Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

17 Jun 2026 15:50

UNC1549 TTPs: Iranian APT Targeting Aerospace and Defense

SOC Prime Bias: Critical

source icon

picussecurity.com

16 Jun 2026 16:03

ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit

SOC Prime Bias: Critical

source icon

Google Cloud Blog

16 Jun 2026 15:58

Interlock and Rhysida: AI in the Ransomware Ecosystem

SOC Prime Bias: Critical

source icon

ibm.com

16 Jun 2026 15:54

OnyxC2: A New Stealer Targeting 210 Applications

SOC Prime Bias: High

source icon

BlackFog

16 Jun 2026 08:47

Analyzing SHEET#CREEP: The Malware Returns with New Config Obfuscation

SOC Prime Bias: Critical

source icon

Securonix

15 Jun 2026 19:03

CVE-2026-35273: Oracle PeopleSoft Zero-Day Exploited in the Wild

SOC Prime Bias: Critical

source icon

Rapid7

15 Jun 2026 18:57

Tengu Ransomware: From Initial Access to Encryption

SOC Prime Bias: High

source icon

picussecurity.com

15 Jun 2026 18:51

From Fiscal Lures to NinjaOne RMM Abuse

SOC Prime Bias: High

source icon

Cato Networks

15 Jun 2026 08:49

[Op Report] From SSA Phish to AdaptixC2: A Multi-RAT Intrusion

SOC Prime Bias: High

source icon

Deception.Pro Blog

12 Jun 2026 21:47

Solana FakeFix: 25 Malicious npm and PyPI Packages Pose as Stable Builds

SOC Prime Bias: Critical

source icon

JFrog Security Research