Daily Hunt Feed - 2026-04-01

Threat Hunt Feed (2026-04-01)

Hacker News: Best

• OpenAI closes funding round at an $852B valuation — Tue, 31 Mar 2026 20:07:30 +0000
  • Matched TTPs: Artificial Intelligence (T1588.007), Social Media (T1593.001), At (T1053.002)

BleepingComputer

• New CrystalRAT malware adds RAT, stealer and prankware features — Wed, 01 Apr 2026 19:17:09 -0400
  • Matched TTPs: VNC (T1021.005), Keylogging (T1056.001), Malware (T1588.001), Hardware (T1592.001), Control Panel (T1218.002), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Software (T1592.002)
• Hackers exploit TrueConf zero-day to push malicious software updates — Wed, 01 Apr 2026 17:35:47 -0400
  • Matched TTPs: Malware (T1588.001), Malicious File (T1204.002), Hardware (T1592.001), DLL (T1574.001), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005)
• New EvilTokens service fuels Microsoft device code phishing attacks — Wed, 01 Apr 2026 15:42:25 -0400
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Impersonation (T1656), At (T1053.002)
• ‘NoVoice’ Android malware on Google Play infected 2.3 million devices — Wed, 01 Apr 2026 14:07:21 -0400
  • Matched TTPs: Rootkit (T1014), Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Firmware (T1592.003), Software (T1592.002), Exploits (T1588.005), Steganography (T1001.002), At (T1053.002)
• Routine Access Is Powering Modern Intrusions, a New Threat Report Finds — Wed, 01 Apr 2026 10:05:15 -0400
  • Matched TTPs: Adversary-in-the-Middle (T1557), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Remote Access Tools (T1219), Cloud Services (T1021.007), Cloud Account (T1136.003), Tool (T1588.002), Phishing (T1566), Multi-Factor Authentication (T1556.006), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001)
• Claude Code source code accidentally leaked in NPM package — Tue, 31 Mar 2026 20:32:25 -0400
  • Matched TTPs: Artificial Intelligence (T1588.007), JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), At (T1053.002)

The Hacker News

• CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails — Wed, 01 Apr 2026 21:40:00 +0530
  • Matched TTPs: Scheduled Task (T1053.005), Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Impersonation (T1656), At (T1053.002)
• Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass — Wed, 01 Apr 2026 19:40:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), DLL (T1574.001), Cloud Services (T1021.007), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Visual Basic (T1059.005)
• Block the Prompt, Not the Work: The End of “Doctor No” — Wed, 01 Apr 2026 18:16:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), Trap (T1546.005), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures — Wed, 01 Apr 2026 18:06:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), DLL (T1574.001), Email Account (T1087.003), Server (T1584.004), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Malicious Link (T1204.001), At (T1053.002)
• New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released — Wed, 01 Apr 2026 17:12:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Phishing (T1566), Social Media (T1593.001)
• 3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming) — Wed, 01 Apr 2026 16:28:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), At (T1053.002)
• Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 — Wed, 01 Apr 2026 13:14:00 +0530
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), AppleScript (T1059.002), Supply Chain Compromise (T1195), Server (T1584.004), PowerShell (T1059.001), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
• Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms — Wed, 01 Apr 2026 11:42:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), IDE Extensions (T1176.002), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Bidirectional Communication (T1102.002)

보안뉴스 > SECURITY

• 인기 자바 라이브러리 ‘액시오스’ 해킹… 구글, “배후는 北 해킹 그룹 UNC1069” — Wed, 1 Apr 2026 15:24:00 +0900
  • Matched TTPs: JavaScript (T1059.007)