Daily Hunt Feed - 2026-06-06

Threat Hunt Feed (2026-06-06)

Hacker News: Best

• Gemma 4 QAT models: Optimizing compression for mobile and laptop efficiency — Fri, 05 Jun 2026 16:18:48 +0000
  • Matched TTPs: Hardware (T1592.001), At (T1053.002), Compression (T1027.015)
• Conventional Commits encourages focus on the wrong things — Fri, 05 Jun 2026 15:39:38 +0000
  • Matched TTPs: Vulnerabilities (T1588.006), Tool (T1588.002), Software (T1592.002), At (T1053.002)
• Open Code Review – An AI-powered code review CLI tool — Fri, 05 Jun 2026 00:04:29 +0000
  • Matched TTPs: JavaScript (T1059.007), DNS (T1071.004), Vulnerabilities (T1588.006), Proxy (T1090), Tool (T1588.002), Software (T1592.002), At (T1053.002)
• Show HN: Uruky (EU-based Kagi alternative) now has Image Search and URL Rewrites — Thu, 04 Jun 2026 08:56:10 +0000
  • Matched TTPs: JavaScript (T1059.007), Domains (T1584.001), Server (T1584.004), Tool (T1588.002), At (T1053.002)

BleepingComputer

• Suspicious Polyfill login prompts pop up on Toshiba, Muji websites — Fri, 05 Jun 2026 17:54:42 -0400
  • Matched TTPs: JavaScript (T1059.007), Malware (T1588.001), Hardware (T1592.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• Chinese APT deploys new malware to keep access to hacked networks — Fri, 05 Jun 2026 14:09:47 -0400
  • Matched TTPs: IP Addresses (T1590.005), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Domains (T1584.001), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), Python (T1059.006), Conditional Access Policies (T1556.009), At (T1053.002)
• What 2026 DBIR Confirms: Attacks Are Living in the Browser — Fri, 05 Jun 2026 10:00:10 -0400
  • Matched TTPs: DNS (T1071.004), Malware (T1588.001), Hardware (T1592.001), Browser Extensions (T1176.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), At (T1053.002)

Darkreading

• Adaptive, Agentic AI Worms Loom as Next Enterprise Threat — Fri, 05 Jun 2026 14:40:11 GMT
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), Python (T1059.006), At (T1053.002)

The Hacker News

• IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks — Fri, 05 Jun 2026 23:35:30 +0530
  • Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), Rootkit (T1014), JavaScript (T1059.007), Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Password Managers (T1555.005), Server (T1584.004), Web Services (T1584.006), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001)
• Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps — Fri, 05 Jun 2026 20:23:40 +0530
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Vulnerabilities (T1588.006), Masquerading (T1036), Server (T1584.004), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), At (T1053.002)
• New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework — Fri, 05 Jun 2026 18:03:38 +0530
  • Matched TTPs: Sharepoint (T1213.002), DNS (T1071.004), Malware (T1588.001), Vulnerabilities (T1588.006), Web Shell (T1505.003), Server (T1584.004), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), At (T1053.002)
• Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver — Fri, 05 Jun 2026 16:50:00 +0530
  • Matched TTPs: Sharepoint (T1213.002), Artificial Intelligence (T1588.007), Malware (T1588.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), At (T1053.002)
• FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins — Fri, 05 Jun 2026 12:31:41 +0530
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Vulnerabilities (T1588.006), Email Accounts (T1585.002), Domains (T1584.001), Evil Twin (T1557.004), Server (T1584.004), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), At (T1053.002)
• PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network — Fri, 05 Jun 2026 11:04:19 +0530
  • Matched TTPs: Sharepoint (T1213.002), Malware (T1588.001), Cron (T1053.003), Vulnerabilities (T1588.006), Server (T1584.004), Proxy (T1090), Cloud Services (T1021.007), Web Services (T1584.006), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Python (T1059.006), Systemd Service (T1543.002), At (T1053.002)