As part of our ongoing threat hunting efforts, we identified a stealthy Linux backdoor that appears to have gone publicly unnoticed so far. We named it Plague. The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently...
The recently exploited SharePoint vulnerability chain known as ToolShell (CVE-2025-53770) has shown once again that patching alone isn't enough. Attackers gained unauthenticated remote access to vulnerable on-premises SharePoint servers, planted web shells, and...
As part of our commitment to sharing valuable threat intelligence and detection insights, we're excited to announce the launch of a dedicated Twitter account for Nextron Research: @nextronresearch. This account will be our team's platform for sharing detailed...
Introduction Lynx ransomware is a newly emerged and sophisticated malware threat that has been active since mid-2024. Lynx ransomware has claimed over 20 victims across a range of industries. Once it infiltrates a system, it encrypts critical files, appending a...