Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

01 Jul 2026 12:16

Inside Kimsuky’s CHM Tradecraft: Multi-Stage Execution and Selective Payload Delivery

SOC Prime Bias: High

source icon

Synaptic Security Blog

01 Jul 2026 12:11

Active Directory Forest Trust Abuse and Child-to-Root Escalation

SOC Prime Bias: Critical

source icon

Hacking Articles

01 Jul 2026 12:05

Aquatic Panda (Earth Lusca): Campaigns, Malware, and TTPs

SOC Prime Bias: Critical

source icon

picussecurity.com

01 Jul 2026 09:50

LokiBot After a Decade: Analysis of a Recent Campaign

SOC Prime Bias: High

source icon

levelbluecyber

30 Jun 2026 10:05

Gamaredon in 2025: Tunnels, Workers, Dead Drops, and New Alliances

SOC Prime Bias: Critical

source icon

welivesecurity.com

30 Jun 2026 10:00

Beyond the Login Field: The Phishing Tradecraft Users Aren’t Ready For

SOC Prime Bias: High

source icon

Huntress

30 Jun 2026 09:54

StealC and Amadey: Breaking Down the Infostealers and Services Behind Them

SOC Prime Bias: High

source icon

Microsoft Security Blog

30 Jun 2026 09:48

KimJongRAT Continues to Evolve Through Living Off Trusted Sites

SOC Prime Bias: Critical

source icon

IIJ Security Diary

30 Jun 2026 09:44

Introduction to COM usage by Windows threats

SOC Prime Bias: Medium

source icon

Cisco Talos Blog

30 Jun 2026 09:21

Abusing GitLab CI Runners as a Command-and-Control Framework

SOC Prime Bias: High

source icon

vrls.ws