Active Threats
Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.
TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook
SOC Prime Bias: Medium
elastic.co
Salat Stealer Analysis Go Based RAT C2 Resilience and Info Stealing Capabilities
SOC Prime Bias: Medium
darkatlas.io
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
SOC Prime Bias: Critical
The Hacker News
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
SOC Prime Bias: Critical
Latest Version of Amadey
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
SOC Prime Bias: Medium
Trend Micro
Iranian-Nexus Attack Exposes 26,000 Citizen Records in Oman
SOC Prime Bias: Critical
hunt.io
Chaos Ransomware and the State-Sponsored Threat Behind It
SOC Prime Bias: Critical
Rapid7
VENOMOUS#HELPER: Dual-RMM Phishing Campaign Uses JWrapper-Packed SimpleHelp and ScreenConnect for Silent Remote Access
SOC Prime Bias: Medium
Securonix
Quasar Linux (QLNX): A Supply Chain Foothold with Full RAT Capabilities
SOC Prime Bias: Critical
Trend Micro
UAT-8302 and the Malware Toolkit Behind Its Attacks
SOC Prime Bias: Critical
Cisco Talos Blog