2+ day, 11+ hour ago  (394+ words) SOC Prime SOC Prime Bias: Medium From PDB Strings to Maa S: Tracking a Commodity Bad IIS Ecosystem Cisco Talos identified a Bad IIS malware variant marked by embedded demo. pdb strings and linked it to a malware-as-a-service ecosystem used by…...

2+ day, 11+ hour ago  (280+ words) SOC Prime SOC Prime Bias: Medium UAC-0057 Updates Its Toolkit with OYSTERFRESH, OYSTERSHUCK, and OYSTERBLUES CERT-UA has reported a phishing campaign aimed at Ukrainian government organizations. The emails contain PDF attachments that redirect recipients to ZIP archives carrying malicious Java…...

2+ day, 7+ hour ago  (375+ words) Add to my AI research Exclusive to SOC Prime users The current details for CVE-2026-9082 also matter because the scope is narrower than a generic "all Drupal sites" headline suggests. Drupal's advisory says the SQL injection issue only affects sites…...

2+ day, 12+ hour ago  (181+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

2+ day, 18+ hour ago  (346+ words) SOC Prime SOC Prime Bias: Critical NG0002 Targets Chinese Academia with Weaponized Institutional Lures A threat actor tracked as UNG0002 launched a spear-phishing campaign against Chinese universities using a malicious ZIP archive disguised as an official fitness testing notice. Inside the archive…...

2+ day, 18+ hour ago  (163+ words) SOC Prime Bias: Medium Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

4+ day, 2+ hour ago  (317+ words) SOC Prime SOC Prime Bias: Medium SHub Reaper | mac OS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain The report analyzes a new mac OS infostealer variant called SHub Reaper, which uses fake We Chat and Miro…...

6+ day, 5+ hour ago  (124+ words) SOC Prime Bias: Medium Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

6+ day, 6+ hour ago  (400+ words) SOC Prime SOC Prime Bias: Medium Pure Logs Delivered Through Paws Runner Steganography The campaign relies on a phishing email carrying a TXZ archive that delivers a Java Script loader, which sets environment variables and launches conhost. exe in headless…...

1+ week, 2+ day ago  (215+ words) Add to my AI research Exclusive to SOC Prime users What is CVE-2026-42897 and how does it work? CVE-2026-42897 is a spoofing flaw in on-prem Microsoft Exchange Server caused by a cross-site scripting issue in OWA-related web content generation. A…...