Threat Hunt Feed (2026-04-16)
BleepingComputer
- Critical Nginx UI auth bypass flaw now actively exploited in the wild — Wed, 15 Apr 2026 18:35:09 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
- New AgingFly malware used in attacks on Ukraine govt, hospitals — Wed, 15 Apr 2026 17:57:17 -0400
- Matched TTPs: Scheduled Task (T1053.005), Keylogging (T1056.001), Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Server (T1584.004), PowerShell (T1059.001), Tool (T1588.002), Software (T1592.002), At (T1053.002)
- WordPress plugin suite hacked to push malware to thousands of sites — Wed, 15 Apr 2026 16:33:50 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002)
- Signed software abused to deploy antivirus-killing scripts — Wed, 15 Apr 2026 13:59:30 -0400
- Matched TTPs: IP Addresses (T1590.005), Malware (T1588.001), Hardware (T1592.001), Domains (T1584.001), PowerShell (T1059.001), Tool (T1588.002), Software (T1592.002), At (T1053.002)
- Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest — Wed, 15 Apr 2026 12:20:21 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), At (T1053.002)
- Microsoft: April updates trigger BitLocker key prompts on some servers — Wed, 15 Apr 2026 07:41:35 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Firmware (T1592.003), Software (T1592.002), At (T1053.002)
- Microsoft fixes bug behind Windows Server 2025 automatic upgrades — Wed, 15 Apr 2026 06:24:53 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002), At (T1053.002)
Darkreading
- Critical MCP Integration Flaw Puts NGINX at Risk — Wed, 15 Apr 2026 21:45:18 GMT
- Matched TTPs: At (T1053.002)
The Hacker News
- n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails — Wed, 15 Apr 2026 22:39:00 +0530
- Matched TTPs: Artificial Intelligence (T1588.007), JavaScript (T1059.007), Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover — Wed, 15 Apr 2026 18:26:00 +0530
- Matched TTPs: Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More — Wed, 15 Apr 2026 18:07:00 +0530
- Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), Server (T1584.004), Web Services (T1584.006), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities — Wed, 15 Apr 2026 14:10:00 +0530
- Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)