Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

10 Feb 2026 17:20

RenEngine Loader and HijackLoader: Dual-Stage Attack Chain Fueling Stealer Campaigns

SOC Prime Bias: Medium

source icon

cyderes.com

10 Feb 2026 16:46

Analysis of Suspected Malware Linked to APT-Q-27 Targeting Financial Institutions

SOC Prime Bias: Critical

source icon

CyStackSecurity

10 Feb 2026 16:26

Hunting OpenClaw: Detection and Containment Guidance for Defenders

SOC Prime Bias: High

source icon

Security Joes

10 Feb 2026 14:29

DYNOWIPER: Destructive Malware Targeting Poland’s Energy Sector

SOC Prime Bias: Critical

source icon

elastic.co

10 Feb 2026 14:20

New Clickfix variant CrashFix deploying Python Remote Access Trojan

SOC Prime Bias: Medium

source icon

Microsoft Security Blog

09 Feb 2026 19:16

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

SOC Prime Bias: Critical

source icon

Cisco Talos Blog

09 Feb 2026 18:57

Deep-Dive Technical Analysis of Marco Stealer

SOC Prime Bias: Medium

source icon

TransferLoader

09 Feb 2026 18:38

New year, new sector: Transparent Tribe targets India’s startup ecosystem

SOC Prime Bias: Critical

source icon

Acronis

09 Feb 2026 18:21

Pulsar RAT Powers Live Chat Driven Remote Control and Advanced Infostealer Delivery via Donut Loader

SOC Prime Bias: Medium

source icon

Point Wild

09 Feb 2026 18:04

Dead#Vax: Analyzing Multi Stage VHD Delivery and Self Parsing Batch Scripts to Deploy In Memory Shellcode

SOC Prime Bias: Medium

source icon

Securonix