Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

03 Jun 2026 19:13

NetSupport RAT Delivered by an Unidentified Loader

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center

02 Jun 2026 22:44

Operation Dragon Weave Uses Azure Cloud C2 to Target Czech Republic and Taiwan

SOC Prime Bias: Critical

source icon

Seqrite Labs

02 Jun 2026 22:43

Detecting Nimbus Manticore and their sideloading infection chains

SOC Prime Bias: Critical

source icon

nextron-systems.com

02 Jun 2026 22:40

Gamaredon’s Unfolding Toolkit: GammaPhish and GammaWorm

SOC Prime Bias: Critical

source icon

Sekoia.io Blog

02 Jun 2026 22:32

Kimsuky Advanced Attack Techniques: JSONPing, Webex Spoofing, and a New HttpSpy Variant

SOC Prime Bias: Critical

source icon

co.kr

02 Jun 2026 22:28

DonutLoader Reloaded in a Modern Remcos RAT Campaign

SOC Prime Bias: Medium

source icon

gdatasoftware.com

02 Jun 2026 22:24

Operation XENOFISCAL: SideCopy Deploys Persistent XenoRAT Against Afghanistan’s Ministry of Finance

SOC Prime Bias: Critical

source icon

Seqrite Labs

02 Jun 2026 22:19

No Malware, No Alerts, Just a USB Drive in Your Office

SOC Prime Bias: Critical

source icon

Andrea Fortuna

29 May 2026 10:30

FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch

SOC Prime Bias: Critical

source icon

Arctic Wolf

29 May 2026 10:25

Crypto Software Development Infrastructure Targeted by a New Threat Actor

SOC Prime Bias: Critical

source icon

wiz.io