Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

25 Nov 2025 18:38

DarkGate Under the Hood

SOC Prime Bias: Medium

Sekoia.io

25 Nov 2025 17:59

Clickfix on macOS: AppleScript Malware Campaign Uses Terminal Prompts to Steal Data

SOC Prime Bias: High

hunt.io

24 Nov 2025 19:49

Akira Ransomware: Response to CISA Advisory AA24-109A

SOC Prime Bias: High

AttackIQ

24 Nov 2025 14:49

CVE-2025-11001: NHS Warns of PoC Exploit for 7-Zip Symbolic Link–Based RCE Vulnerability

SOC Prime Bias: Critical

The Hacker News

24 Nov 2025 12:15

NotDoor Insights: Deep Dive into Outlook Macros and Beyond

SOC Prime Bias: Critical

Splunk

21 Nov 2025 19:30

License to Encrypt: When “The Gentlemen” Go On Offense

SOC Prime Bias: High

cybereason.com

20 Nov 2025 18:32

Ransom Tales: Volume V — Emulating REvil, DarkSide, and BlackMatter Ransomware

SOC Prime Bias: Critical

AttackIQ

20 Nov 2025 16:35

Targeted cyberattack on an eastern Ukraine school using the GAMYBEAR tool (CERT-UA#18329)

SOC Prime Bias: Critical

cert.gov.ua

19 Nov 2025 17:21

APT41 group Tactics vs Ransomware Emulations in AttackIQ Ransom Tales

SOC Prime Bias: Critical

Hive Pro

19 Nov 2025 12:12

Fortinet FortiWeb Authentication Bypass via Path Traversal Vulnerability (CVE-2025-64446)

SOC Prime Bias: Critical

horizon3.ai