Daily Hunt Feed - 2026-04-04

Threat Hunt Feed (2026-04-04)

Hacker News: Best

• Tell HN: Anthropic no longer allowing Claude Code subscriptions to use OpenClaw — Fri, 03 Apr 2026 22:55:24 +0000
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Cron (T1053.003), Masquerading (T1036), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Brute Force (T1110), Software (T1592.002), At (T1053.002), Compression (T1027.015)
• SSH certificates: the better SSH experience — Fri, 03 Apr 2026 09:52:20 +0000
  • Matched TTPs: DNS (T1071.004), SSH (T1021.004), Systemctl (T1569.003), Server (T1584.004), Python (T1059.006), At (T1053.002)
• Post Mortem: axios NPM supply chain compromise — Fri, 03 Apr 2026 00:00:19 +0000
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Supply Chain Compromise (T1195), Software (T1592.002), Credentials (T1589.001), At (T1053.002)

BleepingComputer

• Device code phishing attacks surge 37x as new kits spread online — Sat, 04 Apr 2026 10:17:38 -0400
  • Matched TTPs: Sharepoint (T1213.002), IP Addresses (T1590.005), Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Conditional Access Policies (T1556.009), At (T1053.002)
• LinkedIn secretly scans for 6,000+ Chrome extensions, collects data — Fri, 03 Apr 2026 16:40:22 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), At (T1053.002)