Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

08 Apr 2026 18:28

hermes-px: A Fake Privacy Proxy Exfiltrating Prompts and Tampering with Claude Code

SOC Prime Bias: Critical

source icon

JFrog Security Research

08 Apr 2026 18:21

Claude Code Lures Turn GitHub Releases into a Malware Delivery Channel

SOC Prime Bias: Medium

source icon

Trend Micro

08 Apr 2026 18:14

UAT-10608 Exposed: Automated Credential Theft at Scale Against Web Applications

SOC Prime Bias: Critical

source icon

Cisco Talos Blog

08 Apr 2026 17:25

Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group)

SOC Prime Bias: Critical

source icon

ASEC

08 Apr 2026 15:12

DPRK-Related Campaigns with LNK and GitHub C2

SOC Prime Bias: Critical

source icon

Fortinet Blog

08 Apr 2026 15:05

VEN0m Ransomware: the weak point of Windows Defender

SOC Prime Bias: Critical

source icon

Nexsys Srl

08 Apr 2026 14:57

APT-Q-27 Malware Campaign Focuses on Web3 Customer Support

SOC Prime Bias: Critical

source icon

zeroShadow

08 Apr 2026 14:50

MacOS Stealers, Observed: What Defenders Should Watch For

SOC Prime Bias: Medium

source icon

objective_see

08 Apr 2026 14:40

I’d come running back to EU again: TA416 resumes European government espionage campaigns

SOC Prime Bias: Critical

source icon

Proofpoint

08 Apr 2026 14:31

Cookie-Controlled PHP Web Shells: Stealth Tradecraft on Linux Hosts

SOC Prime Bias: Medium

source icon

Microsoft Security Blog