Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

09 Feb 2026 18:21

Pulsar RAT Powers Live Chat Driven Remote Control and Advanced Infostealer Delivery via Donut Loader

SOC Prime Bias: Medium

source icon

Point Wild

09 Feb 2026 18:04

Dead#Vax: Analyzing Multi Stage VHD Delivery and Self Parsing Batch Scripts to Deploy In Memory Shellcode

SOC Prime Bias: Medium

source icon

Securonix

09 Feb 2026 17:42

They Got In Through SonicWall. Then They Tried to Kill Every Security Tool

SOC Prime Bias: Critical

source icon

Huntress

06 Feb 2026 19:41

Voicemail Trap: German-Language Voicemail Lure Leads to Remote Access

SOC Prime Bias: Medium

source icon

Censys

06 Feb 2026 19:01

19 Shades of LockBit5.0, Inside the Latest Cross-Platform Ransomware: Part 1

SOC Prime Bias: High

source icon

levelblue.com

06 Feb 2026 18:48

The Godfather of Ransomware? Inside DragonForce’s Cartel Ambitions

SOC Prime Bias: High

source icon

levelblue.com

06 Feb 2026 18:26

Malicious Script Delivering More Maliciousness

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center

05 Feb 2026 20:11

Fake Installer Chain Ends in ValleyRAT Infection

SOC Prime Bias: Critical

source icon

cybereason.com

05 Feb 2026 19:59

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized Hackshell

SOC Prime Bias: Critical

source icon

Cyble

05 Feb 2026 19:39

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

SOC Prime Bias: Critical

source icon

Rapid7