
tweet media
@brutelogic avatar
brutelogic @brutelogic
04 Jul, 12:30 · secondary
0.34
This Week on BRuteLogic One Bit, Full Decryption https:// x.com/BRuteLogic/sta tus/2071640472611668020 … ATO w/ Open Redirect https:// x.com/BRuteLogic/sta tus/2071963003537252659 … OAuth More oBroken Than You Think https:// x.com/BRuteLogic/sta tus/2072311376454791488 … 7 Easy J
tweet mediatweet media
@SpecterOps avatar
SpecterOps @SpecterOps
03 Jul, 20:00 · core
0.34
These aren't necessarily attack paths on their own but present opportunities that become part of an attack path. Attack paths show how attackers reach their objective. Hygiene findings help eliminate the conditions that make those attack paths possible. : 3/3
@SpecterOps avatar
SpecterOps @SpecterOps
03 Jul, 20:00 · core
0.34
We're back w/ another #BloodHoundBasics from Jacob Jackson! One of my favorite parts of BloodHound Enterprise is the Hygiene findings. Not every security issue shows up as an attack path but that doesn't make it any less important. : 1/3
tweet mediatweet media
@Unit42_Intel avatar
Unit42_Intel @Unit42_Intel
05 Jul, 18:41 · secondary
0.29
Email #phishing scam capitalizing on the popularity of the 2026 FIFA World Cup ends in credit card theft, not free prizes. Auth-passing email → redirect → geo-cloaked redirector → fake "reward" checkout that steals name, address & card info. Details at https:// bit.ly/3SOcaA8
tweet mediatweet media
@Jhaddix avatar
Jhaddix @Jhaddix
04 Jul, 18:06 · core
0.28
Want to learn AI / LLM Security Assessment? Don't have the money for a training? Here are SEVENTY ONE FREE LLM security labs that we have curated for you! Like and share! (Link Below) <3 from @arcanuminfosec
@vxunderground avatar
vxunderground @vxunderground
05 Jul, 22:02 · secondary
0.24
FREE THEM. THEY DID NOTHING WRONG The world's biggest anime piracy site HiAnime's suspected operators have been arrested in Vietnam. Vietnamese police say the group ran 100+ piracy sites since 2020, uploaded 26,000+ films, and pulled in roughly $12.85 million in ad revenue. Four
tweet media
@vxunderground avatar
vxunderground @vxunderground
05 Jul, 02:58 · secondary
0.24
I only have one question though... This malware kills itself if it detects the following strings: - sandbox - sand box - malware - virus - maltest - peter wilson (??????) - paul jones (??????) who THE FUCK is peter wilson and paul jones???

Regular sources

1 item
0.95general · 03 Jul, 09:57securityweek.comRCE

Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution

The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The …