Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

03 Jun 2026 19:38

Gentlemen Ransomware Emulation Explained

SOC Prime Bias: High

source icon

AttackIQ

03 Jun 2026 19:31

Iran’s Cyber Paradox: Degraded APTs, Rising Proxies, and Bootkit Wipers

SOC Prime Bias: Critical

source icon

anomali.com

03 Jun 2026 19:24

MicrosoftSystem64: A Supply Chain RAT Exfiltrating Data to Hugging Face

SOC Prime Bias: Critical

source icon

SafeDep

03 Jun 2026 19:19

DriveSurge Uses ClickFix and Fake Update Drive-By Attacks at Scale

SOC Prime Bias: Medium

source icon

Silent Push

03 Jun 2026 19:13

NetSupport RAT Delivered by an Unidentified Loader

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center

02 Jun 2026 22:44

Operation Dragon Weave Uses Azure Cloud C2 to Target Czech Republic and Taiwan

SOC Prime Bias: Critical

source icon

Seqrite Labs

02 Jun 2026 22:43

Detecting Nimbus Manticore and their sideloading infection chains

SOC Prime Bias: Critical

source icon

nextron-systems.com

02 Jun 2026 22:40

Gamaredon’s Unfolding Toolkit: GammaPhish and GammaWorm

SOC Prime Bias: Critical

source icon

Sekoia.io Blog

02 Jun 2026 22:32

Kimsuky Advanced Attack Techniques: JSONPing, Webex Spoofing, and a New HttpSpy Variant

SOC Prime Bias: Critical

source icon

co.kr

02 Jun 2026 22:28

DonutLoader Reloaded in a Modern Remcos RAT Campaign

SOC Prime Bias: Medium

source icon

gdatasoftware.com