Over the past few months, we have analyzed many infection chains that all start in a very similar way: malicious advertisements placed on legitimate websites. These ads lure users into downloading "converter" tools that promise to convert images or documents (for...
In our previous publication, we detailed our internal artifact-scanning service that continuously monitors packages from multiple sources to detect malicious packages and supply chain attacks. While this automated scanning capability has proven invaluable for threat...
Over the past days, many of our customers have seen reports about a critical remote code execution vulnerability in React Server Components (CVE-2025-55182) and the related Next.js vulnerability (CVE-2025-66478). These issues have received a lot of attention and have...
Yesterday we published a short write-up about the malicious VS Code extension posing as “Material Icon Theme”. That post covered the discovery, the extension’s release timeline, and the fact that version 5.29.1 shipped with two Rust implants. This follow-up focuses on...
Recently, we investigated a highly sophisticated malware campaign that combines multiple layers of obfuscation, endpoint security tampering, and kernel-level tricks. The operators hide behind repackaged installers for popular tools such as Telegram, WinSCP, Google...
Over the last weeks we’ve been running a new internal artifact-scanning service across several large ecosystems. It’s still growing feature-wise, LLM scoring and a few other bits are being added, but the core pipeline is already pulling huge amounts of stuff every...
As someone who has spent many years researching attacks and supporting incident response teams, I’ve seen one question come up again and again: How do we return to a verified clean state after an intrusion? In every ransomware case, in every targeted espionage...
After many years of successful collaboration, Nextron Systems and BETTA Security are pleased to announce a deepening of their partnership on the occasion of it-sa 2025. Nextron Systems, a software group backed by private equity investor BID Equity, has acquired a...
As a trusted provider of advanced compromise assessment tools, Nextron Systems will be present at it-sa 2025, Europe’s leading trade fair for IT security. Join us in Hall 7 at Stand 7-353 to learn more about our portfolio of forensic cybersecurity solutions developed...
Citrix NetScaler appliances are under active attack through CVE-2025-7775 and related vulnerabilities. Even fully patched systems may already be compromised. This post explains how Nextron’s THOR provides agentless compromise detection with YARA and IOC scans — a proven method for identifying webshells, backdoors, and post-exploit artifacts.
Our analysis uncovered a phishing campaign targeting organizations in India, leveraging spear-phishing techniques reminiscent of Operation Sindoor. What makes this activity stand out is the use of a Linux-focused infection method that relies on weaponized .desktop...
We’re pleased to announce a new technology partnership between Nextron and Arctic Wolf, a global leader in security operations, and one of the world’s largest commercial Security Operations Centers (SOCs). As part of the partnership, Arctic Wolf will incorporate...
Despite extensive guidance from national authorities, several prominent UK organizations have recently suffered significant cyber attacks. Incidents at Colt Technology Services, Marks & Spencer, and Flutter Entertainment demonstrate that adherence to security...
We are pleased to announce the release of ASGARD Analysis Cockpit v4.3, an important update from version 4.2. This new version introduces a redesigned user interface for a more consistent and user-friendly experience, the Case Intelligence feature that provides...
Many of our customers value the broad module support and high detection coverage found in our professional-grade products. However, we are also committed to continuously improving our free tools, ensuring that the gap in detection capabilities does not grow too wide....