Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

tag icon THREAT OF THE MONTH
30 Apr 2026 17:06

“Copy Fail” – Linux local privilege escalation vulnerability (CVE-2026-31431)

SOC Prime Bias: Critical

source icon

Xint

08 May 2026 18:45

AMOS Stealer Targets macOS Through “Cracked” Apps

SOC Prime Bias: Medium

source icon

Trend Micro

08 May 2026 18:40

Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam’s Military Telecom & Philippine Healthcare

SOC Prime Bias: Critical

source icon

Seqrite

08 May 2026 18:33

NWHStealer Spread Through Bun JavaScript Runtime

SOC Prime Bias: Medium

source icon

Malwarebytes

08 May 2026 18:29

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

SOC Prime Bias: Medium

source icon

elastic.co

07 May 2026 18:58

Salat Stealer Analysis Go Based RAT C2 Resilience and Info Stealing Capabilities

SOC Prime Bias: Medium

source icon

darkatlas.io

07 May 2026 18:54

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

SOC Prime Bias: Critical

source icon

The Hacker News

07 May 2026 18:43

Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader

SOC Prime Bias: Critical

source icon

Latest Version of Amadey

07 May 2026 18:38

InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise

SOC Prime Bias: Medium

source icon

Trend Micro

07 May 2026 18:33

Iranian-Nexus Attack Exposes 26,000 Citizen Records in Oman

SOC Prime Bias: Critical

source icon

hunt.io

07 May 2026 18:26

Chaos Ransomware and the State-Sponsored Threat Behind It

SOC Prime Bias: Critical

source icon

Rapid7