Daily Hunt Feed - 2026-04-28

Threat Hunt Feed (2026-04-28)

Hacker News: Best

• Show HN: OSS Agent I built topped the TerminalBench on Gemini-3-flash-preview — Mon, 27 Apr 2026 12:35:55 +0000
  • Matched TTPs: JavaScript (T1059.007), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), Python (T1059.006), At (T1053.002)
• Men who stare at walls — Mon, 27 Apr 2026 11:08:26 +0000
  • Matched TTPs: At (T1053.002)
• 4TB of voice samples just stolen from 40k AI contractors at Mercor — Mon, 27 Apr 2026 09:57:10 +0000
  • Matched TTPs: Hardware (T1592.001), Domains (T1584.001), Multi-Factor Authentication (T1556.006), Impersonation (T1656), At (T1053.002)
• Fast16: High-precision software sabotage 5 years before Stuxnet — Sun, 26 Apr 2026 20:18:37 +0000
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Windows Service (T1543.003), DLL (T1574.001), Domains (T1584.001), Proxy (T1090), Tool (T1588.002), Lua (T1059.011), Software (T1592.002), At (T1053.002)

BleepingComputer

• Robinhood account creation flaw abused to send phishing emails — Mon, 27 Apr 2026 19:11:01 -0400
  • Matched TTPs: IP Addresses (T1590.005), Malware (T1588.001), Hardware (T1592.001), Email Addresses (T1589.002), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• GlassWorm malware attacks return via 73 OpenVSX “sleeper” extensions — Mon, 27 Apr 2026 17:41:01 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), SSH (T1021.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Canada arrests three for operating “SMS blaster” device in Toronto — Mon, 27 Apr 2026 16:00:31 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• FTC: Americans lost over $2.1 billion to social media scams in 2025 — Mon, 27 Apr 2026 12:27:53 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• PyPI package with 1.1M monthly downloads hacked to push infostealer — Mon, 27 Apr 2026 11:17:37 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), SSH (T1021.004), Shell History (T1552.003), Tool (T1588.002), Phishing (T1566), Malicious Image (T1204.003), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
• Webinar: Spotting cyberattacks before they begin — Mon, 27 Apr 2026 10:25:35 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)

Darkreading

• UNC6692 Combines Social Engineering, Malware, Cloud Abuse — Mon, 27 Apr 2026 20:12:34 GMT
  • Matched TTPs: Malware (T1588.001)
• 20-Year-Old Malware Rewrites History of Cyber Sabotage — Mon, 27 Apr 2026 13:09:54 GMT
  • Matched TTPs: Malware (T1588.001)

The Hacker News

• ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More — Mon, 27 Apr 2026 19:00:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), Rootkit (T1014), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Trap (T1546.005), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Lua (T1059.011), Firmware (T1592.003), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Bidirectional Communication (T1102.002), Impersonation (T1656), At (T1053.002)
• Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side — Mon, 27 Apr 2026 17:28:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks — Mon, 27 Apr 2026 17:24:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Rootkit (T1014), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), SSH (T1021.004), DLL (T1574.001), Web Shell (T1505.003), Server (T1584.004), Windows Remote Management (T1021.006), Proxy (T1090), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), Remote Desktop Protocol (T1021.001), At (T1053.002)
• Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware — Mon, 27 Apr 2026 16:53:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), JavaScript (T1059.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)

데일리시큐 - 최근인기기사

• NASA 직원까지 속인 중국 해킹조직의 피싱…항공우주 방위 소프트웨어 노렸다 — 2026-04-27 15:32:30
  • Matched TTPs: Phishing (T1566)