Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

27 Mar 2026 16:57

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

SOC Prime Bias: Critical

source icon

Trend Micro

27 Mar 2026 16:45

Case Study: How Defender’s Predictive Shielding Blocked GPO-Based Ransomware Before Execution

SOC Prime Bias: High

source icon

Microsoft Security Blog

27 Mar 2026 16:33

SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center

27 Mar 2026 16:20

Malware Attack Targeting MS‑SQL Servers to Deploy the ICE Cloud Scanner (Larva-26002)

SOC Prime Bias: High

source icon

ASEC

26 Mar 2026 16:24

T1547.004 in MITRE ATT&CK: Winlogon Helper Explained

SOC Prime Bias: High

source icon

picussecurity.com

26 Mar 2026 16:14

RegPhantom Backdoor: Threat Analysis and Detection Insights

SOC Prime Bias: Medium

source icon

nextron-systems.com

26 Mar 2026 16:07

Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto Miners and Infostealers Targeting Enterprise Environments

SOC Prime Bias: Medium

source icon

Securonix

26 Mar 2026 15:43

When Malware Talks Back: Real-Time Interaction with a Threat Actor During the Analysis of Kiss Loader

SOC Prime Bias: Medium

source icon

gdatasoftware.com

26 Mar 2026 15:16

GlassWorm Hides a RAT Inside a Malicious Chrome Extension

SOC Prime Bias: Critical

source icon

aikido.dev

25 Mar 2026 19:16

Iran Conflict Drives Surge in Espionage Activity Across Middle East Targets

SOC Prime Bias: Critical

source icon

Proofpoint