Daily Hunt Feed - 2026-04-05

Threat Hunt Feed (2026-04-05)

Hacker News: Best

• Someone at BrowserStack is leaking users’ email addresses — Sun, 05 Apr 2026 13:14:38 +0000
  • Matched TTPs: Email Addresses (T1589.002), Credential Stuffing (T1110.004), At (T1053.002)

BleepingComputer

• Traffic violation scams switch to QR codes in new phishing texts — Sun, 05 Apr 2026 15:44:10 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002)
• New FortiClient EMS flaw exploited in attacks, emergency patch released — Sun, 05 Apr 2026 14:45:17 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002)
• Hackers exploit React2Shell in automated credential theft campaign — Sun, 05 Apr 2026 10:17:23 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), SSH (T1021.004), Private Keys (T1552.004), Server (T1584.004), Cloud Account (T1136.003), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), At (T1053.002)

The Hacker News

• 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants — Sun, 05 Apr 2026 10:37:00 +0530
  • Matched TTPs: DNS (T1071.004), Malware (T1588.001), Databases (T1213.006), Browser Extensions (T1176.001), Cron (T1053.003), Vulnerabilities (T1588.006), SSH (T1021.004), Network Topology (T1590.004), Web Shell (T1505.003), Private Keys (T1552.004), Server (T1584.004), PowerShell (T1059.001), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006)