Detect CVE-2025-10035 exploitation attempts, a critical GoAnywhere vulnerability used by the Storm-1175 group, with Sigma rules from SOC Prime Platform.

SOC Prime

07.10.2025

CVE-2025-61882 Vulnerability: A Critical Oracle E-Business Suite Zero-Day Exploited in Cl0p Data Theft Attacks | SOC Prime

Explore CVE-2025-61882 analysis, a critical zero-day vulnerability in Oracle EBS exploited in the wild, with in-depth details on the SOC Prime Blog.

SOC Prime

03.10.2025

UAC-0245 Attack Detection: CABINETRAT Backdoor Used in Targeted Attacks Against Ukraine | SOC Prime

Detect UAC-0245 attacks against Ukraine using CABINETRAT backdoor with curated Sigma rules in the SOC Prime Platform.

SOC Prime

03.10.2025

FunkLocker Ransomware Detection: FunkSec Operators Leverage AI to Target U.S., Europe, and Asia | SOC Prime

Detect FunkLocker ransomware by FunkSec using AI and targeting 100+ organizations in U.S., Europe, and Asia with Sigma rules from SOC Prime Platform.

SOC Prime

02.10.2025

Confluent Sigma: Open Source Solution Guide for Detection Engineers

Learn how to install Confluent Sigma and explore use cases to implement a frictionless pipeline for Detection as Code at enterprise scale.

SOC Prime

01.10.2025

CVE-2025-41244 Vulnerability: A New VMware Tools and Aria Zero-Day Actively Exploited for Privilege Escalation | SOC Prime

Explore details for CVE-2025-41244 zero-day vulnerability in VMware Tools & VMware Aria exploited in the wild, with insights on the SOC Prime blog.

SOC Prime

27.09.2025

BRICKSTORM Malware Detection: UNC5221 and Related China-Backed Actors Target U.S. Legal and Tech Sectors | SOC Prime

Detect BRICKSTORM malware used in stealthy attacks by UNC5221 to target U.S. legal and tech firms with Sigma rules from SOC Prme Platform.

SOC Prime

26.09.2025

CVE-2025-20352 Vulnerability: A Critical Zero-Day in Cisco IOS and IOS XE Software Under Active Exploitation | SOC Prime

Explore details for CVE-2025-20352 zero-day vulnerability in Cisco IOS and IOS XE exploited in the wild, with insights on the SOC Prime blog.

SOC Prime

25.09.2025

CISA Alert AA25-266A: Detecting Malicious Activity Linked to the U.S. Federal Agency Breach via Unpatched GeoServer (CVE-2024-36401) | SOC Prime

Detect attacks exploiting CVE-2024-36401, linked to the U.S. federal agency breach covered in CISA’s AA25-266A alert, with Sigma rules from SOC Prime.

SOC Prime

19.09.2025

CVE-2025-10585 Vulnerability: A New Zero-Day Exploit in Chrome’s V8 JavaScript and WebAssembly Engine Weaponized in Real-World Attacks | SOC Prime

Explore details for CVE-2025-10585 zero-day vulnerability in Chrome’s V8 JavaScript engine exploited in the wild, with insights on our SOC Prime blog.

SOC Prime

19.09.2025

CVE-2025-41248 & CVE-2025-41249: Vulnerabilities in Spring Framework, Spring Security Lead to Authorization Bypass, Expose Sensitive Data | SOC Prime

Explore details of CVE-2025-41248 & CVE-2025-41249 vulnerabilities in Spring Framework and Spring Security, leading to authorization bypass, with an in-depth analysis on SOC Prime blog.

SOC Prime

17.09.2025

Maranhão Stealer Detection: New Node.js-Based Information-Stealing Malware Applies Reflective DLL Injection | SOC Prime

Detect Maranhão stealer that uses reflective DLL injection to steal login credentials with curated Sigma rules from SOC Prime Platform.

SOC Prime

12.09.2025

The Gentlemen Ransomware Detection: New Adversary Campaign Abuses Group Policies and Uses Advanced Tools to Target Critical Organizations | SOC Prime

Detect the Gentlemen ransomware used in a new advanced adversary campaign against global organizations with Sigma rules from SOC Prime Platform.

SOC Prime

10.09.2025

MostereRAT Detection: Attackers Abuse AnyDesk and TightVNC for Persistent Access on Windows Systems | SOC Prime

Detect MostereRAT that employs advanced evasion techniques and is deployed via AnyDesk and TightVNC with Sigma rules from SOC Prime Platform.

