As someone who has spent many years researching attacks and supporting incident response teams, I’ve seen one question come up again and again: How do we return to a verified clean state after an intrusion? In every ransomware case, in every targeted espionage...
After many years of successful collaboration, Nextron Systems and BETTA Security are pleased to announce a deepening of their partnership on the occasion of it-sa 2025. Nextron Systems, a software group backed by private equity investor BID Equity, has acquired a...
As a trusted provider of advanced compromise assessment tools, Nextron Systems will be present at it-sa 2025, Europe’s leading trade fair for IT security. Join us in Hall 7 at Stand 7-353 to learn more about our portfolio of forensic cybersecurity solutions developed...
Citrix NetScaler appliances are under active attack through CVE-2025-7775 and related vulnerabilities. Even fully patched systems may already be compromised. This post explains how Nextron’s THOR provides agentless compromise detection with YARA and IOC scans — a proven method for identifying webshells, backdoors, and post-exploit artifacts.
Our analysis uncovered a phishing campaign targeting organizations in India, leveraging spear-phishing techniques reminiscent of Operation Sindoor. What makes this activity stand out is the use of a Linux-focused infection method that relies on weaponized .desktop...
We’re pleased to announce a new technology partnership between Nextron and Arctic Wolf, a global leader in security operations, and one of the world’s largest commercial Security Operations Centers (SOCs). As part of the partnership, Arctic Wolf will incorporate...
Despite extensive guidance from national authorities, several prominent UK organizations have recently suffered significant cyber attacks. Incidents at Colt Technology Services, Marks & Spencer, and Flutter Entertainment demonstrate that adherence to security...
We are pleased to announce the release of ASGARD Analysis Cockpit v4.3, an important update from version 4.2. This new version introduces a redesigned user interface for a more consistent and user-friendly experience, the Case Intelligence feature that provides...
Many of our customers value the broad module support and high detection coverage found in our professional-grade products. However, we are also committed to continuously improving our free tools, ensuring that the gap in detection capabilities does not grow too wide....
We’re introducing Webhooks in THOR Cloud — a new feature that delivers event-driven notifications and facilitates integration with your existing systems. Webhooks allow you to subscribe to specific events and automatically receive event data as soon as those events...
As part of our ongoing threat hunting efforts, we identified a stealthy Linux backdoor that appears to have gone publicly unnoticed so far. We named it Plague. The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently...
Aurora is a lightweight endpoint agent that applies Sigma rules and IOCs directly to Windows system events reconstructed from Event Tracing for Windows (ETW). Unlike traditional logging tools or Sysmon, Aurora subscribes to raw ETW streams and transforms them into...
Persistence is a cornerstone tactic for both threat actors and red‑teamers, allowing them to cling to a compromised system even after reboots, credential resets, or other disruptions that might otherwise cut them off. MITRE ATT&CK places these activities in...
The recently exploited SharePoint vulnerability chain known as ToolShell (CVE-2025-53770) has shown once again that patching alone isn't enough. Attackers gained unauthenticated remote access to vulnerable on-premises SharePoint servers, planted web shells, and...
We are excited to announce a strategic partnership between Nextron Systems and Threatray AG. This collaboration aims to significantly enhance our existing threat detection capabilities and further improve the precision and sensitivity of our detection signatures....