Daily Hunt Feed - 2026-05-08

Threat Hunt Feed (2026-05-08)

Hacker News: Best

• Grand Theft Oil Futures: Insider traders keep making a killing at our expense — Thu, 07 May 2026 11:10:24 +0000
  • Matched TTPs: At (T1053.002)

BleepingComputer

• New TCLBanker malware self-spreads over WhatsApp and Outlook — Thu, 07 May 2026 18:06:52 -0400
  • Matched TTPs: Keylogging (T1056.001), Malware (T1588.001), Hardware (T1592.001), DLL (T1574.001), Email Account (T1087.003), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• New PCPJack worm steals credentials, cleans TeamPCP infections — Thu, 07 May 2026 14:35:50 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Databases (T1213.006), Cron (T1053.003), Vulnerabilities (T1588.006), SSH (T1021.004), Server (T1584.004), Tool (T1588.002), Multi-Factor Authentication (T1556.006), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
• Australia warns of ClickFix attacks pushing Vidar Stealer malware — Thu, 07 May 2026 14:00:59 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), PowerShell (T1059.001), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• Americans sentenced for running ‘laptop farms’ for North Korea — Thu, 07 May 2026 09:45:48 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Remote Desktop Software (T1219.002), At (T1053.002)
• Webinar: Why modern attacks require both security and recovery — Thu, 07 May 2026 08:00:08 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), Impersonation (T1656), At (T1053.002)
• Fake Claude AI website delivers new ‘Beagle’ Windows malware — Thu, 07 May 2026 06:02:35 -0400
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), DLL (T1574.001), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)

Darkreading

• After Replacing TeamPCP Malware, ‘PCPJack’ Steals Cloud Secrets — Thu, 07 May 2026 20:43:30 GMT
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Databases (T1213.006), Vulnerabilities (T1588.006), SSH (T1021.004), Cloud Services (T1021.007), Tool (T1588.002), Credentials (T1589.001), Python (T1059.006), At (T1053.002)

The Hacker News

• PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems — Thu, 07 May 2026 23:15:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Server (T1584.004), Cloud Services (T1021.007), Web Services (T1584.006), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
• PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage — Thu, 07 May 2026 19:04:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), At (T1053.002)
• ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories — Thu, 07 May 2026 17:03:00 +0530
  • Matched TTPs: Adversary-in-the-Middle (T1557), Artificial Intelligence (T1588.007), DNS (T1071.004), Malvertising (T1583.008), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Domains (T1584.001), Server (T1584.004), Trap (T1546.005), Proxy (T1090), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), Template Injection (T1221), At (T1053.002)
• PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux — Thu, 07 May 2026 14:50:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), DLL (T1574.001), Masquerading (T1036), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Python (T1059.006), At (T1053.002)
• vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution — Thu, 07 May 2026 09:45:00 +0530
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), At (T1053.002)