Information-stealing malware is rapidly escalating across the cyber threat landscape. ESET reports that SnakeStealer nearly doubled its activity in H1 2025, becoming the most detected infostealer and accounting for almost 20% of all infostealer detections. Meanwhile, a new campaign dubbed Maranhão Stealer has surfaced, targeting gaming enthusiasts via malicious pirated software hosted on cloud services. […]

The post Maranhão Stealer Detection: New Node.js-Based Information-Stealing Malware Applies Reflective DLL Injection appeared first on SOC Prime.

Hot on the heels of the newly identified BQTLOCK ransomware distributed through a full RaaS model, security researchers have detected another major ransomware operation. A previously unknown group, dubbed The Gentlemen, has quickly gained attention for using highly specialized tools and conducting thorough reconnaissance to target critical infrastructure across 17+ regions and multiple sectors. Their […]

The post The Gentlemen Ransomware Detection: New Adversary Campaign Abuses Group Policies and Uses Advanced Tools to Target Critical Organizations appeared first on SOC Prime.

Phishing is widely recognized as a prevalent method of executing social engineering attacks. Defenders have recently identified a highly targeted phishing campaign that delivers the MostereRAT to infiltrate Windows devices. Adversaries take advantage of advanced detection evasion techniques and social engineering, as well as abuse legitimate remote access software, like AnyDesk and TightVNC, enabling them […]

The post MostereRAT Detection: Attackers Abuse AnyDesk and TightVNC for Persistent Access on Windows Systems appeared first on SOC Prime.

The Lazarus Group, a notorious North Korea-backed hacking collective also tracked as APT38, Hidden Cobra, and Dark Seoul, has built a long-standing reputation as one of the most dangerous advanced persistent threat groups. Active since at least 2009, Lazarus has consistently targeted financial institutions and, more recently, cryptocurrency and blockchain businesses to fuel the regime’s […]

The post Lazarus Group Attack Detection: Hackers Expand Their Toolkit with PondRAT, ThemeForestRAT, and RemotePE Malware Strains appeared first on SOC Prime.

In late August, Apple rushed out an emergency update to patch CVE-2025-43300, a critical out-of-bounds write zero-day in iOS, iPadOS, and macOS. But the story doesn’t end there. Security researchers have now uncovered another serious issue: a WhatsApp zero-day vulnerability in its iOS and macOS clients. The flaw, which WhatsApp has since patched, was leveraged […]

The post CVE-2025-55177: Vulnerability in WhatsApp iOS & macOS Messaging Clients Exploited for Zero-Click Attacks appeared first on SOC Prime.

Hot on the heels of the disclosure of CVE-2025-43300, a new zero-day vulnerability impacting iOS, iPadOS, and macOS that is largely leveraged in targeted campaigns, yet another zero-day has surfaced on the cyber threat landscape. CVE-2025-7775 is a critical memory overflow vulnerability in Citrix NetScaler that allows unauthenticated remote code execution and is currently under […]

The post CVE-2025-7775 Vulnerability: A New Critical NetScaler RCE Zero-Day Under Active Exploitation appeared first on SOC Prime.

The China-backed hacking collective tracked as UNC6384 has been observed behind cyber-espionage attacks against diplomats in Southeast Asia and various global organizations in pursuit of Beijing’s strategic objectives. The campaign hijacks web traffic to deliver a signed downloader, leading to the deployment of a PlugX backdoor variant through sophisticated social engineering and evasion techniques. Detect […]

The post UNC6384 Attack Detection: China-Linked Group Targets Diplomats and Hijacks Web Traffic Spreading a PlugX Variant appeared first on SOC Prime.

Ransomware-as-a-Service (RaaS), promoted on dark web forums and popular messaging platforms like Telegram, is an expanding cybercrime model where developers lease ransomware and infrastructure to affiliates through subscriptions or profit-sharing. A newly discovered ransomware strain, named BQTLOCK, has been active since mid-summer 2025, distributed via a full RaaS model, largely leveraging multiple anti-analysis techniques in its […]

The post BQTLOCK Ransomware Detection: New RaaS Operators Employ Advanced Detection Evasion Techniques appeared first on SOC Prime.

As the season shifts from summer to fall, the cyber threat landscape is heating up rather than cooling down. Following the news of the ongoing exploitation of a fresh WinRAR zero-day used to deliver RomCom malware, another zero-day flaw causes a stir in the cyber threat arena. A novel zero-day vulnerability affecting iOS, iPadOS, and […]

The post CVE-2025-43300 Vulnerability: Zero-Day in iOS, iPadOS, and macOS Under Active Exploitation appeared first on SOC Prime.

Docker is one of the backbones of modern enterprise infrastructure, powering cloud-native applications, CI/CD pipelines, and microservices at massive scale. Therefore, vulnerabilities in Docker images and runtimes are particularly dangerous as they can open the door to severe supply-chain attacks, container escapes, data leaks, and even full host compromise.  For instance, in March 2024, a […]

The post CVE-2025-9074: Critical Vulnerability in Docker Desktop Enables Local Container Access to Docker Engine API via Subnet appeared first on SOC Prime.