Daily Hunt Feed - 2026-05-21

Threat Hunt Feed (2026-05-21)

Hacker News: Best

• Show HN: Forge – Guardrails take an 8B model from 53% to 99% on agentic tasks — Tue, 19 May 2026 12:23:07 +0000
  • Matched TTPs: Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Software (T1592.002), Python (T1059.006), At (T1053.002)

BleepingComputer

• Ukraine identifies infostealer operator tied to 28,000 stolen accounts — Wed, 20 May 2026 17:36:24 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Multi-Factor Authentication (T1556.006), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• Hackers bypass SonicWall VPN MFA due to incomplete patching — Wed, 20 May 2026 17:19:17 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Multi-Factor Authentication (T1556.006), Firmware (T1592.003), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• Identity Alone Isn’t Enough: Why Device Security Has to Share the Load — Wed, 20 May 2026 10:02:12 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Remote Access Tools (T1219), Tool (T1588.002), Phishing (T1566), Multi-Factor Authentication (T1556.006), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• Drupal critical update to fix bug with high exploitation risk — Wed, 20 May 2026 08:52:29 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), At (T1053.002)

Darkreading

• GitHub Confirms Breach, 4K Internal Repos Stolen — Wed, 20 May 2026 20:51:32 GMT
  • Matched TTPs: Vulnerabilities (T1588.006), SSH (T1021.004), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs. — Wed, 20 May 2026 20:35:35 GMT
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), Email Accounts (T1585.002), Masquerading (T1036), Browser Session Hijacking (T1185), Phishing (T1566), Software (T1592.002), At (T1053.002)
• What Will Make AI BOMs Real? — Tue, 19 May 2026 22:17:55 GMT
  • Matched TTPs: Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), At (T1053.002)

The Hacker News

• Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development — Wed, 20 May 2026 22:36:54 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Rootkit (T1014), DNS (T1071.004), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Social Media (T1593.001), Python (T1059.006), At (T1053.002)
• Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks — Wed, 20 May 2026 20:06:44 +0530
  • Matched TTPs: Rootkit (T1014), DNS (T1071.004), Malware (T1588.001), Vulnerabilities (T1588.006), Code Signing (T1553.002), Server (T1584.004), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API — Wed, 20 May 2026 18:21:43 +0530
  • Matched TTPs: Rootkit (T1014), DNS (T1071.004), Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Social Media (T1593.001), At (T1053.002)
• Agent AI is Coming. Are You Ready? — Wed, 20 May 2026 17:28:00 +0530
  • Matched TTPs: Rootkit (T1014), DNS (T1071.004), Vulnerabilities (T1588.006), Server (T1584.004), Social Media (T1593.001), At (T1053.002)
• Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem — Wed, 20 May 2026 16:00:00 +0530
  • Matched TTPs: Rootkit (T1014), JavaScript (T1059.007), DNS (T1071.004), Vulnerabilities (T1588.006), Domains (T1584.001), Private Keys (T1552.004), Server (T1584.004), Phishing (T1566), Social Media (T1593.001), Credentials (T1589.001), Impersonation (T1656), At (T1053.002)