Daily Hunt Feed - 2026-04-17

Threat Hunt Feed (2026-04-17)

BleepingComputer

• Operation PowerOFF identifies 75k DDoS users, takes down 53 domains — Thu, 16 Apr 2026 18:26:34 -0400
  • Matched TTPs: IP Addresses (T1590.005), Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Domains (T1584.001), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), At (T1053.002)
• ZionSiphon malware designed to sabotage water treatment systems — Thu, 16 Apr 2026 18:04:53 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Domains (T1584.001), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), At (T1053.002)
• Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face — Thu, 16 Apr 2026 12:58:06 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Cron (T1053.003), Domains (T1584.001), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
• New ATHR vishing platform uses AI voice agents for automated attacks — Thu, 16 Apr 2026 10:09:11 -0400
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), Domains (T1584.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• Cisco says critical Webex Services flaw requires customer action — Thu, 16 Apr 2026 08:01:42 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Domains (T1584.001), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• Data breach at edtech giant McGraw Hill affects 13.5 million accounts — Thu, 16 Apr 2026 06:35:09 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Domains (T1584.001), Email Addresses (T1589.002), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), At (T1053.002)
• Microsoft: April Windows Server 2025 update may fail to install — Thu, 16 Apr 2026 03:37:44 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Domains (T1584.001), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), At (T1053.002)

Darkreading

• North Korea Uses ClickFix to Target macOS Users’ Data — Thu, 16 Apr 2026 19:42:45 GMT
  • Matched TTPs: Credentials (T1589.001)
• 6-Year Ransomware Campaign Targets Turkish Homes & SMBs — Thu, 16 Apr 2026 06:00:00 GMT
  • Matched TTPs: At (T1053.002)

The Hacker News

• Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic — Thu, 16 Apr 2026 23:22:00 +0530
  • Matched TTPs: Scheduled Task (T1053.005), Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), Botnet (T1584.005), Server (T1584.004), PowerShell (T1059.001), Phishing (T1566), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories — Thu, 16 Apr 2026 18:35:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malvertising (T1583.008), Malware (T1588.001), Databases (T1213.006), Cron (T1053.003), Vulnerabilities (T1588.006), Supply Chain Compromise (T1195), Domains (T1584.001), Masquerading (T1036), Private Keys (T1552.004), Server (T1584.004), Web Services (T1584.006), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), Impersonation (T1656), At (T1053.002)
• [Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment — Thu, 16 Apr 2026 17:25:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), Phishing (T1566), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution — Thu, 16 Apr 2026 16:57:00 +0530
  • Matched TTPs: Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign — Thu, 16 Apr 2026 11:50:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Databases (T1213.006), Cron (T1053.003), Vulnerabilities (T1588.006), DLL (T1574.001), Server (T1584.004), Mshta (T1218.005), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)