Official intelligence summary

HAIJA INTEL REPORT

Generated 14/07/2026, 09:30. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources3
Tweets / X12
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.

Tweets / X

12 items
@SpecterOps avatar
SpecterOps @SpecterOps
13 Jul, 20:55 · core
0.46
Passkeys are slowly becoming the norm, but are real-world implementations as secure as orgs assume? At #BHUSA, @MGrafnetter will unveil new research into attacks fundamentally similar to Pass-the-Hash and NTLM Relay. Learn more https:// ghst.ly/44oQ2Pm
tweet mediatweet media
@_RastaMouse avatar
_RastaMouse @_RastaMouse
13 Jul, 11:40 · core
0.44
> gotta advertise the training > gotta advertise the training i'll cover 20 detailed CVEs (RCEs), lotta .NET techniques, no gate keeping, deserialization and finding your own gadgets and how ysoserial gadgets actually work will be a breeze a recent .NET RCE that ai didn't catch
tweet media
@RedCanary avatar
RedCanary @RedCanary
13 Jul, 22:42 · secondary
0.42
They’re not always dropping malware. Sometimes, they’re just setting up camp Tomorrow on SecOps Weekly, @ForensicITGuy will be joined by @_josehelps & @M_haggis of MagicSword to explore Living Off the Land (LOTL) tradecraft - including LOLBins, LOLScripts, LOLRMM, and
tweet mediatweet media
@SpecterOps avatar
SpecterOps @SpecterOps
13 Jul, 17:18 · core
0.40
What happens when network exposure data meets attack path analysis? @runZeroInc CEO @hdmoore joined #KnowYourAdversary to discuss RunZeroHound, BloodHound OpenGraph, & how defenders can uncover attack paths that traditional vuln management misses. https:// ghst.ly/4g9XtkB
tweet media
@brutelogic avatar
brutelogic @brutelogic
13 Jul, 02:00 · secondary
0.38
XSS, SSRF, JWT, OAuth, Cryptography. Actionable content. Bug Bounty.
tweet media
@Mandiant avatar
Mandiant @Mandiant
13 Jul, 18:30 · secondary
0.34
Ransomware attackers are dismantling backups ahead of time, so you have no choice but to pay. Join our M-Trends 2026 webinar on July 22 to understand the threat and get a technical blueprint for true business continuity. Secure your spot! https:// goo.gle/4bGLyrg
tweet mediatweet media
@_xpn_ avatar
_xpn_ @_xpn_
13 Jul, 11:26 · core
0.34
Adam Chester @_xpn_ · 21h Article Previewing macOS 27 Foundation Model + OCR for Extracting Creds During WWDC26, Apple announced a bunch of new AI features coming in macOS 27. Quite a few caught my attention, but the ones that I was immediately looking forward to playing with wer
tweet media
@BishopFox avatar
BishopFox @BishopFox
13 Jul, 22:51 · secondary
0.32
Like breaking things (professionally)? We’re hiring across multiple roles at Bishop Fox. If offensive security, research, AppSec, cloud, AI, or red teaming sounds like your kind of challenge, come take a look: https:// bfx.social/4vX1VrX
tweet mediatweet media
@Sysdig avatar
Sysdig @Sysdig
13 Jul, 16:00 · secondary
0.24
"If I was doom and gloom about security, I'd have quit and bought a dairy farm in Wisconsin." @Sysdig 's Crystal Morin on why optimism about AI security is actually justified. Full episode on YouTube: https:// okt.to/ozKHt1 #CloudSecurity #AISecurity
tweet mediatweet media
@pdiscoveryio avatar
pdiscoveryio @pdiscoveryio
13 Jul, 11:28 · secondary
0.24
Community Spotlight: Rishi ( @rxerium ) 500+ Nuclei templates merged, and used by the UK’s NCSC, CERT Polska, the California Cybersecurity Integration Center, and Spain’s national security agency. By day he hunts zero-days and turns them into detection at scale. We talked
tweet mediatweet media
@vxunderground avatar
vxunderground @vxunderground
13 Jul, 00:11 · secondary
0.24
I tried making a meme post four fucking times and I kept making typos Fuck it, I don't give a shit anymore. I'm gonna go nap Take this cat. We'll talk about malware tonight
tweet mediatweet media
@vxunderground avatar
vxunderground @vxunderground
13 Jul, 00:08 · secondary
0.24
Still thinking about that Python malware that targeted Steam I kind of want to do it in C and make it painfully convoluted and unnecessarily obfuscated for literally no good reason other than a challenge Conversely, I want to look at silly pictures of cats and watch esoteric

Regular sources

3 items
1.00general · 13 Jul, 17:20bleepingcomputer.comRCE

CISA warns of actively exploited RCE flaws in Joomla extensions

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions fo…

1.00general · 13 Jul, 15:03thehackernews.comAttack path

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, art…

0.84general · 13 Jul, 06:30helpnetsecurity.com

99.9% of fixable AI vulnerabilities remain unpatched

Organizations build, deploy, and operate AI in the cloud, but basic cybersecurity hygiene is often sacrificed for speed, according to Orca Security’s 2026 State of AI Se…