Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

06 Apr 2026 17:33

Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise

SOC Prime Bias: Critical

source icon

Trend Micro

06 Apr 2026 17:25

Five Browser and AI Security Questions CxOs Can’t Ignore

SOC Prime Bias: High

source icon

Palo Alto Networks Blog

06 Apr 2026 17:16

Initial Access Brokers Now Target High-Value Victims and Charge Premium Rates

SOC Prime Bias: Critical

source icon

Rapid7

31 Mar 2026 17:23

Inside Pay2Key: Technical Analysis of a Linux Ransomware Variant

SOC Prime Bias: High

source icon

Morphisec

31 Mar 2026 17:07

Under CTRL: Dissecting a Previously Undocumented Russian .Net Access Framework

SOC Prime Bias: Critical

source icon

Censys

31 Mar 2026 16:58

From Phishing to Exfiltration: A Deep Dive into PXA Stealer

SOC Prime Bias: Medium

source icon

CyberProof

31 Mar 2026 16:57

Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER

SOC Prime Bias: Medium

source icon

elastic.co

31 Mar 2026 15:28

Operation DualScript: Multi-Stage PowerShell Malware Targeting Crypto and Finance

SOC Prime Bias: Critical

source icon

Seqrite

30 Mar 2026 18:08

33K Exposed LiteLLM Deployments and the C2 Servers Behind TeamPCP’s Supply Chain Attack

SOC Prime Bias: High

source icon

hunt.io

30 Mar 2026 17:07

T1547.006 Kernel Modules and Extensions in MITRE ATT&CK Explained

SOC Prime Bias: Critical

source icon

picussecurity.com