Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

07 Apr 2026 19:57

Qilin EDR Killer Infection Chain

SOC Prime Bias: High

Cisco Talos Blog

07 Apr 2026 18:30

Mustang Panda and PlugX: A Deep Dive into Phishing-Led Loader Operations

SOC Prime Bias: Critical

0x3oBAD

07 Apr 2026 18:22

The Certificate Decoding Illusion: How Blank Grabber Stealer Hides Its Loader

SOC Prime Bias: Medium

Splunk

07 Apr 2026 18:16

DeepLoad Malware Pairs ClickFix Delivery with AI-Generated Evasion

SOC Prime Bias: Medium

ReliaQuest

07 Apr 2026 18:09

Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns

SOC Prime Bias: High

BlueVoyant

07 Apr 2026 18:00

CrySome RAT : An Advanced Persistent .NET Remote Access Trojan

SOC Prime Bias: Medium

CYFIRMA

07 Apr 2026 17:52

Resoker RAT Uses Telegram for Command and Control

SOC Prime Bias: Medium

K7 Labs

06 Apr 2026 19:42

MuddyWater Exposed: Inside an Iranian APT operation

SOC Prime Bias: Critical

Ctrl-Alt-Intel

06 Apr 2026 17:58

Bitbucket API Abuse: A Simple Trick for Stealthy Data Theft

SOC Prime Bias: Medium

cocomelonc

06 Apr 2026 17:47

EtherRAT & SYS_INFO Module: C2 on Ethereum (EtherHiding), Target Selection, CDN-Like Beacons

SOC Prime Bias: Critical

eSentire