Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

22 May 2026 15:54

From PDB Strings to MaaS: Tracking a Commodity BadIIS Ecosystem

SOC Prime Bias: Medium

source icon

Cisco Talos Blog

22 May 2026 15:42

Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud

SOC Prime Bias: Medium

source icon

Trend Micro

22 May 2026 15:36

durabletask: TeamPCP’s Latest PyPI Supply Chain Compromise

SOC Prime Bias: Critical

source icon

wiz.io

22 May 2026 10:08

Exposed RDP: The Misconfiguration That Still Pays Off for Attackers

SOC Prime Bias: Critical

source icon

Huntress

22 May 2026 09:34

Steganography Secrets: Malware Hidden in Plain Sight

SOC Prime Bias: Medium

source icon

cofense.com

22 May 2026 09:29

NG0002 Targets Chinese Academia with Weaponized Institutional Lures

SOC Prime Bias: Critical

source icon

Seqrite Labs

21 May 2026 01:15

SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain

SOC Prime Bias: Medium

source icon

SentinelOne

21 May 2026 01:10

How Storm-2949 turned a compromised identity into a cloud-wide breach

SOC Prime Bias: High

source icon

Microsoft Security Blog

21 May 2026 01:05

Shai-Hulud Clones: TeamPCP Copycats Are Here

SOC Prime Bias: Critical

source icon

OX Security

21 May 2026 01:01

Phantom Stealer Analysis: Inside a Two-Layer Attack Chain

SOC Prime Bias: Medium

source icon

Darkatlas