SOC Prime

06.09.2025

Lazarus Group Attack Detection: Hackers Expand Their Toolkit with PondRAT, ThemeForestRAT, and RemotePE Malware Strains | SOC Prime

Detect Lazarus Group attacks leveraging PondRAT, ThemeForestRAT, and RemotePE RATs using a set of Sigma rules in the SOC Prime Platform.

SOC Prime

04.09.2025

What’s New in Uncoder: AI Chat Bot & MCP Tools | SOC Prime

Check out the latest Uncoder AI update introducing a new AI Chat Bot and MCP tools to manage any detection engineering task end-to-end.

SOC Prime

04.09.2025

What’s New in Active Threats: Threat of the Month, New AI Search, and Improved Performance | SOC Prime

Discover the latest Active Threats upgrade with Threat of the Month, AI-powered search, improved performance, and broader coverage for more insights.

SOC Prime

03.09.2025

CVE-2025-55177: Vulnerability in WhatsApp iOS & macOS Messaging Clients Exploited for Zero-Click Attacks | SOC Prime

Explore details for CVE-2025-55177, a zero-day vulnerability in WhatsApp iOS and macOS messaging clients, with insights on the SOC Prime blog.

SOC Prime

02.09.2025

CVE-2025-7775 Vulnerability: A New Critical NetScaler RCE Zero-Day Under Active Exploitation | SOC Prime

Explore details for CVE-2025-777 zero-day vulnerability in Citrix NetScaler leading to RCE, with extensive insights on our SOC Prime blog.

SOC Prime

28.08.2025

UNC6384 Attack Detection: China-Linked Group Targets Diplomats and Hijacks Web Traffic Spreading a PlugX Variant | SOC Prime

Detect UNC6384 activity targeting diplomats and hijacking web traffic to drop PlugX malware with Sigma rules from SOC Prime Platform.

SOC Prime

27.08.2025

BQTLOCK Ransomware Detection: New RaaS Operators Employ Advanced Detection Evasion Techniques | SOC Prime

Detect BQTLOCK ransomware operating as RaaS and using advanced detection evasion techniques with Sigma rules from SOC Prime Platform

SOC Prime

25.08.2025

CVE-2025-43300 Vulnerability: Zero-Day in iOS, iPadOS, and macOS Under Active Exploitation | SOC Prime

Explore details for CVE-2025-43300, a new zero-day flaw in iOS, iPadOS & macOS exploited in the wild, with expert insights on SOC Prime blog.

SOC Prime

25.08.2025

CVE-2025-9074: Critical Vulnerability in Docker Desktop Enables Local Container Access to Docker Engine API via Subnet | SOC Prime

Explore details of CVE-2025-2025, a critical Docker Desktop vulnerability enabling privileged host access for attackers, with an in-depth analysis on SOC Prime blog.

SOC Prime

25.08.2025

Crypto24 Ransomware Detection: Hackers Hit Large Organizations via Legitimate Tools and Custom Malware to Stay Under the Radar | SOC Prime

Detect Crypto24 ransomware group attacks against large organizations using advanced evasion techniques with Sigma rules from SOC Prime Platform.

SOC Prime

12.08.2025

CVE-2025-8088 Detection: WinRAR Zero-Day Is Actively Exploited in the Wild to Install RomCom Malware | SOC Prime

Detect CVE-2025-8088 WinRAR zero-day exploitation for RomCom malware delivery using a set of Simga rules in the SOC Prime Platform.

SOC Prime

08.08.2025

UAC-0099 Attack Detection: Hackers Target Government and Defense Agencies in Ukraine Using MATCHBOIL, MATCHWOK, and DRAGSTARE Malware | SOC Prime

Detect UAC-0099 attacks against Ukraine using MATCHBOIL, MATCHWOK, and DRAGSTARE malware with curated Sigma rules from SOC Prime Platform.

SOC Prime

08.08.2025

Secret Blizzard Attack Detection: russia-Backed APT Targets Foreign Embassies in Moscow With ApolloShadow Malware | SOC Prime

Detect Secret Blizzard activity using ApolloShadow malware to spy on foreign embassies with a set of Sigma rules in the SOC Prime Platform.

SOC Prime

01.08.2025

CVE-2025-8292: Use-After-Free Vulnerability in Google Chrome Leads to RCE and System Compromise | SOC Prime

Explore details of CVE-2025-8292, a new Google Chrome vulnerability leading to memory hijack and RCE with an in-depth analysis on SOC Prime blog.

SOC Prime

30.07.2025

Koske Malware Detection: New AI-Generated Linux Threat in the Wild | SOC Prime

Detect the Koske Linux malware developed using AI for cryptomining using curated Sigma rules from SOC Prime Platform.

