Daily Hunt Feed - 2026-04-22

Threat Hunt Feed (2026-04-22)

Hacker News: Best

• Laws of Software Engineering — Tue, 21 Apr 2026 11:04:56 +0000
  • Matched TTPs: Software (T1592.002)
• A Roblox cheat and one AI tool brought down Vercel’s platform — Tue, 21 Apr 2026 04:12:12 +0000
  • Matched TTPs: Tool (T1588.002)

Krebs on Security

• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty — Tue, 21 Apr 2026 14:53:59 +0000
  • Matched TTPs: Domains (T1584.001), Phishing (T1566), Credentials (T1589.001), At (T1053.002)

BleepingComputer

• New Lotus data wiper used against Venezuelan energy, utility firms — Tue, 21 Apr 2026 14:38:40 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Data Destruction (T1485), At (T1053.002)
• Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction — Tue, 21 Apr 2026 10:02:12 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Credential Stuffing (T1110.004), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• NGate Android malware uses HandyPay NFC app to steal card data — Tue, 21 Apr 2026 05:00:00 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), At (T1053.002)

Darkreading

• Exploits Turn Windows Defender into Attacker Tool — Tue, 21 Apr 2026 19:12:40 GMT
  • Matched TTPs: Tool (T1588.002), Exploits (T1588.005)
• Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk — Tue, 21 Apr 2026 15:29:17 GMT
  • Matched TTPs: Tool (T1588.002)
• Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool — Tue, 21 Apr 2026 15:00:50 GMT
  • Matched TTPs: Tool (T1588.002)
• Serial-to-IP Devices Hide Thousands of Old & New Bugs — Mon, 20 Apr 2026 21:00:00 GMT
  • Matched TTPs: Vulnerabilities (T1588.006)

The Hacker News

• SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation — Tue, 21 Apr 2026 23:48:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Botnet (T1584.005), Defacement (T1491), Server (T1584.004), Proxy (T1090), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters — Tue, 21 Apr 2026 21:16:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Hardware (T1592.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Firmware (T1592.003), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs — Tue, 21 Apr 2026 18:15:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Masquerading (T1036), Server (T1584.004), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks — Tue, 21 Apr 2026 17:00:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), Malware (T1588.001), Databases (T1213.006), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Password Spraying (T1110.003), Phishing (T1566), Credential Stuffing (T1110.004), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution — Tue, 21 Apr 2026 15:52:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), Malware (T1588.001), Malicious File (T1204.002), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines — Tue, 21 Apr 2026 11:53:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), JavaScript (T1059.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Multi-Factor Authentication (T1556.006), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)