Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

02 Jun 2026 22:24

Operation XENOFISCAL: SideCopy Deploys Persistent XenoRAT Against Afghanistan’s Ministry of Finance

SOC Prime Bias: Critical

source icon

Seqrite Labs

02 Jun 2026 22:19

No Malware, No Alerts, Just a USB Drive in Your Office

SOC Prime Bias: Critical

source icon

Andrea Fortuna

29 May 2026 10:30

FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch

SOC Prime Bias: Critical

source icon

Arctic Wolf

29 May 2026 10:25

Crypto Software Development Infrastructure Targeted by a New Threat Actor

SOC Prime Bias: Critical

source icon

wiz.io

29 May 2026 10:20

RVTools Masquerade: How a Signed Fake Installer Deploys a Modular Python RAT

SOC Prime Bias: Medium

source icon

K7 Labs

29 May 2026 10:16

Tracing an Akira Ransomware Kill Chain Through Perimeter and Endpoint Logs

SOC Prime Bias: High

source icon

SANS Internet Storm Center

29 May 2026 10:08

700+ education and tech websites hijacked in huge ClickFix malware campaign

SOC Prime Bias: Critical

source icon

Malwarebytes

29 May 2026 10:02

Fake “Secure Mail” Lures Deliver Malicious Files Posing as Credit Card Firms

SOC Prime Bias: Medium

source icon

ASEC

27 May 2026 18:51

BlackToad Uses Network Manipulation in an AutoIt Payload

SOC Prime Bias: Medium

source icon

JUMPSEC

27 May 2026 18:46

From Poisoned Search Results to GPU Mining: A Cryptojacking Campaign Using ScreenConnect and .NET Utilities

SOC Prime Bias: Medium

source icon

Microsoft Security Blog