Threat Hunt Feed (2026-03-23)
Hacker News: Best
- Two pilots dead after plane and ground vehicle collide at LaGuardia — Mon, 23 Mar 2026 07:24:19 +0000
- Matched TTPs: Social Media (T1593.001), At (T1053.002)
Krebs on Security
- ‘CanisterWorm’ Springs Wiper Attack Targeting Iran — Mon, 23 Mar 2026 15:43:04 +0000
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Cloud Services (T1021.007), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
BleepingComputer
- Tycoon2FA phishing platform returns after recent police disruption — Mon, 23 Mar 2026 17:52:58 -0400
- Matched TTPs: Adversary-in-the-Middle (T1557), Sharepoint (T1213.002), IP Addresses (T1590.005), Malware (T1588.001), Hardware (T1592.001), Domains (T1584.001), Cloud Account (T1136.003), Tool (T1588.002), Phishing (T1566), Software (T1592.002)
- FBI warns of Handala hackers using Telegram in malware attacks — Mon, 23 Mar 2026 05:45:55 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Domains (T1584.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002)
- CISA orders feds to patch DarkSword iOS flaws exploited attacks — Mon, 23 Mar 2026 04:37:28 -0400
- Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Cloud Services (T1021.007), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005)
Darkreading
- Trivy Supply Chain Attack Targets CI/CD Secrets — Mon, 23 Mar 2026 21:43:59 GMT
- Matched TTPs: SSH (T1021.004), Tool (T1588.002), Credentials (T1589.001)
- CISOs Debate Human Role in AI-Powered Security — Mon, 23 Mar 2026 20:26:26 GMT
- Matched TTPs: At (T1053.002)
- Attackers Hide Infostealer in Copyright Infringement Notices — Mon, 23 Mar 2026 15:11:01 GMT
- Matched TTPs: Phishing (T1566)
The Hacker News
- North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware — Mon, 23 Mar 2026 23:39:00 +0530
- Matched TTPs: JavaScript (T1059.007), Keychain (T1555.001), Malware (T1588.001), Vulnerabilities (T1588.006), Domains (T1584.001), Server (T1584.004), Trap (T1546.005), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
- ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More — Mon, 23 Mar 2026 18:44:00 +0530
- Matched TTPs: Keylogging (T1056.001), Artificial Intelligence (T1588.007), IP Addresses (T1590.005), JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), SSH (T1021.004), Botnet (T1584.005), Domains (T1584.001), Server (T1584.004), Trap (T1546.005), Email Addresses (T1589.002), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), ClickOnce (T1127.002), Python (T1059.006), Remote Desktop Protocol (T1021.001), At (T1053.002)
- We Found Eight Attack Vectors Inside AWS Bedrock. Here’s What Attackers Can Do with Them — Mon, 23 Mar 2026 17:25:00 +0530
- Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), Malware (T1588.001), Databases (T1213.006), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Confluence (T1213.001), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware — Mon, 23 Mar 2026 16:25:00 +0530
- Matched TTPs: Artificial Intelligence (T1588.007), JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), DLL (T1574.001), Domains (T1584.001), Masquerading (T1036), Server (T1584.004), Trap (T1546.005), PowerShell (T1059.001), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Conditional Access Policies (T1556.009), Malicious Link (T1204.001), At (T1053.002)