Daily Hunt Feed - 2026-05-20

Threat Hunt Feed (2026-05-20)

Hacker News: Best

• Apple unveils new accessibility features — Tue, 19 May 2026 12:04:18 +0000
  • Matched TTPs: Accessibility Features (T1546.008), Software (T1592.002), At (T1053.002)
• We let AIs run radio stations — Mon, 18 May 2026 18:12:18 +0000
  • Matched TTPs: Domains (T1584.001), Tool (T1588.002), At (T1053.002)

BleepingComputer

• Max-severity flaw in ChromaDB for AI apps allows server hijacking — Tue, 19 May 2026 18:25:49 -0400
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Python (T1059.006), At (T1053.002)
• Cybercrime service disrupted for abusing Microsoft platform to sign malware — Tue, 19 May 2026 17:47:31 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Code Signing (T1553.002), Code Signing Certificates (T1588.003), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• Microsoft plans to improve Windows 11 driver quality in 2026 — Tue, 19 May 2026 12:22:30 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), At (T1053.002)
• New Shai-Hulud malware wave compromises 600 npm packages — Tue, 19 May 2026 10:30:22 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), SSH (T1021.004), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation — Tue, 19 May 2026 10:00:10 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Add-ins (T1137.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Brute Force (T1110), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)

Darkreading

• Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut — Tue, 19 May 2026 21:55:35 GMT
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• Windows Zero-Day Barrage Continues After Patch Tuesday — Tue, 19 May 2026 21:06:54 GMT
  • Matched TTPs: Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• CISA Exposes Secrets, Credentials in ‘Private’ Repo — Tue, 19 May 2026 19:49:53 GMT
  • Matched TTPs: Hardware (T1592.001), Vulnerabilities (T1588.006), Private Keys (T1552.004), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution — Tue, 19 May 2026 13:28:43 GMT
  • Matched TTPs: Malware (T1588.001), Databases (T1213.006), Vulnerabilities (T1588.006), Cloud Services (T1021.007), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), At (T1053.002), Wi-Fi Networks (T1669)
• Is 2026 the Year AI Bills of Materials Get Real? — Mon, 18 May 2026 21:44:53 GMT
  • Matched TTPs: Artificial Intelligence (T1588.007), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), Credentials (T1589.001), At (T1053.002)

The Hacker News

• Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps — Tue, 19 May 2026 22:08:12 +0530
  • Matched TTPs: Rootkit (T1014), DNS (T1071.004), Malvertising (T1583.008), Malware (T1588.001), Vulnerabilities (T1588.006), Domains (T1584.001), Masquerading (T1036), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Social Media (T1593.001), At (T1053.002)
• The New Phishing Click: How OAuth Consent Bypasses MFA — Tue, 19 May 2026 17:00:00 +0530
  • Matched TTPs: Adversary-in-the-Middle (T1557), Rootkit (T1014), DNS (T1071.004), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare — Tue, 19 May 2026 16:14:45 +0530
  • Matched TTPs: Rootkit (T1014), DNS (T1071.004), Vulnerabilities (T1588.006), Server (T1584.004), Exploits (T1588.005), Social Media (T1593.001), At (T1053.002)
• SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access — Tue, 19 May 2026 14:53:15 +0530
  • Matched TTPs: Rootkit (T1014), DNS (T1071.004), Cron (T1053.003), Vulnerabilities (T1588.006), Server (T1584.004), Social Media (T1593.001)
• Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials — Tue, 19 May 2026 10:58:06 +0530
  • Matched TTPs: Rootkit (T1014), JavaScript (T1059.007), DNS (T1071.004), Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account — Tue, 19 May 2026 10:24:17 +0530
  • Matched TTPs: Rootkit (T1014), DNS (T1071.004), Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Server (T1584.004), Web Services (T1584.006), Tool (T1588.002), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)