4+ hour, 5+ min ago  (274+ words) Casbaneiro Campaign Uses WhatsApp, ClickFix and Horbot'SOC Prime SOC Prime Bias: High Unpacking Augmented Marauder's Multi-Pronged Casbaneiro Campaigns Researchers reconstructed the end-to-end chain from the initial attachment through execution of the final payload. They analyzed an HTA stage that triggers…...

1+ day, 4+ hour ago  (220+ words) SOC Prime Bias: High The report references behaviors such as chunked payload delivery that is reassembled in memory, credential-stealing extensions, AI-assisted spear-phishing, and prompt-injection attempts aimed at agentic browsing workflows. It also cites data points indicating a meaningful share of…...

1+ day, 4+ hour ago  (106+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

1+ day, 4+ hour ago  (146+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

6+ day, 9+ hour ago  (254+ words) Add to my AI research Exclusive to SOC Prime users Europol notes that phishing remains the main distribution vector for data-stealing malware, reflecting how email- and URL-driven social engineering remains central to malware delivery. The same pattern is visible across…...

1+ week, 5+ day ago  (392+ words) GlassWorm Supply-Chain Malware and Chrome RAT Threat'SOC Prime SOC Prime Bias: Critical GlassWorm Hides a RAT Inside a Malicious Chrome Extension GlassWorm abuses compromised npm, PyPI, GitHub, and OpenVSX packages to distribute a multi-stage malware platform. Its first stage launches…...

3+ week, 4+ day ago  (591+ words) Add to my AI research Exclusive to SOC Prime users Chrome zero-days continue to pose a major risk for cyber defenders. Earlier this year, Google patched CVE-2026-2441, the first actively exploited Chrome zero-day of 2026. Now, another emergency update has been…...

3+ week, 5+ day ago  (434+ words) Add to my AI research Exclusive to SOC Prime users All rules are mapped to the latest MITRE ATT&CK" framework and are compatible with multiple SIEM, EDR, and Data Lake platforms. Additionally, each rule comes packed with broad metadata,…...

1+ mon, 3+ day ago  (638+ words) Add to my AI research Exclusive to SOC Prime users Steady cadence of Android zero-days marked as exploited in the wild makes its path to 2026. Following CVE-2025-48633 and CVE-2025-48572, two Android Framework bugs Google flagged for active exploitation, defenders keep…...

1+ mon, 3+ week ago  (194+ words) SOC Prime Bias: High Bind the gateway to loopback, enforce authentication, and tighten filesystem permissions. Sandbox high-risk tools the agent can invoke, and only install Skills from trusted sources after review. Limit outbound egress, and run OpenClaw under a low-privilege…...