Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

25 May 2026 19:34

DeepLoad Malware Explained: ClickFix Delivery and Credential Theft

SOC Prime Bias: Medium

source icon

picussecurity.com

25 May 2026 19:29

SEO Poisoning Campaign Uses Gemini and Claude Code Lures to Deliver an Infostealer

SOC Prime Bias: Medium

source icon

EclecticIQ

25 May 2026 19:25

NightSpire Ransomware Attack Chain, Tools and Tactics

SOC Prime Bias: High

source icon

picussecurity.com

22 May 2026 15:56

UAC-0057 Updates Its Toolkit with OYSTERFRESH, OYSTERSHUCK, and OYSTERBLUES

SOC Prime Bias: Medium

source icon

cert.gov.ua

22 May 2026 15:54

From PDB Strings to MaaS: Tracking a Commodity BadIIS Ecosystem

SOC Prime Bias: Medium

source icon

Cisco Talos Blog

22 May 2026 15:42

Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud

SOC Prime Bias: Medium

source icon

Trend Micro

22 May 2026 15:36

durabletask: TeamPCP’s Latest PyPI Supply Chain Compromise

SOC Prime Bias: Critical

source icon

wiz.io

22 May 2026 10:08

Exposed RDP: The Misconfiguration That Still Pays Off for Attackers

SOC Prime Bias: Critical

source icon

Huntress

22 May 2026 09:34

Steganography Secrets: Malware Hidden in Plain Sight

SOC Prime Bias: Medium

source icon

cofense.com

22 May 2026 09:29

NG0002 Targets Chinese Academia with Weaponized Institutional Lures

SOC Prime Bias: Critical

source icon

Seqrite Labs