Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

tag icon THREAT OF THE MONTH
31 Mar 2026 17:31

Supply Chain Attack on Axios Pulls Malicious Dependency from NPM

SOC Prime Bias: Critical

source icon

Socket

17 Apr 2026 18:42

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

SOC Prime Bias: Critical

source icon

Microsoft Security Blog

17 Apr 2026 18:20

A fake Slack download is giving attackers a hidden desktop on your machine

SOC Prime Bias: Medium

source icon

Malwarebytes

17 Apr 2026 17:49

ClickFix Phishing Campaign Disguised as a Claude Installer

SOC Prime Bias: Medium

source icon

Rapid7

17 Apr 2026 17:40

Payouts King Takes Aim at the Ransomware Throne

SOC Prime Bias: High

source icon

ThreatLabz Ransomware Report

17 Apr 2026 17:34

PowMix Botnet Targets Czech Workforce via Media Company Lure

SOC Prime Bias: Medium

source icon

Cisco Talos Blog

17 Apr 2026 17:27

Smoking out an affiliate: SmokedHam, Qilin, a few Google ads and some bossware

SOC Prime Bias: High

source icon

Orange Cyberdefense

16 Apr 2026 17:01

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

SOC Prime Bias: Medium

source icon

Malwarebytes

16 Apr 2026 16:46

North Korea’s Safari Campaign Delivers RATs

SOC Prime Bias: Medium

source icon

bitso.com

16 Apr 2026 15:14

Threat Actors Misuse n8n to Automate AI-Driven Attacks

SOC Prime Bias: Medium

source icon

Cisco Talos Blog

16 Apr 2026 15:04

ErrTraffic v3 Uses EtherHiding in ClickFix Campaigns

SOC Prime Bias: Medium

source icon

levelbluecyber