Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

02 Feb 2026 10:21

A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor

SOC Prime Bias: Critical

Google Cloud Blog

30 Jan 2026 20:30

TAMECAT – Analysis of an Iranian PowerShell-Based Backdoor

SOC Prime Bias: Critical

Pulsedive Blog

30 Jan 2026 20:23

TA584 innovates initial access

SOC Prime Bias: High

Proofpoint

30 Jan 2026 20:14

How NetSupport RAT Abuses Legitimate Remote Admin Tool

SOC Prime Bias: Medium

picussecurity.com

30 Jan 2026 19:58

APT Attacks Target India’s Government with SHEETCREEP, FIREPOWER, and MAILCREEP | Part 2

SOC Prime Bias: Critical

Zscaler

29 Jan 2026 18:51

CVE-2026-24061: GNU InetUtils Telnetd Remote Authentication Bypass

SOC Prime Bias: Critical

NSFOCUS, Inc.

29 Jan 2026 18:34

APT Attacks Target India’s Government with GOGITTER, GITSHELLPAD, and GOSHELL | Part 1

SOC Prime Bias: Critical

Zscaler

29 Jan 2026 18:23

The PyRAT Code: Internals of a Python-Based RAT

SOC Prime Bias: Medium

K7 Labs

28 Jan 2026 16:07

CVE-2025-8088: Diverse Threat Actors Exploit a Critical WinRAR Flaw

SOC Prime Bias: Critical

Google Cloud Blog

28 Jan 2026 13:13

The Moltbot / ClawdBots Epidemic

SOC Prime Bias: Critical

TheRegister