1+ week, 1+ day ago  (346+ words) SOC Prime SOC Prime Bias: Critical NG0002 Targets Chinese Academia with Weaponized Institutional Lures A threat actor tracked as UNG0002 launched a spear-phishing campaign against Chinese universities using a malicious ZIP archive disguised as an official fitness testing notice. Inside the archive…...

1+ week, 3+ day ago  (317+ words) SOC Prime SOC Prime Bias: Medium SHub Reaper | mac OS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain The report analyzes a new mac OS infostealer variant called SHub Reaper, which uses fake We Chat and Miro…...

1+ week, 5+ day ago  (400+ words) SOC Prime SOC Prime Bias: Medium Pure Logs Delivered Through Paws Runner Steganography The campaign relies on a phishing email carrying a TXZ archive that delivers a Java Script loader, which sets environment variables and launches conhost. exe in headless…...

3+ week, 2+ day ago  (293+ words) SOC Prime SOC Prime Bias: Critical Iranian-Nexus Attack Exposes 26, 000 Citizen Records in Oman A state-aligned Iranian threat actor compromised multiple government ministries in Oman by using webshells, Proxy Shell exploits, and a custom command-and-control environment hosted on a UAE-based VPS....

3+ week, 4+ day ago  (460+ words) SOC Prime SOC Prime Bias: Critical Business search APT & Targeted Attacks Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia A China-aligned threat cluster tracked as SHADOW-EARTH-053 has been exploiting unpatched Microsoft Exchange and IIS servers…...

3+ mon, 2+ week ago  (350+ words) SOC Prime SOC Prime Bias: Critical DYNOWIPER: Destructive Malware Targeting Poland's Energy Sector In late December 2025, a coordinated destructive campaign struck Poland's energy infrastructure, compromising at scale more than thirty renewable sites and a large combined heat and power plant....

4+ mon, 1+ day ago  (469+ words) Technical analysis of two campaigns (Gopher Strike and Sheet Attack) attributed to a Pakistan-linked APT targeting Indian government entities. The activity uses Golang tooling (GOGITTER, GITSHELLPAD, GOSHELL) to deliver payloads via spear-phishing PDFs and malicious ISO files, leverages private Git…...

4+ mon, 2+ week ago  (458+ words) SOC Prime SOC Prime Bias: High Inside Safe Pay: Analyzing the New Centralized Ransomware Group Safe Pay is a recently surfaced ransomware operation that appears to run as a tightly controlled, centralized group rather than a typical Ransomware-as-a-Service ecosystem. The…...