23+ hour, 23+ min ago  (400+ words) SOC Prime SOC Prime Bias: Critical UAT-10608 Exposed: Automated Credential Theft at Scale Against Web Applications Cisco Talos reports a large-scale operation abusing the React2 Shell weakness in Next. js apps to steal credentials in bulk. The attackers use a purpose-built…...

23+ hour, 23+ min ago  (220+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

23+ hour, 22+ min ago  (120+ words) SOC Prime Bias: Critical The Kimsuky threat actor drops two malicious files to the victim host: The attacker invokes these scripts directly using the native Windows script hosts to stay "living'off'the'land: Both executions generate a Process Creation event with the…...

1+ day, 23+ hour ago  (274+ words) SOC Prime SOC Prime Bias: High Unpacking Augmented Marauder's Multi-Pronged Casbaneiro Campaigns Researchers reconstructed the end-to-end chain from the initial attachment through execution of the final payload. They analyzed an HTA stage that triggers mshta. exe, followed by a two-step…...

2+ day, 23+ hour ago  (220+ words) SOC Prime Bias: High The report references behaviors such as chunked payload delivery that is reassembled in memory, credential-stealing extensions, AI-assisted spear-phishing, and prompt-injection attempts aimed at agentic browsing workflows. It also cites data points indicating a meaningful share of…...

2+ day, 23+ hour ago  (106+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

2+ day, 23+ hour ago  (146+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

1+ week, 1+ day ago  (254+ words) Add to my AI research Exclusive to SOC Prime users Europol notes that phishing remains the main distribution vector for data-stealing malware, reflecting how email- and URL-driven social engineering remains central to malware delivery. The same pattern is visible across…...

1+ week, 6+ day ago  (392+ words) SOC Prime SOC Prime Bias: Critical Glass Worm Hides a RAT Inside a Malicious Chrome Extension Glass Worm abuses compromised npm, Py PI, Git Hub, and Open VSX packages to distribute a multi-stage malware platform. Its first stage launches a…...

3+ week, 6+ day ago  (591+ words) Add to my AI research Exclusive to SOC Prime users Chrome zero-days continue to pose a major risk for cyber defenders. Earlier this year, Google patched CVE-2026-2441, the first actively exploited Chrome zero-day of 2026. Now, another emergency update has been…...