Threat Hunt Feed (2026-03-24)
Hacker News: Best
- Wine 11 rewrites how Linux runs Windows games at kernel with massive speed gains — Tue, 24 Mar 2026 18:34:52 +0000
- Matched TTPs: Hardware (T1592.001), Software (T1592.002), At (T1053.002), Compression (T1027.015)
- LaGuardia pilots raised safety alarms months before deadly runway crash — Tue, 24 Mar 2026 15:19:19 +0000
- Matched TTPs: At (T1053.002)
BleepingComputer
- Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens — Tue, 24 Mar 2026 18:29:01 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), SSH (T1021.004), Domains (T1584.001), Private Keys (T1552.004), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
- Firefox now has a free built-in VPN with 50GB monthly data limit — Tue, 24 Mar 2026 13:23:01 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001)
- Zero Trust: Bridging the Gap Between Authentication and Trust — Tue, 24 Mar 2026 10:02:12 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Multi-Factor Authentication (T1556.006), Software (T1592.002), Credentials (T1589.001), Conditional Access Policies (T1556.009), At (T1053.002)
Darkreading
- Ransomware’s New Era: Moving at AI Speed — Mon, 23 Mar 2026 21:40:37 GMT
- Matched TTPs: Credentials (T1589.001), At (T1053.002)
The Hacker News
- TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise — Tue, 24 Mar 2026 23:51:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Server (T1584.004), Trap (T1546.005), Proxy (T1090), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), Systemd Service (T1543.002), At (T1053.002)
- Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR — Tue, 24 Mar 2026 22:35:00 +0530
- Matched TTPs: JavaScript (T1059.007), Malvertising (T1583.008), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Remote Access Tools (T1219), Server (T1584.004), Trap (T1546.005), Search Engines (T1593.002), Tool (T1588.002), Phishing (T1566), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner — Tue, 24 Mar 2026 22:05:00 +0530
- Matched TTPs: Windows Management Instrumentation (T1047), Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), Resource Hijacking (T1496), Visual Basic (T1059.005)
- Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials — Tue, 24 Mar 2026 17:30:00 +0530
- Matched TTPs: Artificial Intelligence (T1588.007), JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Server (T1584.004), Trap (T1546.005), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials — Tue, 24 Mar 2026 16:08:00 +0530
- Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Databases (T1213.006), Vulnerabilities (T1588.006), SSH (T1021.004), Supply Chain Compromise (T1195), Domains (T1584.001), Server (T1584.004), Trap (T1546.005), Web Services (T1584.006), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks — Tue, 24 Mar 2026 11:29:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Proxy (T1090), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001)