Daily Hunt Feed - 2026-04-08

Threat Hunt Feed (2026-04-08)

Hacker News: Best

• System Card: Claude Mythos Preview [pdf] — Tue, 07 Apr 2026 18:18:36 +0000
  • Matched TTPs: VNC (T1021.005), DNS (T1071.004), Email Collection (T1114), SSH (T1021.004), DLL (T1574.001), Lua (T1059.011), Software (T1592.002), At (T1053.002), MMC (T1218.014)
• Project Glasswing: Securing critical software for the AI era — Tue, 07 Apr 2026 18:09:34 +0000
  • Matched TTPs: Hardware (T1592.001), Vulnerabilities (T1588.006), Web Services (T1584.006), Software (T1592.002), Exploits (T1588.005), At (T1053.002)
• Launch HN: Freestyle – Sandboxes for Coding Agents — Mon, 06 Apr 2026 16:32:11 +0000
  • Matched TTPs: Serverless (T1584.007), JavaScript (T1059.007), Hardware (T1592.001), Server (T1584.004), At (T1053.002)
• Show HN: GovAuctions lets you browse government auctions at once — Mon, 06 Apr 2026 16:21:46 +0000
  • Matched TTPs: At (T1053.002)

Krebs on Security

• Russia Hacked Routers to Steal Microsoft Office Tokens — Tue, 07 Apr 2026 17:02:44 +0000
  • Matched TTPs: Adversary-in-the-Middle (T1557), IP Addresses (T1590.005), DNS (T1071.004), Malware (T1588.001), Vulnerabilities (T1588.006), Botnet (T1584.005), Domains (T1584.001), Multi-Factor Authentication (T1556.006), Software (T1592.002), Credentials (T1589.001), At (T1053.002)

CISA Alerts

• Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure — Mon, 06 Apr 2026 07:03:58 EDT
  • Matched TTPs: VNC (T1021.005), IP Addresses (T1590.005), Stored Data Manipulation (T1565.001), Vulnerabilities (T1588.006), SSH (T1021.004), Remote Access Tools (T1219), Proxy (T1090), Web Services (T1584.006), Tool (T1588.002), Phishing (T1566), Brute Force (T1110), Data Manipulation (T1565), Software (T1592.002), Remote Desktop Protocol (T1021.001), At (T1053.002)

BleepingComputer

• Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins — Tue, 07 Apr 2026 11:51:22 -0400
  • Matched TTPs: Adversary-in-the-Middle (T1557), DNS (T1071.004), DNS Server (T1584.002), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Botnet (T1584.005), Domains (T1584.001), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Firmware (T1592.003), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• Why Your Automated Pentesting Tool Just Hit a Wall — Tue, 07 Apr 2026 10:01:11 -0400
  • Matched TTPs: DNS (T1071.004), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Trap (T1546.005), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Kerberoasting (T1558.003), At (T1053.002)

Darkreading

• Storm-1175 Deploys Medusa Ransomware at ‘High Velocity’ — Tue, 07 Apr 2026 20:15:07 GMT
  • Matched TTPs: Vulnerabilities (T1588.006), At (T1053.002)
• Grafana Patches AI Bug That Could Have Leaked User Data — Tue, 07 Apr 2026 19:52:26 GMT
  • Matched TTPs: Server (T1584.004)
• Focusing on the People in Cybersecurity at RSAC 2026 Conference — Tue, 07 Apr 2026 13:00:00 GMT
  • Matched TTPs: At (T1053.002)

The Hacker News

• Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign — Tue, 07 Apr 2026 22:18:00 +0530
  • Matched TTPs: IP Addresses (T1590.005), DNS (T1071.004), DNS Server (T1584.002), Malware (T1588.001), Vulnerabilities (T1588.006), Botnet (T1584.005), Domains (T1584.001), Server (T1584.004), Phishing (T1566), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• [Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk — Tue, 07 Apr 2026 21:59:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), Phishing (T1566), Exploits (T1588.005), Social Media (T1593.001)
• Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign — Tue, 07 Apr 2026 18:16:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Botnet (T1584.005), Domains (T1584.001), Server (T1584.004), Proxy (T1090), Shell History (T1552.003), Phishing (T1566), Exploits (T1588.005), Social Media (T1593.001), Python (T1059.006), At (T1053.002)
• The Hidden Cost of Recurring Credential Incidents — Tue, 07 Apr 2026 17:00:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware — Tue, 07 Apr 2026 12:05:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), PowerShell (T1059.001), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Remote Desktop Protocol (T1021.001)
• Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed — Tue, 07 Apr 2026 11:26:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Active Scanning (T1595), Phishing (T1566), Social Media (T1593.001), At (T1053.002)

데일리시큐 - 최근인기기사

• [북한 연계 해커, GitHub를 C2로 악용… 국내 겨냥 다단계 침투 정황 포착 — 2026-04-07 11:37:55
  • Matched TTPs: DLL (T1574.001), PowerShell (T1059.001)