SOC Prime

29.07.2025

CVE-2025-6558 Vulnerability: Google Chrome Zero-Day Under Active Exploitation | SOC Prime

Explore details for CVE-2025-6558, a new Google Chrome zero-day vulnerability exploited in the wild, with expert insights on SOC Prime blog.

SOC Prime

29.07.2025

UAC-0001 (APT28) Attack Detection: The russia-Backed Actor Uses LLM-Powered LAMEHUG Malware to Target Security and Defense Sector | SOC Prime

Detect UAC-0001 (APT28) attacks using LLM-powered LAMEHUG malware covered in the CERT-UA#16039 alert with Sigma rules from SOC Prime Platform.

SOC Prime

29.07.2025

CVE-2025-53770 Detection: Microsoft SharePoint Zero-Day Vulnerability Is Actively Exploited for RCE Attacks | SOC Prime

Detect CVE-2025-535770 exploitation attempts, a new critical Microsoft SharePoint zero-day exploited in the wild, with Sigma rules from SOC Prime Platform.

SOC Prime

29.07.2025

Epsilon Red Ransomware Detection: New Adversary Campaign Targeting Users Globally via ClickFix | SOC Prime

Detect new Epsilon red ransomware attacks using a ClickFix-themed malware delivery page with a set of Sigma rules from SOC Prime Platform.

SOC Prime

29.07.2025

Interlock Ransomware Detection: The FBI, CISA, and Partners Issue Joint Alert on Massive Attacks via the ClickFix Social Engineering Technique | SOC Prime

Detect Interlock ransomware activity covered in CISA’s aa25-203a alert using a set of Sigma rules in the SOC Prime Platform.

SOC Prime

16.07.2025

Interlock Ransomware Detection: Adversaries Deploy a Novel PHP-Based RAT Variant via FileFix | SOC Prime

Detect Interlock ransomware group attacks deploying a new PHP-based RAT via FileFix with curated Sigma rules from SOC Prime Platform.

SOC Prime

15.07.2025

CVE-2025-25257 Vulnerability: Critical SQL Injection in Fortinet FortiWeb Enables Unauthenticated Remote Code Execution | SOC Prime

Explore the details for CVE-2025-25257, a critical SQL injection vulnerability in FortiWeb, with an in-depth analysis on our SOC Prime blog.

SOC Prime

11.07.2025

BERT Ransomware Group Activity Detection: Attacks Across Asia, Europe, and the U.S. Targeting Windows and Linux Platforms | SOC Prime

Detect BERT ransomware attacks against your organization using a set of Sigma rules in the SOC Prime Platform.

SOC Prime

11.07.2025

CVE-2025-47981: Critical Heap-Based Buffer Overflow Vulnerability in Windows SPNEGO Extended Negotiation Leads to RCE | SOC Prime

Explore the details for the CVE-2025-47981 vulnerability in Windows SPNEGO that could lead to RCE with an in-depth analysis on SOC Prime blog.

SOC Prime

05.07.2025

CVE-2025-5777 Detection: A New Critical Vulnerability Dubbed “CitrixBleed 2” in NetScaler ADC Faces Exploitation Risk | SOC Prime

Detect CVE-2025-5777 exploitation attempts, a new critical NetScaler ADC vulnerability, with a curated Sigma rule from SOC Prime Platform.

SOC Prime

03.07.2025

CVE-2025-32463 and CVE-2025-32462: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments | SOC Prime

Explore details for CVE-2025-32463 and CVE-2025-32462, Sudo local privilege escalation vulnerabilities, with an analysis on SOC Prime blog.

home›SOC Prime›Software

SOC Prime - Software

CVE-2025-10035 Detection: Storm-1175 Exploits a Critical Fortra GoAnywhere MFT Vulnerability to Deploy Medusa Ransomware | SOC Prime

CVE-2025-61882 Vulnerability: A Critical Oracle E-Business Suite Zero-Day Exploited in Cl0p Data Theft Attacks | SOC Prime

UAC-0245 Attack Detection: CABINETRAT Backdoor Used in Targeted Attacks Against Ukraine | SOC Prime

FunkLocker Ransomware Detection: FunkSec Operators Leverage AI to Target U.S., Europe, and Asia | SOC Prime

Confluent Sigma: Open Source Solution Guide for Detection Engineers

CVE-2025-41244 Vulnerability: A New VMware Tools and Aria Zero-Day Actively Exploited for Privilege Escalation | SOC Prime

BRICKSTORM Malware Detection: UNC5221 and Related China-Backed Actors Target U.S. Legal and Tech Sectors | SOC Prime

CVE-2025-20352 Vulnerability: A Critical Zero-Day in Cisco IOS and IOS XE Software Under Active Exploitation | SOC Prime

