Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

07 May 2026 18:43

Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader

SOC Prime Bias: Critical

source icon

Latest Version of Amadey

07 May 2026 18:38

InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise

SOC Prime Bias: Medium

source icon

Trend Micro

07 May 2026 18:33

Iranian-Nexus Attack Exposes 26,000 Citizen Records in Oman

SOC Prime Bias: Critical

source icon

hunt.io

07 May 2026 18:26

Chaos Ransomware and the State-Sponsored Threat Behind It

SOC Prime Bias: Critical

source icon

Rapid7

06 May 2026 14:31

VENOMOUS#HELPER: Dual-RMM Phishing Campaign Uses JWrapper-Packed SimpleHelp and ScreenConnect for Silent Remote Access

SOC Prime Bias: Medium

source icon

Securonix

06 May 2026 14:26

Quasar Linux (QLNX): A Supply Chain Foothold with Full RAT Capabilities

SOC Prime Bias: Critical

source icon

Trend Micro

06 May 2026 14:19

UAT-8302 and the Malware Toolkit Behind Its Attacks

SOC Prime Bias: Critical

source icon

Cisco Talos Blog

06 May 2026 14:15

Media Company CloudZ RAT potentially steals OTP messages using Pheno plugin

SOC Prime Bias: Critical

source icon

Cisco Talos Blog

05 May 2026 17:21

ClickFix Removes Your Background but Leaves the Malware

SOC Prime Bias: Medium

source icon

Huntress

05 May 2026 17:17

Fake Homebrew Ad Leads to MacSync Stealer Infection

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center