The russian hackers target Ukraine again in new campaigns against a major business services company and a local state body using LotL and dual-use tools & a custom Sandworm-linked webshell. Detect attacks with Sigma rules from SOC Prime Platform.

https://socprime.com/blog/russian-hackers-target-ukrainian-organizations/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

Security isn’t a checkbox — it’s who we are. SOC Prime has achieved SOC 2 Type II compliance for the 5th year in a row, proving our continued dedication to the highest security standards.

👉 Read more: https://socprime.com/news/soc-prime-5-years-of-soc-2-type-ii-compliance/

CVE-2025-59287, a new critical RCE vulnerability in Microsoft WSUS systems, is under active exploitation. With a PoC out, rapid detection is a must. Timely spot exploitation attempts with curated detections from SOC Prime Platform.
https://socprime.com/blog/cve-2025-59287-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

Complex attacks don’t follow a straight line — are you seeing the full chain?

Attack Flow v3.0.0 by Center for Threat-Informed Defense is a game-changing approach to visualizing threat behavior. SOC Prime takes it further.

🔗 https://socprime.com/blog/attack-flow-v3/

#mirte #cybersecurity #threatintelligence

CERT-UA reports a new spearphishing campaign by UA-0239 targeting the Ukrainian Defense Forces and local government bodies, deploying OrcaC2 and FILEMESS stealer. Detect attacks with curated Sigma rules available in the SOC Prime Platform.
https://socprime.com/blog/uac-0239-attack-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=cert-ua&utm_content=blog-post

Storm-1175 group exploits CVE-2025-10035, a critical GoAnywhere MFT vulnerability enabling command injection & RCE, followed by deployment of Medusa ransomware. Stay ahead of the threat with curated detection content from SOC Prime Platform.
https://socprime.com/blog/detect-cve-2025-10035-exploitation/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

Oracle has released an emergency update to address a critical RCE vulnerability (CVE-2025-61882) in its E-Business Suite, which has been actively exploited in recent Cl0p ransomware data theft attacks. Detect potential exploitation attempts using a set of Sigma rules in the SOC Prime Platform.

https://socprime.com/blog/cve-2025-61882-zero-day-vulnerability/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

AI ransomware on the rise! FunkLocker is a new AI-based ransomware strain by FunkLocker that has already hit 100+ organizations in the U.S., Europe, and Asia. Stay ahead of ransomware attacks with curated detection rules from SOC Prime Platform.
https://socprime.com/blog/detect-funklocker-ransomware-by-funksec/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

CERT-UA warns defenders of targeted attacks against the Ukrainian military entities by the UAC-0245 threat group using CABINETRAT backdoor spread via Excel XLL add-ins shared over Signal. Detect malicious activity with Sigma rules in the SOC Prime Platform.
https://socprime.com/blog/detect-uac-0245-attacks/?utm_source=mastodon&utm_medium=social&utm_campaign=cert-ua&utm_content=blog-post

Rely on zero-trust, multi-cloud, and cost-efficient security operations backed by AWS and SOC Prime innovation to future-proof your cyber resilience.
https://my.socprime.com/amazon-web-services/

Detect BRICKSTORM, a stealthy backdoor used by China-nexus UNC5221 APT in targeted cyber-espionage campaigns against U.S. legal & tech firms, with the latest CTI and curated Sigma rules in the SOC Prime Platform.

https://socprime.com/blog/brickstorm-backdoor-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

The latest CISA alert warns of a major threat posed by CVE-2024-36401, an unauthenticated RCE vulnerability in GeoServer exploited to breach a U.S. federal agency. Detect related TTPs using a set of Sigma rules in the SOC Prime Platform.
https://socprime.com/blog/detect-attack-using-cve-2024-36401-aa25-266a-cisa-alert/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

Outsmart adversaries with SOC Prime's hands-on training based on real-life scenarios. Dive into critical concepts, improve practical skills, and accelerate threat hunting and detection engineering maturity through enhanced expertise.

Learn more: https://my.socprime.com/detection-engineering-and-threat-hunting-training/

Maranhão Stealer targets gamers via cloud-hosted pirated software, using social engineering, reflective DLL injection, and advanced stealth methods to hijack credentials and crypto wallets. Detect attacks with Sigma rules from SOC Prime Platform.
https://socprime.com/blog/maranhao-stealer-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

The new Gentlemen ransomware group exploits privileged accounts and evades defenses with advanced techniques targeting critical organizations in 17+ countries. Proactively detect ransomware attacks with curated Sigma rules from SOC Prime Platform.
https://socprime.com/blog/the-gentlemen-ransomware-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

Knowledge Bits are bite-sized insights by SOC Prime experts to resolve common SIEM, EDR, and Data Lake hurdles.
Dive in now: https://socprime.com/blog/#knowledge_bits

Detect MostereRAT attacks, a stealthy phishing-driven threat leveraging AnyDesk and TightVNC to sustain long-term control over compromised Windows systems, using Sigma rules in the SOC Prime Platform.
https://socprime.com/blog/mostere-rat-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

Join SOC Prime's Discord community to be the first to know about emerging threats and network with cybersecurity experts.

Start now: https://discord.gg/ec6JQbPbzb

New BQTLOCK ransomware operates as RaaS and uses advanced detection evasion techniques to stay under the radar. Proactively detect emerging ransomware attacks using curated Sigma rules from SOC Prime Platform.
https://socprime.com/blog/bqtlock-ransomware-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post

Crypto24 ransomware group hits high-profile organizations across the US, Europe, and Asia using a mix of legitimate tools and custom malware to stay under the radar. Detect sophisticated ransomware attacks with Sigma rules from SOC Prime Platform.
https://socprime.com/blog/crypto24-ransomware-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post