Active Threats
Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.
SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain
SOC Prime Bias: Medium
SentinelOne
How Storm-2949 turned a compromised identity into a cloud-wide breach
SOC Prime Bias: High
Microsoft Security Blog
Phantom Stealer Analysis: Inside a Two-Layer Attack Chain
SOC Prime Bias: Medium
Darkatlas
Amatera Stealer 4.0.2 Beta: What’s New in This Variant
SOC Prime Bias: Medium
eSentire
Click, Install, Compromised: The New Wave of Zoom-Themed Attacks
SOC Prime Bias: High
cofense.com
Defending EDR Against Adversaries
SOC Prime Bias: Critical
Huntress
UAC-0184: From HTA to a Signed Network Stack
SOC Prime Bias: Critical
Synaptic Security Blog
VIP Keylogger and Its Multi-Layered Evasion Tactics
SOC Prime Bias: Medium
Splunk
PureLogs Delivered Through PawsRunner Steganography
SOC Prime Bias: Medium
Fortinet Blog
Investigating a Stealthy Intrusion Through Third-Party Compromise
SOC Prime Bias: Critical
Microsoft Security Blog