Tuesday , August 12 2025
Thorium

CISA unveils open-sources Thorium platform for malware, forensic analysis

infosecbulletin 2 weeks ago Hot Topic

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced today that Thorium, an open-source platform for malware and forensic analysis, is now publicly available for government, public, and private sectors.

Thorium is a scalable cybersecurity tool created with Sandia National Laboratories that automates tasks in  cyberattack investigations. It can handle over 1,700 jobs per second and process more than 10 million files per hour per permission group.

SoupDealer Malware Bypasses Every Sandbox, AV’s, XDR/EDR in Real-World Incidents

By infosecbulletin / Tuesday , August 12 2025
In early August 2025, cybersecurity teams in Türkiye detected a new Java-based loader that avoided detection by all public sandboxes,...
Read More
SoupDealer Malware Bypasses Every Sandbox, AV’s, XDR/EDR in Real-World Incidents

WinRAR Zero-Day and 7-Zip Vulnerability actively exploited

By infosecbulletin / Monday , August 11 2025
ESET researchers found a zero-day vulnerability in WinRAR for Windows, tracked as CVE-2025-8088, which has been used to run malicious...
Read More
WinRAR Zero-Day and 7-Zip Vulnerability actively exploited

Biometric Clone: ₹5.58 crore loss, 251 accounts in 17 districts

By infosecbulletin / Sunday , August 10 2025
A sophisticated cyber fraud has stolen over ₹5.58 crore from many bank accounts, highlighting serious concerns about digital payment security....
Read More
Biometric Clone: ₹5.58 crore loss, 251 accounts in 17 districts

Google Confirms Data Breach: Notifying Affected Users

By infosecbulletin / Sunday , August 10 2025
Google confirmed that a recent data breach in one of its Salesforce CRM systems exposed information about potential Google Ads...
Read More
Google Confirms Data Breach: Notifying Affected Users

28,000+ Microsoft Exchange Servers Exposed Online for CVE-2025-53786

By infosecbulletin / Saturday , August 9 2025
More than 28,000 unpatched Microsoft Exchange servers are publicly accessible and vulnerable to the critical security flaw CVE-2025-53786, as reported...
Read More
28,000+ Microsoft Exchange Servers Exposed Online for CVE-2025-53786

Google alerts of cloud storage bucket hijacking attacks

By infosecbulletin / Saturday , August 9 2025
Google has unveiled its best practices aimed at thwarting dangling bucket takeovers, encouraging developers to fortify their cloud environments. The...
Read More
Google alerts of cloud storage bucket hijacking attacks

Multiple 0-days to Bypass BitLocker and Extract Data

By infosecbulletin / Saturday , August 9 2025
Researchers revealed critical zero-day vulnerabilities that bypass Windows BitLocker encryption, enabling attackers with physical access to quickly extract data from...
Read More
Multiple 0-days to Bypass BitLocker and Extract Data

Amazon ECS Internal Protocol Exploited to Steal AWS Credentials

By infosecbulletin / Friday , August 8 2025
Security researchers disclosed a cirtical flaw in Amazon Elastic Container Service (ECS) that enables harmful containers to steal AWS credentials...
Read More
Amazon ECS Internal Protocol Exploited to Steal AWS Credentials

7 Tools for Automated Server Patching

By infosecbulletin / Friday , August 8 2025
Let’s look at 7 tools for automating patch deployment. Each tool offers unique features for various environments, from small DevOps...
Read More
7 Tools for Automated Server Patching

Germany’s top court rules police may use spyware solely for serious crimes

By infosecbulletin / Friday , August 8 2025
Germany's top court ruled on Thursday that police can secretly install spy software on phones and computers only for serious...
Read More
Germany’s top court rules police may use spyware solely for serious crimes

“Thorium enhances cybersecurity teams’ capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools,” CISA said on Thursday.

“It supports various mission functions, including software analysis, digital forensics, and incident response, allowing analysts to efficiently assess complex malware threats.”

Security teams can use Thorium for automating and speeding up various file analysis workflows, including but not limited to:

Easily import and export tools to facilitate sharing across cyber defense teams,
Integrate command-line tools as Docker images, including open-source, commercial, and custom software,
Filter results using tags and full-text search,
Control access to submissions, tools, and results with strict group-based permissions,
Scale with Kubernetes and ScyllaDB to meet workload demands.

Defenders can find installation instructions and get their own copy of Thorium from CISA’s official GitHub repository.

“By publicly sharing this platform, we empower the broader cybersecurity community to orchestrate the use of advanced tools for malware and forensic analysis,” added CISA Associate Director for Threat Hunting Jermaine Roebuck.

“Scalable analysis of binaries as well as other digital artifacts further enables cybersecurity analysts to understand and address vulnerabilities in benign software.”

On Wednesday, CISA released a tool to help security teams respond to incidents by giving them the steps needed to remove attackers from affected networks and devices.

17K+ SharePoint Servers Exposed to Internet : 840 Servers Vuln to 0-Day Attacks

Check Also

ChatGPT, Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack

A serious flaw in widely used AI tools, like ChatGPT and Google Gemini, exposes them …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin