Threat Hunt Feed (2026-03-27)
BleepingComputer
- Ajax football club hack exposed fan data, enabled ticket hijack — Thu, 26 Mar 2026 16:37:25 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Email Addresses (T1589.002), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
- TikTok for Business accounts targeted in new phishing campaign — Thu, 26 Mar 2026 10:09:17 -0400
- Matched TTPs: Adversary-in-the-Middle (T1557), Malvertising (T1583.008), Malware (T1588.001), Hardware (T1592.001), Domains (T1584.001), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001)
- Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers — Thu, 26 Mar 2026 10:00:10 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Domains (T1584.001), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Credential Stuffing (T1110.004), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
- Coruna iOS exploit framework linked to Triangulation attacks — Thu, 26 Mar 2026 09:10:14 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), System Checks (T1497.001), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
- Suspected RedLine infostealer malware admin extradited to US — Thu, 26 Mar 2026 07:51:59 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Domains (T1584.001), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001)
Darkreading
- AI-Powered Dependency Decisions Introduce, Ignore Security Bugs — Thu, 26 Mar 2026 14:44:16 GMT
- Matched TTPs: Software (T1592.002)
The Hacker News
- ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories — Thu, 26 Mar 2026 17:15:00 +0530
- Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), JavaScript (T1059.007), DNS (T1071.004), Malware (T1588.001), Malicious File (T1204.002), Hardware (T1592.001), Vulnerabilities (T1588.006), SSH (T1021.004), DLL (T1574.001), Remote Access Tools (T1219), Domains (T1584.001), Masquerading (T1036), Private Keys (T1552.004), Server (T1584.004), Trap (T1546.005), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Firmware (T1592.003), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), Visual Basic (T1059.005), At (T1053.002)
- Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks — Thu, 26 Mar 2026 16:37:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Tool (T1588.002), Phishing (T1566), Firmware (T1592.003), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites — Thu, 26 Mar 2026 12:23:00 +0530
- Matched TTPs: IP Addresses (T1590.005), JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001)
Threat Hunt Feed (2026-03-27)
Hacker News: Best
- Desk for people who work at home with a cat — Fri, 27 Mar 2026 15:31:20 +0000
- Matched TTPs: Keychain (T1555.001), At (T1053.002)
- Hold on to Your Hardware — Fri, 27 Mar 2026 10:10:41 +0000
- Matched TTPs: JavaScript (T1059.007), Hardware (T1592.001), Server (T1584.004), Software (T1592.002), At (T1053.002)
- Show HN: I put an AI agent on a $7/month VPS with IRC as its transport layer — Thu, 26 Mar 2026 22:41:25 +0000
- Matched TTPs: Server (T1584.004), Tool (T1588.002), At (T1053.002)
- My minute-by-minute response to the LiteLLM malware attack — Thu, 26 Mar 2026 15:48:40 +0000
- Matched TTPs: Malware (T1588.001), SSH (T1021.004), Server (T1584.004), Shell History (T1552.003), Tool (T1588.002), Credentials (T1589.001), Python (T1059.006), Systemd Service (T1543.002), At (T1053.002)
- Olympic Committee bars transgender athletes from women’s events — Thu, 26 Mar 2026 14:32:34 +0000
- Matched TTPs: At (T1053.002)
BleepingComputer
- Backdoored Telnyx PyPI package pushes malware hidden in WAV audio — Fri, 27 Mar 2026 17:13:26 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), SSH (T1021.004), Server (T1584.004), Cloud Account (T1136.003), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), Steganography (T1001.002), MSBuild (T1127.001), Python (T1059.006), At (T1053.002)
- Fake VS Code alerts on GitHub spread malware to developers — Fri, 27 Mar 2026 12:51:52 -0400
- Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Cloud Account (T1136.003), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001)
- European Commission investigating breach after Amazon cloud account hack — Fri, 27 Mar 2026 08:22:19 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Vulnerabilities (T1588.006), Server (T1584.004), Web Services (T1584.006), Cloud Account (T1136.003), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
- Dutch Police discloses security breach after phishing attack — Fri, 27 Mar 2026 04:20:11 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Email Addresses (T1589.002), Cloud Account (T1136.003), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001)
Darkreading
- China Upgrades the Backdoor It Uses to Spy on Telcos Globally — Fri, 27 Mar 2026 16:48:49 GMT
- Matched TTPs: Malware (T1588.001)
- Infrastructure Attacks With Physical Consequences Down 25% — Fri, 27 Mar 2026 13:30:00 GMT
- Matched TTPs: At (T1053.002)
- Coruna, DarkSword & Democratizing Nation-State Exploit Kits — Thu, 26 Mar 2026 19:56:41 GMT
- Matched TTPs: Malware (T1588.001)
The Hacker News
- Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits — Fri, 27 Mar 2026 22:52:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files — Fri, 27 Mar 2026 22:23:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), IDE Extensions (T1176.002), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), Steganography (T1001.002), MSBuild (T1127.001), Python (T1059.006)
- Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks — Fri, 27 Mar 2026 19:27:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion — Fri, 27 Mar 2026 17:33:00 +0530
- Matched TTPs: Adversary-in-the-Middle (T1557), Malvertising (T1583.008), Malware (T1588.001), Vulnerabilities (T1588.006), Domains (T1584.001), Masquerading (T1036), Server (T1584.004), Trap (T1546.005), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), Malicious Link (T1204.001)
- We Are At War — Fri, 27 Mar 2026 16:30:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Botnet (T1584.005), Domains (T1584.001), Server (T1584.004), Trap (T1546.005), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware — Fri, 27 Mar 2026 15:34:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks — Fri, 27 Mar 2026 13:37:00 +0530
- Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Databases (T1213.006), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)