Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

30 Apr 2026 17:25

A Closer Look at the Novel and Stealthy KarstoRAT Malware

SOC Prime Bias: Medium

source icon

levelbluecyber

30 Apr 2026 17:21

WindowsAudit Backdoor: Inside a .NET RAT That Hides in Discord

SOC Prime Bias: Critical

source icon

Profero | Rapid-IR

30 Apr 2026 17:19

Komari: The “Monitoring” Tool That Didn’t Need Weaponising

SOC Prime Bias: Critical

source icon

Huntress

30 Apr 2026 17:12

Libredtail Exploits CVE-2024-4577 for Cryptomining

SOC Prime Bias: Critical

source icon

SANS Internet Storm Center

29 Apr 2026 17:42

Elementary-data Compromised on PyPI and GHCR via Forged GitHub Release

SOC Prime Bias: Critical

source icon

stepsecurity.io

29 Apr 2026 17:34

BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

SOC Prime Bias: Critical

source icon

Arctic Wolf

29 Apr 2026 17:27

New Malware SLOTAGENT Supporting BOF Execution Published

SOC Prime Bias: Medium

source icon

IIJ Security Diary

28 Apr 2026 18:51

The Month of Bypasses: What Defender Misses

SOC Prime Bias: Medium

source icon

PSI | Nemesis

28 Apr 2026 18:45

Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems

SOC Prime Bias: Medium

source icon

levelbluecyber

27 Apr 2026 18:22

Rebex-based Telegram RAT Targeting Vietnam

SOC Prime Bias: Medium

source icon

dmpdump