Daily Hunt Feed - 2026-04-23

Threat Hunt Feed (2026-04-23)

Hacker News: Best

• Apple fixes bug that cops used to extract deleted chat messages from iPhones — Wed, 22 Apr 2026 20:27:31 +0000
  • Matched TTPs: Hardware (T1592.001), Chat Messages (T1552.008), Tool (T1588.002), Software (T1592.002), At (T1053.002)
• Tell HN: I’m sick of AI everything — Wed, 22 Apr 2026 01:19:30 +0000
  • Matched TTPs: Hardware (T1592.001), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• The Vercel breach: OAuth attack exposes risk in platform environment variables — Tue, 21 Apr 2026 17:14:35 +0000
  • Matched TTPs: Serverless (T1584.007), Artificial Intelligence (T1588.007), IP Addresses (T1590.005), Malware (T1588.001), Vulnerabilities (T1588.006), Cloud Accounts (T1078.004), Supply Chain Compromise (T1195), Domains (T1584.001), Unsecured Credentials (T1552), Use Alternate Authentication Material (T1550), Business Relationships (T1591.002), Code Repositories (T1213.003), Account Discovery (T1087), Proxy (T1090), Credentials In Files (T1552.001), Cloud Account (T1136.003), Trusted Relationship (T1199), Tool (T1588.002), Phishing (T1566), Valid Accounts (T1078), Credential Stuffing (T1110.004), Software (T1592.002), Credentials (T1589.001), Python (T1059.006), Data from Information Repositories (T1213), Application Access Token (T1550.001), At (T1053.002)
• Show HN: VidStudio, a browser based video editor that doesn’t upload your files — Tue, 21 Apr 2026 11:58:16 +0000
  • Matched TTPs: Hardware (T1592.001), Tool (T1588.002), Software (T1592.002), Compression (T1027.015)
• Making RAM at Home [video] — Mon, 20 Apr 2026 23:35:06 +0000
  • Matched TTPs: At (T1053.002)

BleepingComputer

• New Mirai campaign exploits RCE flaw in EoL D-Link routers — Wed, 22 Apr 2026 16:04:46 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Botnet (T1584.005), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Firmware (T1592.003), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Impersonation (T1656), At (T1053.002)
• New npm supply-chain attack self-spreads to steal auth tokens — Wed, 22 Apr 2026 08:57:42 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), SSH (T1021.004), Server (T1584.004), Cloud Services (T1021.007), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Impersonation (T1656), Python (T1059.006), At (T1053.002)
• New GoGra malware for Linux uses Microsoft Graph API for comms — Wed, 22 Apr 2026 06:00:00 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Impersonation (T1656), At (T1053.002)
• Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks — Wed, 22 Apr 2026 02:53:02 -0400
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Cloud Services (T1021.007), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Impersonation (T1656), At (T1053.002)

Darkreading

• DPRK Fake Job Scams Self-Propagate in ‘Contagious Interview’ — Wed, 22 Apr 2026 14:48:05 GMT
  • Matched TTPs: Malware (T1588.001)
• Exploits Turn Windows Defender Into Attacker Tool — Tue, 21 Apr 2026 19:12:40 GMT
  • Matched TTPs: Tool (T1588.002), Exploits (T1588.005)
• Google Fixes Critical RCE Flaw in AI-Based ‘Antigravity’ Tool — Tue, 21 Apr 2026 15:00:50 GMT
  • Matched TTPs: Tool (T1588.002)

The Hacker News

• Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain — Wed, 22 Apr 2026 23:25:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), JavaScript (T1059.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Supply Chain Compromise (T1195), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API — Wed, 22 Apr 2026 20:58:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack — Wed, 22 Apr 2026 16:25:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Toxic Combinations: When Cross-App Permissions Stack into Risk — Wed, 22 Apr 2026 16:11:36 +0530
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Email Addresses (T1589.002), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles — Wed, 22 Apr 2026 13:28:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), JavaScript (T1059.007), DNS (T1071.004), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), DLL (T1574.001), Masquerading (T1036), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Impersonation (T1656), At (T1053.002)
• Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape — Wed, 22 Apr 2026 12:46:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), JavaScript (T1059.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)