Active Threats
Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.
VENOMOUS#HELPER: Dual-RMM Phishing Campaign Uses JWrapper-Packed SimpleHelp and ScreenConnect for Silent Remote Access
SOC Prime Bias: Medium
Securonix
Quasar Linux (QLNX): A Supply Chain Foothold with Full RAT Capabilities
SOC Prime Bias: Critical
Trend Micro
UAT-8302 and the Malware Toolkit Behind Its Attacks
SOC Prime Bias: Critical
Cisco Talos Blog
Media Company CloudZ RAT potentially steals OTP messages using Pheno plugin
SOC Prime Bias: Critical
Cisco Talos Blog
ClickFix Removes Your Background but Leaves the Malware
SOC Prime Bias: Medium
Huntress
Fake Homebrew Ad Leads to MacSync Stealer Infection
SOC Prime Bias: Medium
SANS Internet Storm Center
Business search APT & Targeted Attacks Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
SOC Prime Bias: Critical
Trend Micro
“AccountDumpling” Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts
SOC Prime Bias: Critical
guard.io
Deep#Door Stealer: Stealthy Python Backdoor and Credential Stealer Leveraging Tunneling, Multi-Layer Persistence, and In-Memory Surveillance Capabilities
SOC Prime Bias: Critical
Securonix
Inside a Fake DHL Campaign Built To Steal Credentials
SOC Prime Bias: Medium
Forcepoint