Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

13 May 2026 21:59

Lazarus Group Uses Git Hooks To Hide Malware DPRK’s Contagious Interview and TaskJacker campaign is now hiding its second‑stage loader inside git hooks that download InvisibleFerret and Beavertail malware

SOC Prime Bias: Critical

source icon

6lowecase6

12 May 2026 18:31

MacSync Stealer Uses Rotating C2 Infrastructure

SOC Prime Bias: Medium

source icon

RST Cloud

12 May 2026 18:21

Five Fake NuGet UI Packages Deliver Crypto Wallet and Credential Stealers

SOC Prime Bias: Critical

source icon

Socket

12 May 2026 18:13

OPERATION SILENTCANVAS : JPEG BASED MULTISTAGE POWERSHELL INTRUSION

SOC Prime Bias: Critical

source icon

CYFIRMA

12 May 2026 18:04

Shub Stealer Infection Notice for macOS

SOC Prime Bias: Medium

source icon

malware-traffic-analysis.net

11 May 2026 17:48

OpenClaw’s Hologram Delivers a Fake Installer and Rust Infostealer

SOC Prime Bias: Medium

source icon

Netskope

11 May 2026 17:40

Dirty Frag Linux Flaw Raises Post-Compromise Risk

SOC Prime Bias: Critical

source icon

Microsoft Security Blog

08 May 2026 18:45

AMOS Stealer Targets macOS Through “Cracked” Apps

SOC Prime Bias: Medium

source icon

Trend Micro

08 May 2026 18:40

Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam’s Military Telecom & Philippine Healthcare

SOC Prime Bias: Critical

source icon

Seqrite

08 May 2026 18:33

NWHStealer Spread Through Bun JavaScript Runtime

SOC Prime Bias: Medium

source icon

Malwarebytes