Daily Hunt Feed - 2026-05-27

Threat Hunt Feed (2026-05-27)

Hacker News: Best

• Uber, Lyft drivers in Massachusetts form first US ride-share union — Tue, 26 May 2026 15:58:02 +0000
  • Matched TTPs: At (T1053.002)
• DynIP – Dynamic DNS with RFC 2136, IPv6, DNSSEC, and BYOD — Tue, 26 May 2026 07:35:20 +0000
  • Matched TTPs: DNS (T1071.004), Domains (T1584.001), Server (T1584.004), PowerShell (T1059.001), Python (T1059.006), At (T1053.002)
• California moves to exempt Linux from its age-verification law after backlash — Mon, 25 May 2026 18:19:58 +0000
  • Matched TTPs: Artificial Intelligence (T1588.007), Hardware (T1592.001), Control Panel (T1218.002), Software (T1592.002), At (T1053.002)
• Search engines alternatives now that Google isn’t Google anymore — Mon, 25 May 2026 12:27:11 +0000
  • Matched TTPs: Hardware (T1592.001), Domains (T1584.001), Search Engines (T1593.002), Proxy (T1090), At (T1053.002)

BleepingComputer

• KnowledgeDeliver flaw exploited as a zero-day to install web shells — Tue, 26 May 2026 16:07:31 -0400
  • Matched TTPs: Sharepoint (T1213.002), JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Web Shell (T1505.003), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), At (T1053.002)
• Microsoft: Domain Controller lookup may fail on Windows Server 2016 — Tue, 26 May 2026 03:41:25 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002)

Darkreading

• Feeding Frenzy: ‘Megalodon’ Malware Infects Thousands of GitHub Repos — Tue, 26 May 2026 19:47:14 GMT
  • Matched TTPs: Malvertising (T1583.008), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), SSH (T1021.004), Server (T1584.004), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• Microsoft Issues Out-of-Band SharePoint Patch — Tue, 26 May 2026 18:25:44 GMT
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Software (T1592.002), At (T1053.002)
• Remembering Tim Wilson, Whose Legacy Lives on at Dark Reading — Tue, 26 May 2026 12:00:00 GMT
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), At (T1053.002)

The Hacker News

• MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries — Tue, 26 May 2026 21:18:41 +0530
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), DLL (T1574.001), Masquerading (T1036), Server (T1584.004), Proxy (T1090), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• [THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back — Tue, 26 May 2026 17:28:00 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Trap (T1546.005), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), At (T1053.002)
• Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions — Tue, 26 May 2026 17:19:53 +0530
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001)
• MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You — Tue, 26 May 2026 16:00:00 +0530
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Phishing (T1566), Multi-Factor Authentication (T1556.006), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Conditional Access Policies (T1556.009), At (T1053.002)
• CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks — Tue, 26 May 2026 14:43:02 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Phishing (T1566), Software (T1592.002), Social Media (T1593.001)
• Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning — Tue, 26 May 2026 12:43:05 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), DLL (T1574.001), Domains (T1584.001), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), SEO Poisoning (T1608.006), At (T1053.002)
• KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike — Tue, 26 May 2026 10:49:38 +0530
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Web Shell (T1505.003), Server (T1584.004), Phishing (T1566), Software (T1592.002), Social Media (T1593.001)