Daily Hunt Feed - 2026-06-18

Threat Hunt Feed (2026-06-18)

BleepingComputer

• Google to use UK and EU user IP addresses for ad personalization — Wed, 17 Jun 2026 17:02:42 -0400
  • Matched TTPs: IP Addresses (T1590.005), Malware (T1588.001), Hardware (T1592.001), Social Media Accounts (T1585.001), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. — Wed, 17 Jun 2026 11:12:57 -0400
  • Matched TTPs: IP Addresses (T1590.005), Malware (T1588.001), Hardware (T1592.001), Cron (T1053.003), Vulnerabilities (T1588.006), Domains (T1584.001), Server (T1584.004), Email Addresses (T1589.002), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• Why Account Takeovers Are Rising and How to Stop Them — Wed, 17 Jun 2026 10:00:10 -0400
  • Matched TTPs: Adversary-in-the-Middle (T1557), IP Addresses (T1590.005), Malware (T1588.001), Hardware (T1592.001), Vulnerabilities (T1588.006), Domains (T1584.001), Cloud Services (T1021.007), Tool (T1588.002), Phishing (T1566), Multi-Factor Authentication (T1556.006), Software (T1592.002), Credentials (T1589.001), At (T1053.002)
• India’s Telegram ban hit the UAE too. Here’s how to get around it — Wed, 17 Jun 2026 09:12:45 -0400
  • Matched TTPs: IP Addresses (T1590.005), DNS (T1071.004), Malware (T1588.001), Hardware (T1592.001), Server (T1584.004), Proxy (T1090), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Credentials (T1589.001), At (T1053.002)

Darkreading

• Sweeping Credential-Harvesting Heist Compromises 30K+ Fortinet Devices — Wed, 17 Jun 2026 14:06:34 GMT
  • Matched TTPs: IP Addresses (T1590.005), Malware (T1588.001), Vulnerabilities (T1588.006), Domains (T1584.001), Server (T1584.004), Password Spraying (T1110.003), Credential Stuffing (T1110.004), Firmware (T1592.003), Exploits (T1588.005), Credentials (T1589.001), At (T1053.002)
• UK Social Media Ban for Minors Has Privacy Experts Worried — Wed, 17 Jun 2026 08:00:00 GMT
  • Matched TTPs: Malware (T1588.001), Vulnerabilities (T1588.006), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Python (T1059.006), At (T1053.002)

The Hacker News

• Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments — Wed, 17 Jun 2026 23:44:24 +0530
  • Matched TTPs: Rootkit (T1014), Malware (T1588.001), Vulnerabilities (T1588.006), Tool (T1588.002), Phishing (T1566), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), At (T1053.002)
• Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development — Wed, 17 Jun 2026 23:06:28 +0530
  • Matched TTPs: Rootkit (T1014), Malware (T1588.001), Vulnerabilities (T1588.006), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), At (T1053.002)
• Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline — Wed, 17 Jun 2026 21:30:56 +0530
  • Matched TTPs: Scheduled Task (T1053.005), Rootkit (T1014), Malware (T1588.001), Vulnerabilities (T1588.006), SSH (T1021.004), Server (T1584.004), PowerShell (T1059.001), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), Python (T1059.006), At (T1053.002)
• Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats — Wed, 17 Jun 2026 19:21:58 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Rootkit (T1014), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Tool (T1588.002), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• The Top 10 Attack Surface Exposures in 2026 — Wed, 17 Jun 2026 16:00:00 +0530
  • Matched TTPs: Rootkit (T1014), Databases (T1213.006), Vulnerabilities (T1588.006), Server (T1584.004), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• 144 Mastra npm Packages Compromised via Hijacked Contributor Account — Wed, 17 Jun 2026 13:08:24 +0530
  • Matched TTPs: Artificial Intelligence (T1588.007), Rootkit (T1014), JavaScript (T1059.007), Malware (T1588.001), Browser Extensions (T1176.001), Vulnerabilities (T1588.006), Server (T1584.004), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), Credentials (T1589.001), At (T1053.002)
• CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution — Wed, 17 Jun 2026 11:20:46 +0530
  • Matched TTPs: Rootkit (T1014), JavaScript (T1059.007), Vulnerabilities (T1588.006), Web Shell (T1505.003), Server (T1584.004), Software (T1592.002), Exploits (T1588.005), Social Media (T1593.001), At (T1053.002)