Threat Hunt Feed (2026-04-26)
Hacker News: Best
- Show HN: A Karpathy-style LLM wiki your agents maintain (Markdown and Git) — Sat, 25 Apr 2026 08:53:53 +0000
- Matched TTPs: JavaScript (T1059.007), Cron (T1053.003), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
- My audio interface has SSH enabled by default — Fri, 24 Apr 2026 19:30:46 +0000
- Matched TTPs: Hardware (T1592.001), SSH (T1021.004), Firmware (T1592.003), Python (T1059.006), At (T1053.002)
BleepingComputer
- Threat actor uses Microsoft Teams to deploy new “Snow” malware — Sat, 25 Apr 2026 11:07:44 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Remote Access Tools (T1219), Server (T1584.004), LSASS Memory (T1003.001), Proxy (T1090), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Email Bombing (T1667), Impersonation (T1656), Python (T1059.006), At (T1053.002)
The Hacker News
- Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software — Sat, 25 Apr 2026 14:56:00 +0530
- Matched TTPs: Sharepoint (T1213.002), Rootkit (T1014), Malware (T1588.001), Browser Extensions (T1176.001), Windows Service (T1543.003), Vulnerabilities (T1588.006), DLL (T1574.001), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Hijack Execution Flow (T1574), Lua (T1059.011), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline — Sat, 25 Apr 2026 10:38:00 +0530
- Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Botnet (T1584.005), Server (T1584.004), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)