Active Threats
Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.
T1547.001 in MITRE ATT&CK: Registry Run Keys and Startup Folder Explained
SOC Prime Bias: Medium
picussecurity.com
T1547.003 Time Providers in MITRE ATT&CK Explained
SOC Prime Bias: Critical
picussecurity.com
That “job brief” on Google Forms could infect your device
SOC Prime Bias: Medium
Malwarebytes
Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure
SOC Prime Bias: Medium
levelbluecyber
From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect
SOC Prime Bias: Medium
elastic.co
Winos 4.0 Malware Masquerading as a KakaoTalk Installer
SOC Prime Bias: Medium
ASEC
Phishing Clues Hidden in the /tmp Folder
SOC Prime Bias: Medium
Huntress
ESET Research EDR killers explained: Beyond the drivers
SOC Prime Bias: Critical
welivesecurity.com
From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill
SOC Prime Bias: Medium
Huntress
GSocket Backdoor Delivered Through Bash Script
SOC Prime Bias: Medium
SANS Internet Storm Center