Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

02 Feb 2026 14:44

UAC-0001 (APT28) Attacks Using CVE-2026-21509

SOC Prime Bias: Critical

cert.gov.ua

02 Feb 2026 14:31

Dissecting UAT-8099: New persistence mechanisms and regional focus

SOC Prime Bias: Critical

Cisco Talos Blog

02 Feb 2026 14:23

Exposed Open Directory Leaks a Full BYOB Deployment Across Windows, Linux, and macOS

SOC Prime Bias: Medium

hunt.io

02 Feb 2026 14:10

Novel Fake CAPTCHA Chain Delivers AMATERA Stealer

SOC Prime Bias: Medium

Blackpoint

02 Feb 2026 10:21

A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor

SOC Prime Bias: Critical

Google Cloud Blog

30 Jan 2026 20:30

TAMECAT – Analysis of an Iranian PowerShell-Based Backdoor

SOC Prime Bias: Critical

Pulsedive Blog

30 Jan 2026 20:23

TA584 innovates initial access

SOC Prime Bias: High

Proofpoint

30 Jan 2026 20:14

How NetSupport RAT Abuses Legitimate Remote Admin Tool

SOC Prime Bias: Medium

picussecurity.com

30 Jan 2026 19:58

APT Attacks Target India’s Government with SHEETCREEP, FIREPOWER, and MAILCREEP | Part 2

SOC Prime Bias: Critical

Zscaler

29 Jan 2026 18:51

CVE-2026-24061: GNU InetUtils Telnetd Remote Authentication Bypass

SOC Prime Bias: Critical

NSFOCUS, Inc.