Daily Hunt Feed - 2026-05-16

Threat Hunt Feed (2026-05-16)

Hacker News: Best

• Show HN: Find the best local LLM for your hardware, ranked by benchmarks — Fri, 15 May 2026 09:19:24 +0000
  • Matched TTPs: Hardware (T1592.001), Vulnerabilities (T1588.006), Proxy (T1090), Tool (T1588.002), Software (T1592.002), Python (T1059.006), At (T1053.002)
• Details of the Daring Airdrop at Tristan Da Cunha — Fri, 15 May 2026 03:56:14 +0000
  • Matched TTPs: Control Panel (T1218.002), At (T1053.002)
• UK government replaces Palantir software with internally-built refugee system — Thu, 14 May 2026 22:44:16 +0000
  • Matched TTPs: Artificial Intelligence (T1588.007), Trap (T1546.005), Software (T1592.002), At (T1053.002)

BleepingComputer

• Funnel Builder WordPress plugin bug exploited to steal credit cards — Fri, 15 May 2026 15:30:33 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001)
• Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own — Fri, 15 May 2026 13:47:25 -0400
  • Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• Popular node-ipc npm package compromised to steal credentials — Fri, 15 May 2026 13:10:42 -0400
  • Matched TTPs: DNS (T1071.004), Keychain (T1555.001), Malware (T1588.001), Hardware (T1592.001), SSH (T1021.004), Tool (T1588.002), Inter-Process Communication (T1559), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001)
• Avada Builder WordPress plugin flaws allow site credential theft — Fri, 15 May 2026 11:56:56 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• Microsoft backpedals: Edge to stop loading passwords into memory — Fri, 15 May 2026 10:49:39 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• Microsoft warns of Exchange zero-day flaw exploited in attacks — Fri, 15 May 2026 05:40:42 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Windows Service (T1543.003), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)

Darkreading

• The Boring Stuff is Dangerous Now — Mon, 18 May 2026 13:00:00 GMT
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Tool (T1588.002), At (T1053.002)
• Taiwan Bullet Train Hack Highlights Cybersecurity Gaps in Rail Systems — Fri, 15 May 2026 01:00:00 GMT
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Software (T1592.002), Python (T1059.006), At (T1053.002)

The Hacker News

• Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access — Fri, 15 May 2026 22:40:25 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Botnet (T1584.005), Supply Chain Compromise (T1195), Server (T1584.004), Proxy (T1090), Web Services (T1584.006), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
• Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence — Fri, 15 May 2026 19:05:04 +0530
  • Matched TTPs: Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), SSH (T1021.004), Supply Chain Compromise (T1195), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface — Fri, 15 May 2026 16:30:00 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Supply Chain Compromise (T1195), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), MSBuild (T1127.001), At (T1053.002)
• On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email — Fri, 15 May 2026 11:49:04 +0530
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Windows Service (T1543.003), Vulnerabilities (T1588.006), SSH (T1021.004), Supply Chain Compromise (T1195), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits — Fri, 15 May 2026 10:58:03 +0530
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Supply Chain Compromise (T1195), Web Shell (T1505.003), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)