Cybersecurity Stories, Tools & Insights by Hackcraft

Dear Cybersecurity Professionals & Researchers,
We made it to summer 🍉, and somehow half of 2026 is already behind us.
How has the year been treating you? For us, it's been a busy and honestly, life-changing first half of the year.
If there is one thing that has changed across the industry, it's the conversation around AI. Everywhere you look, the expectation is the same: deliver faster, deliver better, and somehow do it cheaper. Reality, of course, is a bit more complicated....
Over the past couple of months we've worked on everything from Security Assessments to Red Team engagements, and if we had to summarize what we keep seeing in one sentence, it would be this:
Low-hanging fruits are still everywhere, and production environments are often far less secure than the environments that get tested.
And, unless you've been living under a rock, you've probably noticed ransomware continuing its upward trend. We have been saying this for years, and unfortunately the numbers keep proving the point.
With that said, let's look at what happened over the last couple of months.
🎤 Hackcraft Event
First of all, thank you to everyone who joined our latest event.
It brought together technical practitioners, security leaders, and executives for an afternoon full of discussions around Red Teaming, ransomware simulations, password cracking, and other adversary simulation excercises. Of course, we could not end the night without a live demonstration including a behind-the-scenes look of real Red Team exercises!
📝 Latest Blog
Fairplay keeps evolving.
At Hackcraft, we enjoy building tools that solve real problems during Red Team engagements. Sharing it with the community makes us feel more proud and happier for our work.
Fairplay was built to help Red Teams monitor custom IOCs (such as payload hashes) across multiple intelligence sources and receive notifications whenever they are discovered in the wild.
Our latest release introduces a web dashboard, a REST API, and significantly improved IOC management, making Fairplay easier to operate and integrate into existing workflows.
🔥 Community Picks
A few resources that caught our attention recently:
- AI Vulnerability Exploitation for Initial Access
Google Cloud Threat Intelligence explores how AI-related vulnerabilities can be leveraged for initial access.
https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access
- HaE (Highlighter & Extractor)
A Burp Suite extension that automatically identifies and extracts sensitive information from HTTP traffic.
https://github.com/overspace-labs/HaE
- EDR-Introspection
Open-source tooling for understanding how Endpoint Detection & Response products operate.
https://github.com/evilele/EDR-Introspection
- PhantomCtx
An AI security research tool focused on context manipulation techniques in LLM-powered applications.
https://github.com/r3xmax/PhantomCtx
- Google API Keys & Gemini
Truffle Security explains why publicly exposed Google API keys have become much more sensitive in the era of Gemini.
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
- $148K Google Cloud RCE
Brutecat shares the complete write-up behind a Google Cloud RCE that earned a $148,337 bug bounty.
https://brutecat.com/articles/google-cloud-rce/
🌍 News Around the World
- Attackers Exploit Three Fortinet Vulnerabilities
Threat actors are actively exploiting three Fortinet vulnerabilities in the wild.
https://thehackernews.com/2026/06/attackers-exploit-three-fortinet.html
- Critical Splunk Enterprise Vulnerability
A critical flaw could allow authenticated users to achieve remote code execution.
https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html
- Conti Ransomware Member Pleads Guilty
Another significant law enforcement success against one of the most notorious ransomware groups.
https://www.bleepingcomputer.com/news/security/ukrainian-national-pleads-guilty-to-role-in-conti-ransomware-operation/
- Instagram Fixes AI Support Account Takeover Flaw
Meta patched an AI support vulnerability that could be abused to hijack user accounts during the recovery process.
https://www.bbc.com/news/articles/c98rzr72dpyo
That's all from us for now.
Whether you're taking some well-deserved time off or spending your summer in front of Burp Suite and Wireshark, we hope you get a chance to recharge.
Enjoy your summer, stay safe, and remember...
You may be Out of Office, but attackers never are.
See you in the next edition of Hackcraft News.



