With ASGARD Analysis Cockpit 4.4, we deliver a release that clearly focuses on more efficient analysis, more precise searches, and better prioritization of relevant events. At its core, this version introduces a powerful new query language, complemented by targeted...
Over the past days, many of our customers have seen reports about a critical remote code execution vulnerability in React Server Components (CVE-2025-55182) and the related Next.js vulnerability (CVE-2025-66478). These issues have received a lot of attention and have...
As someone who has spent many years researching attacks and supporting incident response teams, I’ve seen one question come up again and again: How do we return to a verified clean state after an intrusion? In every ransomware case, in every targeted espionage...
Citrix NetScaler appliances are under active attack through CVE-2025-7775 and related vulnerabilities. Even fully patched systems may already be compromised. This post explains how Nextron’s THOR provides agentless compromise detection with YARA and IOC scans — a proven method for identifying webshells, backdoors, and post-exploit artifacts.
We’re pleased to announce a new technology partnership between Nextron and Arctic Wolf, a global leader in security operations, and one of the world’s largest commercial Security Operations Centers (SOCs). As part of the partnership, Arctic Wolf will incorporate...
Abuse of Modular Trust PAM (Pluggable Authentication Modules) is a fundamental part of Linux authentication infrastructure. Its flexibility - designed to support various authentication mechanisms - can be exploited by adversaries. In our analysis, we encountered a...
We are pleased to announce a significant enhancement for users of THOR Cloud and THOR Cloud Lite: YARA Forge rule sets are now available for integration. YARA Forge is a curated, quality-assured feed of YARA rules developed as a private project. It automates the...
In recent days, major security companies such as ReliaQuest and Onapsis have disclosed the active exploitation of CVE-2025-31324, a critical vulnerability in SAP NetWeaver’s Visual Composer component. The vulnerability allows unauthenticated attackers to upload...
Nextron Systems officially announces the End of Life (EOL) and End of Support (EOS) for THOR version 10.6, our former stable forensic scanner version. Effective December 31, 2025, THOR 10.6 will no longer receive updates, maintenance, or technical support. Background...
Are you looking for an efficient, cloud-managed solution to streamline your threat detection and compromise assessments? This Black Friday, we’re offering 50% off all THOR Cloud scan packages. Why THOR Cloud? No Setup Hassle: Start scanning within minutes—no agents or...
We are excited to announce that THOR 10.7 will become the new default scanner version for ASGARD users starting Thursday, November 28th, 2024. This update introduces significant performance enhancements, including faster scan times, improved archive handling, and...
We've updated our Antivirus Event Analysis Cheat Sheet to version 1.14.0. It includes updates in several sections Many new malware and hack tool signature names More interesting folders to monitor more closely The Virustotal assessments line has been reduced You can...
As part of our commitment to sharing valuable threat intelligence and detection insights, we're excited to announce the launch of a dedicated Twitter account for Nextron Research: @nextronresearch. This account will be our team's platform for sharing detailed...
Dear Customers, Due to technical reasons, we need to perform an urgent server migration on August 30th, 2024. This will specifically affect the following servers: update1.nextron-systems.com update2.nextron-systems.com The FQDNs will remain the same, but the...
Since the launch of THOR Cloud Lite in September, our team has been dedicated to developing a more powerful version of THOR Cloud that incorporates the full scanner with its extensive suite of forensic modules and expansive detection signature database. Today, we are...