Security teams today face an uncomfortable paradox: the tools designed to strengthen defenses often flood them with alerts. As threat volumes rise and attacks evolve faster than ever, manual triage and containment simply cannot keep up. Automated incident response (IR) bridges that gap. It uses predefined logic, integrations, and validation
As organizations move toward Cybersecurity Maturity Model Certification (CMMC), they must prove they can identify, analyze, and respond to cyber threats. Whether preparing for Level 2 or aiming for Level 3, the ability to investigate advanced attacks with confidence is no longer optional but essential. CMMC Level 2 introduces practices
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In September 2025,
If you’re tracking fast-moving malware (think infostealers, loaders, cryptominers) and drowning in indicators, VMRay UniqueSignal + OpenCTI gives you high-fidelity, malware-centric context you can act on—without building a heavy/spaghetti enrichment pipeline. This post lays out 5 real problems security teams face and how this integration solves them, with concrete use
Over the last 6–9 months, we have witnessed many CISOs and their teams have been making strategic decisions about how they approach and harden their malware and phishing defenses: I had a chance to observe and discuss at the Gartner Risk & Security Summit in London last week. Here are
Overview As announced In our VMRay 2025.3 Release highlights blogpost, our phishing detections on cloud are now powered with Computer Vision capabilities. This allows VMRay’s threat identifiers ( VTIs ) to detect brands and page structures based on how they appear to the end user, which makes them more resilient
Learning from an Attack: How the VMRay + SentinelOne Integration Delivers Full Threat Context Through Automated Malware Analysis Introduction When a cyberattack hits, stopping it is only half the battle — understanding what the attacker was trying to do is the other half. That’s where the VMRay + SentinelOne integration
Updated on 2025-10-14 The threat intelligence lifecycle is a structured six-stage process that transforms raw, unfiltered threat data into actionable intelligence. It provides security teams with a systematic approach to identify, contextualize, and mitigate cyber threats effectively. Unlike traditional threat detection, which often reacts to alerts after suspicious activity is
Phishing attacks hit organizations every 30 seconds. Cybercriminals are getting bolder and smarter, targeting businesses with fake emails, malicious links, and convincing scams that even trained employees can fall for. In this guide, we’ll break down everything you need to know about anti-phishing software: what it is, how it works,
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In August 2025,
Automation and AI are reshaping how Security Operations C enters (SOCs) work. That’s a good thing, but only if the systems you automate and the models you train are fed high-quality, reliable data. When you hand decision-making to AI-assisted investigators or automated playbooks, you need the behavioral truth. You need
Introduction Scalable Vector Graphics (SVG) files are increasingly being abused as initial phishing vectors. By embedding scriptable content directly in standalone “.svg” files— which users typically perceive as benign images—, threat actors are executing JavaScript code while evading traditional static analysis and email filters. At VMRay, our continuous threat monitoring
Executive Summary VMRay strengthens the AI-enabled SOC by delivering high-fidelity, fact-based threat intelligence that powers accurate, explainable, and actionable AI outcomes. Better AI decisions: High-quality sandbox & TI data for training and enrichment. Explainable alerts: Human-readable evidence grounds AI in reality. Smarter triage: Verdicts and risk scores prioritize the right
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In July 2025,
If you’re drowning in Microsoft Defender alerts, you’re not alone. Security teams across the globe face the same challenge—too many notifications, not enough time, and critical threats slipping through the cracks. This article will walk you through proven strategies to cut through the noise so you can focus on what
In today’s digital landscape, threat and vulnerability management is more crucial than ever. Cyber threats are evolving rapidly, posing significant risks to organizations. Understanding these threats is the first step in safeguarding your assets. Effective management involves identifying, assessing, and mitigating risks. Vulnerability management focuses on pinpointing and addressing security
Introduction Since the release of VMRay Platform 2025.2, we’ve had a busy start to the summer. Back then, we introduced SVG file analysis, a feature that continues to gain traction as threat actors increasingly adopt SVG-based phishing delivery techniques. If you’re curious about the evolution of SVG threats and how
Overview As announced in a recent blog post, VMRay Platform has received a major upgrade to the dynamic analysis engine in our 2025.2 release. This aims to improve visibility and detection for code injection techniques like DLL Hollowing. With this adjustment, our Platform provides more granular monitoring and insights into
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events that the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In June
CTI Teams have long relied on sandboxing to analyze threats and extract IOCs. But —treating individual IOCs ( aka clues left behind) in isolation is a common pitfall. This isn’t a brand-new challenge, and many experts have advocated for moving away from indicator-only feeds. Still, the conversation is worth revisiting
Security operations centers (SOCs) face an overwhelming reality: thousands of security alerts flood their systems daily, but only a fraction represent genuine threats. This comprehensive guide explores alert triage fundamentals, common challenges, and proven strategies to streamline your SOC’s response capabilities. As cybersecurity experts with deep experience in threat detection
New malware: Akemi uses trailing slash in class filenames to thwart static analysis and unzipping 21 May 2025 Malicious JAR uses trailing slash in class filenames to thwart static analysis and unzipping A sample of the Akemi malware family has been flying under the radar of most AVs on VirusTotal
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In May 2025,
Updated On: 2025-08-11 Zero-day attacks represent one of the most challenging threats in today’s cybersecurity landscape. Understanding how to prevent zero-day attacks is crucial as these attacks exploit previously unknown vulnerabilities in software, firmware, or hardware—gaps that developers and security researchers haven’t yet discovered. What makes zero-day attacks particularly dangerous
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In April 2025,
As cybersecurity grows more complex, malware detection stands as a critical line of defense against increasingly sophisticated digital threats. As cyber attackers continually refine their techniques, security professionals must stay ahead with comprehensive, multi-layered detection strategies. At VMRay, we’ve dedicated our expertise to developing cutting-edge solutions that protect organizations from
Introduction The first release of 2025 is already behind us, but we’re just getting started. We hope you’ve enjoyed the features delivered in recent months, including searchable threat names, clipboard access detection, enhanced LNK analysis, and residential traffic support via Geofence VPN in Cloud instances. Now, we’re happy to share
Introduction Cyber threat intelligence (CTI) has become a cornerstone of cybersecurity operations. Yet many organizations still rely on outdated CTI models—reactive, fragmented, and often ineffective against today’s fast-evolving threat landscape. In the recent article “Enhancing Cyber Resilience: Leveraging Advanced Threat Intelligence Strategy and Tools Against Cyber Threats”, Adam Palmer, CISO
In the growing arms race between security experts and hackers, malware obfuscation is a key method for avoiding detection. This article looks at the technical details of malware obfuscation. It covers basic ideas, advanced strategies, detection methods, and ways to reduce risks. With the proliferation of sophisticated obfuscation techniques, understanding
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking and monitor events the security community reports to stay up-to-date with the latest changes in the cyber threat landscape. In March 2025,
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!
