Active Threats

Explore the latest active threats being deployed by malicious actors as of Q4 2025. Each report may offer attack flows, actionable detection rules, and simulation instructions to help SOC teams stay ahead of evolving adversary techniques.

09 Jun 2026 15:43

STX RAT Supply Chain Attack Hits Wallets and X-VPN

SOC Prime Bias: Critical

source icon

Sekoia.io Blog

09 Jun 2026 15:31

From Crypto Wallets to a 100M-User VPN: Inside an Active STX RAT Supply Chain Campaign

SOC Prime Bias: Critical

source icon

cyderes.com

09 Jun 2026 15:25

Seeking Counsel: Ongoing Targeted Attacks Against US Law Firms

SOC Prime Bias: High

source icon

Google Cloud Blog

08 Jun 2026 22:55

AI-Powered Roblox Cheats Deliver the Yuta/Solara Stealer

SOC Prime Bias: Medium

source icon

Derp

08 Jun 2026 22:48

PulseRAT Delivered Through a UAE-India Partnership Lure

SOC Prime Bias: Critical

source icon

dmpdump

08 Jun 2026 22:43

Preinstall to Persistence: Inside the Red Hat npm Miasma Credential-Theft Campaign

SOC Prime Bias: Critical

source icon

Microsoft Security Blog

08 Jun 2026 22:33

GammaSteel: Inside Gamaredon’s Unfolding Malware Chain

SOC Prime Bias: Critical

source icon

Sekoia.io Blog

05 Jun 2026 18:49

The Evil MSI Background Returns

SOC Prime Bias: Medium

source icon

SANS Internet Storm Center

05 Jun 2026 18:45

Miasma Supply Chain Attack Spreads Through the Phantom Gyp Worm

SOC Prime Bias: Critical

source icon

stepsecurity.io

05 Jun 2026 18:40

C0XMO: A New Gafgyt Variant with Cross-Platform Propagation

SOC Prime Bias: Critical

source icon

Fortinet Blog