CISA Alert AA25-266A: Detecting Malicious Activity Linked to the U.S. Federal Agency Breach via Unpatched GeoServer (CVE-2024-36401) | SOC Prime

CVE-2025-10585 Vulnerability: A New Zero-Day Exploit in Chrome’s V8 JavaScript and WebAssembly Engine Weaponized in Real-World Attacks | SOC Prime

CVE-2025-41248 & CVE-2025-41249: Vulnerabilities in Spring Framework, Spring Security Lead to Authorization Bypass, Expose Sensitive Data | SOC Prime

Maranhão Stealer Detection: New Node.js-Based Information-Stealing Malware Applies Reflective DLL Injection | SOC Prime

The Gentlemen Ransomware Detection: New Adversary Campaign Abuses Group Policies and Uses Advanced Tools to Target Critical Organizations | SOC Prime

MostereRAT Detection: Attackers Abuse AnyDesk and TightVNC for Persistent Access on Windows Systems | SOC Prime

Lazarus Group Attack Detection: Hackers Expand Their Toolkit with PondRAT, ThemeForestRAT, and RemotePE Malware Strains | SOC Prime

What’s New in Uncoder: AI Chat Bot & MCP Tools | SOC Prime

What’s New in Active Threats: Threat of the Month, New AI Search, and Improved Performance | SOC Prime

CVE-2025-55177: Vulnerability in WhatsApp iOS & macOS Messaging Clients Exploited for Zero-Click Attacks | SOC Prime

CVE-2025-7775 Vulnerability: A New Critical NetScaler RCE Zero-Day Under Active Exploitation | SOC Prime

UNC6384 Attack Detection: China-Linked Group Targets Diplomats and Hijacks Web Traffic Spreading a PlugX Variant | SOC Prime

BQTLOCK Ransomware Detection: New RaaS Operators Employ Advanced Detection Evasion Techniques | SOC Prime

CVE-2025-43300 Vulnerability: Zero-Day in iOS, iPadOS, and macOS Under Active Exploitation | SOC Prime

CVE-2025-9074: Critical Vulnerability in Docker Desktop Enables Local Container Access to Docker Engine API via Subnet | SOC Prime

Crypto24 Ransomware Detection: Hackers Hit Large Organizations via Legitimate Tools and Custom Malware to Stay Under the Radar | SOC Prime

CVE-2025-8088 Detection: WinRAR Zero-Day Is Actively Exploited in the Wild to Install RomCom Malware | SOC Prime

UAC-0099 Attack Detection: Hackers Target Government and Defense Agencies in Ukraine Using MATCHBOIL, MATCHWOK, and DRAGSTARE Malware | SOC Prime

Secret Blizzard Attack Detection: russia-Backed APT Targets Foreign Embassies in Moscow With ApolloShadow Malware | SOC Prime

CVE-2025-8292: Use-After-Free Vulnerability in Google Chrome Leads to RCE and System Compromise | SOC Prime

Koske Malware Detection: New AI-Generated Linux Threat in the Wild | SOC Prime

CVE-2025-6558 Vulnerability: Google Chrome Zero-Day Under Active Exploitation | SOC Prime

UAC-0001 (APT28) Attack Detection: The russia-Backed Actor Uses LLM-Powered LAMEHUG Malware to Target Security and Defense Sector | SOC Prime

CVE-2025-53770 Detection: Microsoft SharePoint Zero-Day Vulnerability Is Actively Exploited for RCE Attacks | SOC Prime

Epsilon Red Ransomware Detection: New Adversary Campaign Targeting Users Globally via ClickFix | SOC Prime

Interlock Ransomware Detection: The FBI, CISA, and Partners Issue Joint Alert on Massive Attacks via the ClickFix Social Engineering Technique | SOC Prime

Interlock Ransomware Detection: Adversaries Deploy a Novel PHP-Based RAT Variant via FileFix | SOC Prime

CVE-2025-25257 Vulnerability: Critical SQL Injection in Fortinet FortiWeb Enables Unauthenticated Remote Code Execution | SOC Prime

BERT Ransomware Group Activity Detection: Attacks Across Asia, Europe, and the U.S. Targeting Windows and Linux Platforms | SOC Prime

CVE-2025-47981: Critical Heap-Based Buffer Overflow Vulnerability in Windows SPNEGO Extended Negotiation Leads to RCE | SOC Prime

CVE-2025-5777 Detection: A New Critical Vulnerability Dubbed “CitrixBleed 2” in NetScaler ADC Faces Exploitation Risk | SOC Prime

CVE-2025-32463 and CVE-2025-32462: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments | SOC Prime

home
›
SOC Prime
›
Software