Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

30 Jan 2026 19:58

APT Attacks Target India’s Government with SHEETCREEP, FIREPOWER, and MAILCREEP | Part 2

SOC Prime Bias: Critical

Zscaler

29 Jan 2026 18:51

CVE-2026-24061: GNU InetUtils Telnetd Remote Authentication Bypass

SOC Prime Bias: Critical

NSFOCUS, Inc.

29 Jan 2026 18:34

APT Attacks Target India’s Government with GOGITTER, GITSHELLPAD, and GOSHELL | Part 1

SOC Prime Bias: Critical

Zscaler

29 Jan 2026 18:23

The PyRAT Code: Internals of a Python-Based RAT

SOC Prime Bias: Medium

K7 Labs

28 Jan 2026 16:07

CVE-2025-8088: Diverse Threat Actors Exploit a Critical WinRAR Flaw

SOC Prime Bias: Critical

Google Cloud Blog

28 Jan 2026 13:13

The Moltbot / ClawdBots Epidemic

SOC Prime Bias: Critical

TheRegister

28 Jan 2026 12:58

Fake ClowdBot VS Code Extension Drops ScreenConnect RAT

SOC Prime Bias: Critical

aikido.dev

28 Jan 2026 11:56

A Shared Arsenal: Identifying Common TTPs Across RATs

SOC Prime Bias: Medium

Splunk

28 Jan 2026 11:41

EndPoint Detection of Recent RMM Distribution Cases

SOC Prime Bias: Critical

ASEC

27 Jan 2026 17:21

Watering Hole Attack Targets EmEditor Users with Information‑Stealing Malware

SOC Prime Bias: Critical

Trend Micro