Daily Hunt Feed - 2026-04-30

Threat Hunt Feed (2026-04-30)

BleepingComputer

• Official SAP npm packages compromised to steal credentials — Wed, 29 Apr 2026 18:43:44 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), SSH (T1021.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
• Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining — Wed, 29 Apr 2026 16:50:35 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• cPanel, WHM emergency update fixes critical auth bypass bug — Wed, 29 Apr 2026 11:51:44 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Botnet (T1584.005), Control Panel (T1218.002), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)

Darkreading

• Reverse Engineering With AI Unearths High-Severity GitHub Bug — Wed, 29 Apr 2026 20:08:17 GMT
  • Matched TTPs: Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002), At (T1053.002)
• Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities — Wed, 29 Apr 2026 13:00:00 GMT
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), Python (T1059.006), At (T1053.002)

The Hacker News

• SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack — Wed, 29 Apr 2026 21:56:00 +0530
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), PowerShell (T1059.001), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs — Wed, 29 Apr 2026 20:13:00 +0530
  • Matched TTPs: Screen Capture (T1113), Keylogging (T1056.001), Artificial Intelligence (T1588.007), JavaScript (T1059.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), SSH (T1021.004), Supply Chain Compromise (T1195), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002), Compression (T1027.015)
• Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks — Wed, 29 Apr 2026 17:32:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong) — Wed, 29 Apr 2026 17:00:00 +0530
  • Matched TTPs: Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Network Topology (T1590.004), Vulnerability Scanning (T1595.002), Server (T1584.004), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately — Wed, 29 Apr 2026 15:07:00 +0530
  • Matched TTPs: Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Control Panel (T1218.002), Server (T1584.004), Software (T1592.002), Social Media (T1593.001), At (T1053.002)
• CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV — Wed, 29 Apr 2026 14:16:00 +0530
  • Matched TTPs: Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Software (T1592.002), Social Media (T1593.001), At (T1053.002)
• LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure — Wed, 29 Apr 2026 11:04:00 +0530
  • Matched TTPs: Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Proxy (T1090), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)