1+ hour, 14+ min ago  (215+ words) Add to my AI research Exclusive to SOC Prime users What is CVE-2026-42897 and how does it work? CVE-2026-42897 is a spoofing flaw in on-prem Microsoft Exchange Server caused by a cross-site scripting issue in OWA-related web content generation. A…...

1+ week, 2+ day ago  (436+ words) SOC Prime SOC Prime Bias: Critical Media Company Cloud Z RAT potentially steals OTP messages using Pheno plugin Cisco Talos identified an intrusion in which attackers deployed the Cloud Z remote access trojan together with a custom plugin called Pheno....

1+ week, 2+ day ago  (467+ words) SOC Prime SOC Prime Bias: Medium VENOMOUS#HELPER: Dual-RMM Phishing Campaign Uses JWrapper-Packed Simple Help and Screen Connect for Silent Remote Access A phishing campaign has been using a compromised Mexican website to distribute a JWrapper-packed executable that installs the…...

1+ week, 3+ day ago  (256+ words) SOC Prime Bias: Critical Rationale: This section details the precise execution of the adversary technique (TTP) designed to trigger the detection rule. The commands and narrative MUST directly reflect the TTPs identified and aim to generate the exact telemetry expected…...

1+ mon, 1+ week ago  (274+ words) SOC Prime SOC Prime Bias: High Unpacking Augmented Marauder's Multi-Pronged Casbaneiro Campaigns Researchers reconstructed the end-to-end chain from the initial attachment through execution of the final payload. They analyzed an HTA stage that triggers mshta. exe, followed by a two-step…...

3+ mon, 1+ week ago  (222+ words) SOC Prime Bias: Medium Threat actors are hosting German-language "voicemail" landing pages that entice users to download a BAT file. The script plays a benign audio decoy while quietly installing the legitimate Remotely remote monitoring tool. Once deployed, the RMM…...