Threat Hunt Feed (2026-05-12)
Hacker News: Best
- Software engineering may no longer be a lifetime career — Mon, 11 May 2026 14:34:08 +0000
- Matched TTPs: Software (T1592.002), At (T1053.002)
BleepingComputer
- New GhostLock tool abuses Windows API to block file access — Mon, 11 May 2026 18:02:00 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Python (T1059.006), At (T1053.002)
- Why Changing Passwords Doesn’t End an Active Directory Breach — Mon, 11 May 2026 09:53:56 -0400
- Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Golden Ticket (T1558.001), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), Python (T1059.006), Kerberoasting (T1558.003), At (T1053.002)
- Google: Hackers used AI to develop zero-day exploit for web admin tool — Mon, 11 May 2026 09:02:30 -0400
- Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), Proxy (T1090), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Python (T1059.006), At (T1053.002)
- TrickMo Android banker adopts TON blockchain for covert comms — Mon, 11 May 2026 05:03:02 -0400
- Matched TTPs: Keylogging (T1056.001), DNS (T1071.004), Malware (T1588.001), Hardware (T1592.001), SSH (T1021.004), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
Darkreading
- Hackers Use AI for Exploit Development, Attack Automation — Mon, 11 May 2026 13:00:00 GMT
- Matched TTPs: Malware (T1588.001), Databases (T1213.006), Vulnerabilities (T1588.006), Tool (T1588.002), Phishing (T1566), Firmware (T1592.003), Exploits (T1588.005), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
The Hacker News
- cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor — Mon, 11 May 2026 23:24:00 +0530
- Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Botnet (T1584.005), Supply Chain Compromise (T1195), Control Panel (T1218.002), Web Shell (T1505.003), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
- Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation — Mon, 11 May 2026 21:15:00 +0530
- Matched TTPs: VNC (T1021.005), Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Supply Chain Compromise (T1195), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Firmware (T1592.003), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More — Mon, 11 May 2026 18:06:00 +0530
- Matched TTPs: Keylogging (T1056.001), Artificial Intelligence (T1588.007), Rootkit (T1014), JavaScript (T1059.007), Malware (T1588.001), Social Media Accounts (T1585.001), Vulnerabilities (T1588.006), SSH (T1021.004), AppleScript (T1059.002), Supply Chain Compromise (T1195), Domains (T1584.001), Masquerading (T1036), Electron Applications (T1218.015), Server (T1584.004), Email Addresses (T1589.002), Tool (T1588.002), Phishing (T1566), Firmware (T1592.003), Regsvr32 (T1218.010), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
- Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room — Mon, 11 May 2026 17:00:00 +0530
- Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Supply Chain Compromise (T1195), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)