Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

tag icon THREAT OF THE MONTH
21 May 2026 01:05

Shai-Hulud Clones: TeamPCP Copycats Are Here

SOC Prime Bias: Critical

source icon

OX Security

02 Jun 2026 22:44

Operation Dragon Weave Uses Azure Cloud C2 to Target Czech Republic and Taiwan

SOC Prime Bias: Critical

source icon

Seqrite Labs

02 Jun 2026 22:40

Gamaredon’s Unfolding Toolkit: GammaPhish and GammaWorm

SOC Prime Bias: Critical

source icon

Sekoia.io Blog

02 Jun 2026 22:32

Kimsuky Advanced Attack Techniques: JSONPing, Webex Spoofing, and a New HttpSpy Variant

SOC Prime Bias: Critical

source icon

co.kr

02 Jun 2026 22:28

DonutLoader Reloaded in a Modern Remcos RAT Campaign

SOC Prime Bias: Medium

source icon

gdatasoftware.com

02 Jun 2026 22:24

Operation XENOFISCAL: SideCopy Deploys Persistent XenoRAT Against Afghanistan’s Ministry of Finance

SOC Prime Bias: Critical

source icon

Seqrite Labs

02 Jun 2026 22:19

No Malware, No Alerts, Just a USB Drive in Your Office

SOC Prime Bias: Critical

source icon

Andrea Fortuna

29 May 2026 10:30

FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch

SOC Prime Bias: Critical

source icon

Arctic Wolf

29 May 2026 10:25

Crypto Software Development Infrastructure Targeted by a New Threat Actor

SOC Prime Bias: Critical

source icon

wiz.io

29 May 2026 10:20

RVTools Masquerade: How a Signed Fake Installer Deploys a Modular Python RAT

SOC Prime Bias: Medium

source icon

K7 Labs

29 May 2026 10:16

Tracing an Akira Ransomware Kill Chain Through Perimeter and Endpoint Logs

SOC Prime Bias: High

source icon

SANS Internet Storm Center