Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

21 Apr 2026 18:21

Your shipment has arrived email hides remote access software

SOC Prime Bias: Medium

source icon

Malwarebytes

21 Apr 2026 18:16

Not Just Annoying Ads: Adware Bundles Delivering Gh0st RAT

SOC Prime Bias: Medium

source icon

Splunk

21 Apr 2026 18:12

Lumma Stealer infection with Sectop RAT (ArechClient2)

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center

21 Apr 2026 18:07

TeamPCP Gains Ground in Cloud-Native and Ransomware Campaigns

SOC Prime Bias: Critical

source icon

Flare

17 Apr 2026 18:42

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

SOC Prime Bias: Critical

source icon

Microsoft Security Blog

17 Apr 2026 18:20

A fake Slack download is giving attackers a hidden desktop on your machine

SOC Prime Bias: Medium

source icon

Malwarebytes

17 Apr 2026 17:49

ClickFix Phishing Campaign Disguised as a Claude Installer

SOC Prime Bias: Medium

source icon

Rapid7

17 Apr 2026 17:40

Payouts King Takes Aim at the Ransomware Throne

SOC Prime Bias: High

source icon

ThreatLabz Ransomware Report

17 Apr 2026 17:34

PowMix Botnet Targets Czech Workforce via Media Company Lure

SOC Prime Bias: Medium

source icon

Cisco Talos Blog

17 Apr 2026 17:27

Smoking out an affiliate: SmokedHam, Qilin, a few Google ads and some bossware

SOC Prime Bias: High

source icon

Orange Cyberdefense