Threat Hunt Feed (2026-04-03)
Hacker News: Best
- Show HN: I built a frontpage for personal blogs — Fri, 03 Apr 2026 12:33:45 +0000
- Matched TTPs: Social Media (T1593.001), At (T1053.002)
BleepingComputer
- LinkedIn secretely scans for 6,000+ Chrome extensions, collects data — Fri, 03 Apr 2026 16:40:22 -0400
- Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
- Die Linke German political party confirms data stolen by Qilin ransomware — Fri, 03 Apr 2026 12:36:44 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Software (T1592.002), At (T1053.002)
- CERT-EU: European Commission hack exposes data of 30 EU entities — Fri, 03 Apr 2026 02:33:34 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Email Addresses (T1589.002), Web Services (T1584.006), Cloud Account (T1136.003), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
- Drift loses $280 million as North Korean hackers seize Security Council powers — Thu, 02 Apr 2026 15:03:39 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Financial Theft (T1657), Delay Execution (T1678), Tool (T1588.002), Software (T1592.002), At (T1053.002)
Darkreading
- Apple Breaks Precedent, Patches DarkSword for iOS 18 — Fri, 03 Apr 2026 17:08:57 GMT
- Matched TTPs: Tool (T1588.002)
- Claude Source Code Leak Highlights Big Supply Chain Missteps — Fri, 03 Apr 2026 13:00:00 GMT
- Matched TTPs: Software (T1592.002), At (T1053.002)
- Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain — Fri, 03 Apr 2026 12:57:28 GMT
- Matched TTPs: Software (T1592.002)
The Hacker News
- China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing — Fri, 03 Apr 2026 23:04:00 +0530
- Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Vulnerabilities (T1588.006), DLL (T1574.001), Domains (T1584.001), Server (T1584.004), Phishing (T1566), Social Media (T1593.001), MSBuild (T1127.001), At (T1053.002)
- Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers — Fri, 03 Apr 2026 21:02:00 +0530
- Matched TTPs: Scheduled Task (T1053.005), Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), SSH (T1021.004), Control Panel (T1218.002), Web Shell (T1505.003), Server (T1584.004), Phishing (T1566), Multi-Factor Authentication (T1556.006), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack — Fri, 03 Apr 2026 16:34:00 +0530
- Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), Password Managers (T1555.005), AppleScript (T1059.002), Supply Chain Compromise (T1195), Credentials from Web Browsers (T1555.003), PowerShell (T1059.001), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
- Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture — Fri, 03 Apr 2026 16:30:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), At (T1053.002)
- New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images — Fri, 03 Apr 2026 14:40:00 +0530
- Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Social Media (T1593.001)