Introduction
The pace of innovation hasn’t slowed in 2025, and neither have we! With three impactful releases already rolled out, we continue to strengthen the VMRay Platform with comprehensive updates that empower analysts, enhance detection accuracy, and boost overall performance. Now, without further ado, let’s dive into the highlights of the 2025.4.0 release.
Phishing attacks are getting smarter, and attackers are increasingly hiding malicious links inside QR codes embedded in PDFs. The problem? Many of these QR codes were hard to detect — especially when they were built into unusual PDF layouts. That meant dangerous links could slip through unnoticed.
We’re happy to announce a major enhancement to our QR code extraction capabilities. The VMRay Platform now sees each PDF page visually — just like a user would, to accurately detect QR codes and the URLs they contain, even in complex or nonstandard documents.
In PDF documents, QR codes aren’t always represented as simple images. They can be split into multiple tiles or be drawn with vector graphics, making them difficult to capture. With our new improved process, the Platform reconstructs each QR code exactly as it appears on the page, uncovering hidden links that could lead to phishing sites.
Key benefits of this update include:
- Catch more phishing attempts by reliably extracting URLs from QR codes in PDFs.
- Reduce false negatives and improve threat visibility across all file types.
- Stay ahead of attackers leveraging increasingly complex PDF-based attacks.
A Better Way to Explore Our APIs – Now in Swagger
With this release, we’re modernizing how you work with our APIs. Our API documentation is now powered by Swagger, giving you an interactive reference experience directly in the Knowledge Base. You’ll find every endpoint clear examples, and built-in testing capabilities.
This change s, making it faster and simpler to understand and integrate our APIs – whether you’re automating tasks, building integrations, or just exploring what’s possible.
Swagger-based API Documentation in the VMRay Platform
Stay Ahead of Phishing with Real-Time, Event-Driven Detection
. Threat actors are constantly evolving their tactics, using dynamic, script-driven techniques to hide malicious content until just the right moment. For defenders, this means that timing is everything – even a minor miss of a critical change in the page content, and the attack can slip through unnoticed.
That’s why we’ve re-engineered phishing detection in the VMRay Platform
Enhanced Waiting Experience in Live Interaction
One of the requested improvements we made in this release is to the Live Interaction feature. In the past, analysts launching an interactive session in the VMRay Platform sometimes struggled with uncertainty; they could see their job was “queued,” but they had little context about where it was in line.
With this update, we refined the Queued state to provide clearer visibility and reduce guesswork. Analysts can now see:
- How many jobs are ahead of their submission in the queue
- Whether their job is next in line, ready for execution
By showing this information, we’ve made the waiting experience more transparent and predictable. Analysts can better plan their workflow, knowing exactly how close they are to getting hands-on with their analysis.
Improved Queued State of Live Interaction in the VMRay Platform
Further Enhancements to Our Product Plans
From the Cloud to Your SOC: FinalVerdict On-Premises
On October 1st, we announced some important updates to VMRay product plans. Here’s a quick recap in case you missed it.
FinalVerdict is now offered in select On-Premises product plans, giving enterprises the flexibility to run powerful malware analysis and classification in their own environments, without compromising speed or accuracy.
We’ve seen a growing trend, especially across Europe and the U.S., where organizations are moving workloads back On-Premises to maintain control over sensitive data. By bringing FinalVerdict closer to home, SOC teams can:
- Accelerate malware triage with high-confidence verdicts on suspicious files
- Keep sensitive data in-house, ensuring compliance and control
FinalVerdict Now On-Premises!
Final Thoughts
This release marks the last planned VMRay Platform update for 2025. Looking ahead, we will be focused on simplifying integrations with more connectors built directly into the Platform, reducing configuration efforts, and enhancing the user experience with visual and UX improvements.
As the year slowly draws to a close, it’s the perfect time to look back on 2025 and celebrate some of our key achievements in different areas:
Manual Incident Response
- Multiple Live Interaction UX improvements
- Unlimited analyses quota (shipped with this release)
Phishing Automation
- Computer Vision AI
- Microsoft Sentinel Connector
- Detecting clipboard access
Threat Intelligence
- UniqueSignal product
- Searchable threat names
Threat Analysis Enhancements
- Microsoft Defender for Endpoint Connector
- Support for SVG file analysis
- Enhanced visibility into advanced injection techniques
- Extracting URLs from QR codes within Office documents
- Geofence VPN upgrade to support residential egress traffic
- Additional VPN endpoints on EU Cloud
- Expanded LNK analysis support
Other Platform Upgrades
- VMRay Platform architecture upgraded to Ubuntu 24.04 LTS
- Extended CPU compatibility for On-Premises installations
In the second half of January 2026, we’ll return with a new release packed with more exciting features. Until then, stay secure and stay tuned for the next chapter of VMRay’s evolution.
