Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

27 May 2026 18:40

Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

SOC Prime Bias: Medium

source icon

Fortinet Blog

27 May 2026 18:32

Fake software on GitHub and SourceForge distribute Deno RAT by Gabriele Orini

SOC Prime Bias: Critical

source icon

Malwarebytes

27 May 2026 18:26

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

SOC Prime Bias: Critical

source icon

Microsoft Security Blog

26 May 2026 19:05

Claude Impersonation Page May Deliver ACR Stealer

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center

26 May 2026 19:01

Void Dokkaebi Uses Cython-Compiled InvisibleFerret Malware

SOC Prime Bias: Critical

source icon

Trend Micro

26 May 2026 17:55

Payload Ransomware: In-Depth Technical Analysis

SOC Prime Bias: High

source icon

Darkatlas

25 May 2026 19:34

DeepLoad Malware Explained: ClickFix Delivery and Credential Theft

SOC Prime Bias: Medium

source icon

picussecurity.com

25 May 2026 19:29

SEO Poisoning Campaign Uses Gemini and Claude Code Lures to Deliver an Infostealer

SOC Prime Bias: Medium

source icon

EclecticIQ

25 May 2026 19:25

NightSpire Ransomware Attack Chain, Tools and Tactics

SOC Prime Bias: High

source icon

picussecurity.com

22 May 2026 15:56

UAC-0057 Updates Its Toolkit with OYSTERFRESH, OYSTERSHUCK, and OYSTERBLUES

SOC Prime Bias: Medium

source icon

cert.gov.ua