Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

07 Apr 2026 18:09

Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns

SOC Prime Bias: High

source icon

BlueVoyant

07 Apr 2026 18:00

CrySome RAT : An Advanced Persistent .NET Remote Access Trojan

SOC Prime Bias: Medium

source icon

CYFIRMA

07 Apr 2026 17:52

Resoker RAT Uses Telegram for Command and Control

SOC Prime Bias: Medium

source icon

K7 Labs

06 Apr 2026 19:42

MuddyWater Exposed: Inside an Iranian APT operation

SOC Prime Bias: Critical

source icon

Ctrl-Alt-Intel

06 Apr 2026 17:58

Bitbucket API Abuse: A Simple Trick for Stealthy Data Theft

SOC Prime Bias: Medium

source icon

cocomelonc

06 Apr 2026 17:47

EtherRAT & SYS_INFO Module: C2 on Ethereum (EtherHiding), Target Selection, CDN-Like Beacons

SOC Prime Bias: Critical

source icon

eSentire

06 Apr 2026 17:33

Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise

SOC Prime Bias: Critical

source icon

Trend Micro

06 Apr 2026 17:25

Five Browser and AI Security Questions CxOs Can’t Ignore

SOC Prime Bias: High

source icon

Palo Alto Networks Blog

06 Apr 2026 17:16

Initial Access Brokers Now Target High-Value Victims and Charge Premium Rates

SOC Prime Bias: Critical

source icon

Rapid7

31 Mar 2026 17:31

Supply Chain Attack on Axios Pulls Malicious Dependency from NPM

SOC Prime Bias: Critical

source icon

Socket