Daily Hunt Feed - 2026-05-28

Threat Hunt Feed (2026-05-28)

Hacker News: Best

• DuckDuckGo search saw 28% more visits after Google said people love AI mode — Wed, 27 May 2026 16:28:41 +0000
  • Matched TTPs: Hardware (T1592.001), Search Engines (T1593.002), Tool (T1588.002), Software (T1592.002), At (T1053.002)

BleepingComputer

• GPU mining malware spreads via SEO poisoning, AI chatbots — Wed, 27 May 2026 17:31:25 -0400
  • Matched TTPs: Password Cracking (T1110.002), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), InstallUtil (T1218.004), DLL (T1574.001), Botnet (T1584.005), Msiexec (T1218.007), Domains (T1584.001), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Process Hollowing (T1055.012), Software (T1592.002), Exploits (T1588.005), MSBuild (T1127.001), SEO Poisoning (T1608.006), At (T1053.002)
• Can you enforce strong Active Directory password rules without frustrating users? — Wed, 27 May 2026 10:00:10 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Botnet (T1584.005), Password Managers (T1555.005), Password Spraying (T1110.003), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), SEO Poisoning (T1608.006), At (T1053.002)
• Glassworm botnet disrupted after resilient C2 infrastructure takedown — Wed, 27 May 2026 09:28:42 -0400
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Botnet (T1584.005), Server (T1584.004), Web Services (T1584.006), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Credentials (T1589.001), SEO Poisoning (T1608.006)

Darkreading

• Ransomware Actors Show Up In Person to Steal Law Firm Data — Wed, 27 May 2026 20:38:01 GMT
  • Matched TTPs: Malware (T1588.001), Databases (T1213.006), Vulnerabilities (T1588.006), Remote Access Tools (T1219), Phishing (T1566), Software (T1592.002), At (T1053.002)

The Hacker News

• Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users — Wed, 27 May 2026 21:40:21 +0530
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), DLL (T1574.001), Masquerading (T1036), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Visual Basic (T1059.005), At (T1053.002)
• Malicious npm Package Stole Files From Claude AI User Directory via GitHub — Wed, 27 May 2026 21:14:29 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001)
• 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees — Wed, 27 May 2026 18:58:48 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Malware (T1588.001), Hardware (T1592.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure — Wed, 27 May 2026 17:18:37 +0530
  • Matched TTPs: VNC (T1021.005), JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Server (T1584.004), Code Repositories (T1213.003), Web Services (T1584.006), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002), Dead Drop Resolver (T1102.001)
• Gitea Vulnerability Exposes Private Container Images without Authentication — Wed, 27 May 2026 15:36:32 +0530
  • Matched TTPs: Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites — Wed, 27 May 2026 13:15:52 +0530
  • Matched TTPs: Scheduled Task (T1053.005), Artificial Intelligence (T1588.007), DNS (T1071.004), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), SSH (T1021.004), DLL (T1574.001), Msiexec (T1218.007), Domains (T1584.001), Server (T1584.004), Search Engines (T1593.002), Confluence (T1213.001), PowerShell (T1059.001), Tool (T1588.002), Phishing (T1566), Process Hollowing (T1055.012), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), Impersonation (T1656), Python (T1059.006), SEO Poisoning (T1608.006), At (T1053.002)