Our analysis uncovered a phishing campaign targeting organizations in India, leveraging spear-phishing techniques reminiscent of Operation Sindoor. What makes this activity stand out is the use of a Linux-focused infection method that relies on weaponized .desktop...
Despite extensive guidance from national authorities, several prominent UK organizations have recently suffered significant cyber attacks. Incidents at Colt Technology Services, Marks & Spencer, and Flutter Entertainment demonstrate that adherence to security...
Many of our customers value the broad module support and high detection coverage found in our professional-grade products. However, we are also committed to continuously improving our free tools, ensuring that the gap in detection capabilities does not grow too wide....
As part of our ongoing threat hunting efforts, we identified a stealthy Linux backdoor that appears to have gone publicly unnoticed so far. We named it Plague. The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently...
We are excited to announce a strategic partnership between Nextron Systems and Threatray AG. This collaboration aims to significantly enhance our existing threat detection capabilities and further improve the precision and sensitivity of our detection signatures....
Antivirus engines and EDRs have their place – no doubt. But what happens when malware simply slips through their nets? What if the malicious file was never executed? What if the incident happened months ago? That’s where THOR comes in. Our compromise assessment...
Obfuscation is a technique widely used by cybercriminals, Advanced Persistent Threat (APT) groups, and even red-teaming operations. APTs, in particular, rely on obfuscation to remain undetected within networks for extended periods. However, modern malware, ransomware,...
Security strategies often assume that systems can be patched, upgraded, or replaced. In reality, many critical environments operate on legacy platforms where these options are impractical. Industrial control networks, healthcare systems, and government infrastructure...
Many organizations make a critical mistake when responding to actively exploited zero-day vulnerabilities: they patch but don’t investigate. Think about it this way: If your front door was left wide open for weeks, would you just lock it and walk away? If attackers...
In my 2024 article, Cyber Security 2024: Key Trends Beyond the Hype, I aimed to stay rational and avoid hype—especially around AI—and pointed out that most real-world attacks still involved unpatched systems, weak credentials, and social engineering. Over the past...
According to recent reports, cyberattacks rose by 75% in the third quarter of 2024 compared to the same period in the previous year and by 15% compared to the second quarter of 2024. This alarming trend clearly shows that companies are more than ever required to...
Introduction Lynx ransomware is a newly emerged and sophisticated malware threat that has been active since mid-2024. Lynx ransomware has claimed over 20 victims across a range of industries. Once it infiltrates a system, it encrypts critical files, appending a...
Understanding the importance of web shell detection is crucial in today’s cybersecurity landscape. Traditional antivirus solutions often fall short, but specialized tools like Nextron’s THOR APT scanner provide advanced protection against these stealthy threats, ensuring comprehensive security.
Back in January 2023 Group-IB first reported and documented the TTPs of DarkPink, an APT group that targets the Asia-Pacific regions. We’ve been monitoring KamiKakaBot samples since September of last year. And at the start of this year in January we’ve noticed 2 new...
YARA and Sigma Rule FeedBoost your detection capabilities with the power of thousands of hand-crafted high-quality YARA and Sigma rules.[dipi_button_grid flex_direction="row" justify_content="flex-start" _builder_version="4.27.4" _module_preset="default" width="80%"...