Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

30 Mar 2026 16:46

Abusing Legitimate Low-Level Tools to Help Ransomware Evade Antivirus Detection

SOC Prime Bias: High

source icon

Seqrite

30 Mar 2026 16:15

T1547.008 LSASS Driver in MITRE ATT&CK Explained

SOC Prime Bias: Critical

source icon

picussecurity.com

30 Mar 2026 16:01

Cyberattack UAC-0255 disguised as a notification from CERT-UA using the AGEWHEEZE tool

SOC Prime Bias: Medium

source icon

cert.gov.ua

30 Mar 2026 15:52

Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka

SOC Prime Bias: Medium

source icon

Malwarebytes

30 Mar 2026 15:41

Say My Name: How MioLab is building MacOS Stealer Empire

SOC Prime Bias: Medium

source icon

levelbluecyber

27 Mar 2026 17:11

InterLock: Full Tooling Breakdown of a Ransomware Operation

SOC Prime Bias: High

source icon

Derp

27 Mar 2026 16:57

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

SOC Prime Bias: Critical

source icon

Trend Micro

27 Mar 2026 16:45

Case Study: How Defender’s Predictive Shielding Blocked GPO-Based Ransomware Before Execution

SOC Prime Bias: High

source icon

Microsoft Security Blog

27 Mar 2026 16:33

SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center

27 Mar 2026 16:20

Malware Attack Targeting MS‑SQL Servers to Deploy the ICE Cloud Scanner (Larva-26002)

SOC Prime Bias: High

source icon

ASEC