Mocha Manakin, believed to have ties to Interlock ransomware operations, has been observed using the paste-and-run phishing technique for initial access since at least January 2025. Adversaries deploy a custom NodeJS backdoor, dubbed NodeInitRAT, which enables persistence, reconnaissance, command execution, and payload delivery via HTTP, along with other offensive operations that can potentially lead to […]

The post Mocha Manakin Attack Detection: Hackers Spread a Custom NodeJS Backdoor Dubbed NodeInitRAT Using the Paste-and-Run Technique  appeared first on SOC Prime.

The rapid advancement and widespread adoption of generative AI (GenAI) is reshaping the threat intelligence domain, paving the way for a future where real-time analysis, predictive modeling, and automated threat response become integral to cyber defense strategies. As highlighted in Gartner’s Top Cybersecurity Trends of 2025, GenAI is unlocking new possibilities for organizations to strengthen […]

The post AI Threat Intelligence appeared first on SOC Prime.

Defenders have identified a highly sophisticated campaign orchestrated by the GrayAlpha threat actors. In this campaign, hackers employ fake browser updates and other infection vectors to deliver advanced malicious strains, a newly discovered custom PowerShell loader dubbed PowerNet, and NetSupport RAT. Notably, adversaries behind this campaign are linked to the nefarious, financially motivated group widely […]

The post GrayAlpha Operation Detection: The Fin7-Affiliated Group Spreads PowerNet Loader, NetSupport RAT, and MaskBat Loader appeared first on SOC Prime.

June has been a turbulent month for cyber defenders, marked by a surge of high-profile vulnerabilities shaking the security landscape. Following the exploitation of SimpleRMM flaws by the DragonForce ransomware group and the active use of the CVE-2025-33053 WebDAV zero-day by the Stealth Falcon APT, researchers have now identified yet another critical threat. A newly […]

The post CVE-2025-4123 Vulnerability: “The Grafana Ghost” Zero-Day Enables Malicious Account Hijacking appeared first on SOC Prime.

According to Gartner, by 2029, agentic Artificial Intelligence (AI) will autonomously handle 80% of routine customer service inquiries, cutting operational costs by 30%. Unlike earlier AI models that focused on generating responses or summarizing conversations, agentic AI marks a shift toward systems capable of independently executing tasks. This shift will redefine service interactions, with both […]

The post What Are the Predictions of AI in Cybersecurity? appeared first on SOC Prime.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert notifying about ransomware actors abusing unpatched vulnerabilities in SimpleHelp’s Remote Monitoring and Management (RMM) software—a tactic increasingly used to compromise organizations since early 2025.  With over 21,000 new CVEs already logged by NIST this year, cybersecurity teams are under growing pressure to stay ahead. […]

The post Detect SimpleHelp RMM Vulnerability Exploitation: CISA Warns of Threat Actors Abusing Unpatched Flaws for Persistent Access and Ransomware Deployment appeared first on SOC Prime.

Linux Syscall Threat Detection in Splunk with Uncoder AI How It Works The detection logic here is built around monitoring use of the mknod syscall, which is rarely used in legitimate workflows but can be exploited by attackers to: Create fake block or character devices Interact with kernel interfaces Bypass file system controls or establish […]

The post Linux Syscall Threat Detection in Splunk with Uncoder AI appeared first on SOC Prime.

How It Works The Sigma rule shown is designed to detect Notepad opening files with names suggesting password storage, which may indicate unauthorized credential access or suspicious behavior on Windows systems. Left Panel – Sigma Rule: Looks for process creation events where: Parent process is explorer.exe Child process is notepad.exe Command line contains strings like […]

The post From Sigma to SentinelOne: Detecting Password Access via Notepad with Uncoder AI appeared first on SOC Prime.

Convert Sigma DNS Rules to Cortex XSIAM with Uncoder AI How It Works Uncoder AI reads a Sigma rule designed to detect DNS queries to malicious infrastructure used by Katz Stealer malware, and instantly translates it into native Palo Alto Cortex XSIAM syntax. Left Panel – Sigma Detection: Targets DNS queries to specific Katz Stealer […]

The post Convert Sigma DNS Rules to Cortex XSIAM with Uncoder AI appeared first on SOC Prime.

How It Works The showcased feature translates a Linux-based Sigma rule — specifically targeting the sysinfo system call — into Microsoft Sentinel KQL. This system call provides an attacker with system metadata like uptime, memory usage, and load averages — commonly abused during reconnaissance. Left Panel – Sigma Rule: Targets Linux auditd telemetry for syscall […]

The post Detect Linux Reconnaissance in Microsoft Sentinel with Sigma-to-KQL Conversion appeared first on SOC Prime.