Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

21 Jan 2026 19:10

Operation Covert Access: Weaponized LNK-Based Spear-Phishing Targeting Argentina’s Judicial Sector to Deploy a Covert RAT

SOC Prime Bias: Critical

source icon

Seqrite

21 Jan 2026 18:58

BlueNoroff Group: The Financial Cybercrime Arm of Lazarus

SOC Prime Bias: Critical

source icon

picussecurity.com

20 Jan 2026 20:27

Operation Poseidon: Spear-Phishing Attacks Abusing Google Ads Redirection Mechanisms

SOC Prime Bias: Critical

source icon

co.kr

20 Jan 2026 20:18

Add Punycode to your Threat Hunting Routine

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center

20 Jan 2026 20:10

Remcos RAT Targets Korean Users in Ongoing Distribution Campaign

SOC Prime Bias: Medium

source icon

ASEC

19 Jan 2026 19:11

GlassWorm Goes Mac: Fresh Infrastructure, New Tricks

SOC Prime Bias: Critical

source icon

koi.ai

19 Jan 2026 18:57

Free Converter Software – Convert Any System from Clean to Infected in Seconds

SOC Prime Bias: Medium

source icon

nextron-systems.com

19 Jan 2026 18:45

DeadLock: Ransomware Gang Uses Smart Contracts to Mask Its Work

SOC Prime Bias: High

source icon

TheRegister

16 Jan 2026 16:42

LOTUSLITE Campaign: Targeted Espionage Driven by Geopolitical Narratives

SOC Prime Bias: Critical

source icon

Acronis

16 Jan 2026 16:25

How real software downloads can hide remote backdoors

SOC Prime Bias: Critical

source icon

Malwarebytes