Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

15 May 2026 16:24

Dissecting a ModeloRAT Campaign from Teams Phishing to Domain Compromise

SOC Prime Bias: Critical

source icon

Rapid7

15 May 2026 15:49

FamousSparrow Targets Azerbaijan’s Oil and Gas Sector

SOC Prime Bias: Critical

source icon

Bitdefender Blog

14 May 2026 15:37

ClickFix Evolves with PySoxy Proxying

SOC Prime Bias: Critical

source icon

ReliaQuest

14 May 2026 15:30

Shai-Hulud: Here We Go Again – Worm by TeamPCP Hits NPM and PyPI

SOC Prime Bias: Critical

source icon

JFrog Security Research

14 May 2026 15:27

Python Backdoor Threat Analysis Following an AI Deepfake Impersonation Campaign

SOC Prime Bias: Critical

source icon

co.kr

14 May 2026 15:19

Gamaredon Uses Spoofed Emails, GammaDrop, and GammaLoad

SOC Prime Bias: Critical

source icon

HarfangLab

13 May 2026 22:13

Malware Found in Trending Hugging Face Repository

SOC Prime Bias: Critical

source icon

hiddenlayer.com

13 May 2026 21:59

Lazarus Group Uses Git Hooks To Hide Malware DPRK’s Contagious Interview and TaskJacker campaign is now hiding its second‑stage loader inside git hooks that download InvisibleFerret and Beavertail malware

SOC Prime Bias: Critical

source icon

6lowecase6

12 May 2026 18:31

MacSync Stealer Uses Rotating C2 Infrastructure

SOC Prime Bias: Medium

source icon

RST Cloud

12 May 2026 18:21

Five Fake NuGet UI Packages Deliver Crypto Wallet and Credential Stealers

SOC Prime Bias: Critical

source icon

Socket