Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

tag icon THREAT OF THE MONTH
21 May 2026 01:05

Shai-Hulud Clones: TeamPCP Copycats Are Here

SOC Prime Bias: Critical

source icon

OX Security

17 Jun 2026 16:09

Inside a Deno-Based Proxy and RAT

SOC Prime Bias: High

source icon

InfoGuard Labs

17 Jun 2026 16:03

Operation Poisson: Breaking Down an Entire Cybercriminal Operation

SOC Prime Bias: High

source icon

Cato Networks

17 Jun 2026 15:58

How a VHDX File Delivers Remcos RAT

SOC Prime Bias: High

source icon

SANS Internet Storm Center

17 Jun 2026 15:50

UNC1549 TTPs: Iranian APT Targeting Aerospace and Defense

SOC Prime Bias: Critical

source icon

picussecurity.com

16 Jun 2026 16:03

ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit

SOC Prime Bias: Critical

source icon

Google Cloud Blog

16 Jun 2026 15:58

Interlock and Rhysida: AI in the Ransomware Ecosystem

SOC Prime Bias: Critical

source icon

ibm.com

16 Jun 2026 15:54

OnyxC2: A New Stealer Targeting 210 Applications

SOC Prime Bias: High

source icon

BlackFog

16 Jun 2026 08:47

Analyzing SHEET#CREEP: The Malware Returns with New Config Obfuscation

SOC Prime Bias: Critical

source icon

Securonix

15 Jun 2026 19:03

CVE-2026-35273: Oracle PeopleSoft Zero-Day Exploited in the Wild

SOC Prime Bias: Critical

source icon

Rapid7

15 Jun 2026 18:57

Tengu Ransomware: From Initial Access to Encryption

SOC Prime Bias: High

source icon

picussecurity.com