Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

15 Jan 2026 18:51

SHADOW#REACTOR – TEXT-ONLY STAGING, .NET REACTOR, AND IN-MEMORY REMCOS RAT DEPLOYMENT

SOC Prime Bias: Medium

source icon

Securonix

15 Jan 2026 18:39

Gamaredon: Abusing BITS for “Windows Update”-Style Malware Delivery

SOC Prime Bias: Critical

source icon

Synaptic Security Blog

14 Jan 2026 19:49

Inside SafePay: Analyzing the New Centralized Ransomware Group

SOC Prime Bias: High

source icon

picussecurity.com

14 Jan 2026 19:37

Hunting Lazarus: Inside the Contagious Interview C2 Infrastructure

SOC Prime Bias: Critical

source icon

Red Asgard

14 Jan 2026 18:14

WannaMine Cryptominer Analysis: Fileless Execution and Persistence

SOC Prime Bias: Critical

source icon

picussecurity.com

14 Jan 2026 18:04

How MDR Uncovered a Multi-Stage AsyncRAT Attack Chain

SOC Prime Bias: Critical

source icon

Trend Micro

14 Jan 2026 17:55

Break The Protective Shell Of Windows Defender With The Folder Redirect Technique

SOC Prime Bias: Critical

source icon

zerosalarium.com

13 Jan 2026 17:22

Malware Disguised as Video Files Using RMM Tools (Syncro, SuperOps, NinjaOne, etc)

SOC Prime Bias: Critical

source icon

ASEC

13 Jan 2026 17:06

Fsquirt.exe Exploit: Malicious bthprops.cpl Loading via Bluetooth

SOC Prime Bias: Medium

source icon

GitHub

13 Jan 2026 16:41

EDRStartupHinder: EDR Startup Process Blocker

SOC Prime Bias: High

source icon

zerosalarium.com