Threat Hunt Feed (2026-03-31)
Hacker News: Best
- 15 years, one server, 8GB RAM and 500k users – how Webminal refuses to die — Mon, 30 Mar 2026 06:08:53 +0000
- Matched TTPs: JavaScript (T1059.007), SSH (T1021.004), Systemctl (T1569.003), Server (T1584.004), Proxy (T1090), Python (T1059.006), At (T1053.002)
- Coding agents could make free software matter again — Sun, 29 Mar 2026 22:21:34 +0000
- Matched TTPs: Serverless (T1584.007), DNS (T1071.004), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
Darkreading
- AI-Powered ‘DeepLoad’ Malware Steals Credentials, Evades Detection — Mon, 30 Mar 2026 21:25:02 GMT
- Matched TTPs: Malware (T1588.001), Credentials (T1589.001)
The Hacker News
- DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials — Mon, 30 Mar 2026 21:17:00 +0530
- Matched TTPs: Windows Management Instrumentation (T1047), Artificial Intelligence (T1588.007), JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), DLL (T1574.001), Process Injection (T1055), Asynchronous Procedure Call (T1055.004), Mshta (T1218.005), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006)
- ⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More — Mon, 30 Mar 2026 19:26:00 +0530
- Matched TTPs: Scheduled Task (T1053.005), Screen Capture (T1113), Keylogging (T1056.001), Artificial Intelligence (T1588.007), JavaScript (T1059.007), DNS (T1071.004), Malware (T1588.001), Databases (T1213.006), Vulnerabilities (T1588.006), DLL (T1574.001), Botnet (T1584.005), Email Accounts (T1585.002), Domains (T1584.001), Masquerading (T1036), Email Account (T1087.003), Server (T1584.004), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Firmware (T1592.003), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Impersonation (T1656), Python (T1059.006), SEO Poisoning (T1608.006), At (T1053.002)
- Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels — Mon, 30 Mar 2026 17:48:00 +0530
- Matched TTPs: Keylogging (T1056.001), Malware (T1588.001), Vulnerabilities (T1588.006), DLL (T1574.001), Server (T1584.004), Proxy (T1090), PowerShell (T1059.001), Phishing (T1566), Social Media (T1593.001), Remote Desktop Protocol (T1021.001), At (T1053.002)
- Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign — Mon, 30 Mar 2026 12:30:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), DLL (T1574.001), Clipboard Data (T1115), Phishing (T1566), Social Media (T1593.001), At (T1053.002)
Threat Hunt Feed (2026-03-31)
Hacker News: Best
- Turning a MacBook into a touchscreen with $1 of hardware (2018) — Mon, 30 Mar 2026 19:22:33 +0000
- Matched TTPs: Hardware (T1592.001), Software (T1592.002), At (T1053.002)
BleepingComputer
- Claude AI finds Vim, Emacs RCE bugs that trigger on file open — Tue, 31 Mar 2026 17:45:14 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), At (T1053.002)
- Cisco source code stolen in Trivy-linked dev environment breach — Tue, 31 Mar 2026 13:53:04 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001)
- Hackers compromise Axios npm package to drop cross-platform malware — Tue, 31 Mar 2026 09:53:43 -0400
- Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), AppleScript (T1059.002), Server (T1584.004), PowerShell (T1059.001), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
Darkreading
- Axios NPM Package Compromised in Precision Attack — Tue, 31 Mar 2026 20:55:13 GMT
- Matched TTPs: JavaScript (T1059.007)
- TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials — Tue, 31 Mar 2026 20:02:28 GMT
- Matched TTPs: Credentials (T1589.001)
The Hacker News
- TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks — Tue, 31 Mar 2026 21:33:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), DLL (T1574.001), Server (T1584.004), Trusted Relationship (T1199), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), At (T1053.002)
- Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts — Tue, 31 Mar 2026 18:39:00 +0530
- Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority — Tue, 31 Mar 2026 17:20:00 +0530
- Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), Network Topology (T1590.004), Phishing (T1566), Social Media (T1593.001), At (T1053.002)
- Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains — Tue, 31 Mar 2026 17:16:00 +0530
- Matched TTPs: Scheduled Task (T1053.005), DNS (T1071.004), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), DLL (T1574.001), Code Signing (T1553.002), Domains (T1584.001), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Python (T1059.006), Installer Packages (T1546.016), At (T1053.002)