Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

08 Apr 2026 17:25

Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group)

SOC Prime Bias: Critical

ASEC

08 Apr 2026 15:12

DPRK-Related Campaigns with LNK and GitHub C2

SOC Prime Bias: Critical

Fortinet Blog

08 Apr 2026 15:05

VEN0m Ransomware: the weak point of Windows Defender

SOC Prime Bias: Critical

Nexsys Srl

08 Apr 2026 14:57

APT-Q-27 Malware Campaign Focuses on Web3 Customer Support

SOC Prime Bias: Critical

zeroShadow

08 Apr 2026 14:50

MacOS Stealers, Observed: What Defenders Should Watch For

SOC Prime Bias: Medium

objective_see

08 Apr 2026 14:40

I’d come running back to EU again: TA416 resumes European government espionage campaigns

SOC Prime Bias: Critical

Proofpoint

08 Apr 2026 14:31

Cookie-Controlled PHP Web Shells: Stealth Tradecraft on Linux Hosts

SOC Prime Bias: Medium

Microsoft Security Blog

07 Apr 2026 19:57

Qilin EDR Killer Infection Chain

SOC Prime Bias: High

Cisco Talos Blog

07 Apr 2026 18:30

Mustang Panda and PlugX: A Deep Dive into Phishing-Led Loader Operations

SOC Prime Bias: Critical

0x3oBAD

07 Apr 2026 18:22

The Certificate Decoding Illusion: How Blank Grabber Stealer Hides Its Loader

SOC Prime Bias: Medium

Splunk