Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CISA released Thorium platform to support malware and forensic analysis

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform […]

CISA BlueHammer (CVE-2026-33825)

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors.

CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis.

The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform for automated file analysis and result aggregation. The tool aims at boosting malware analysis, digital forensics, and incident response. Thorium integrates commercial, open-source, and custom tools within a unified system. It enables cybersecurity teams to automate workflows, analyze complex threats, and manage large-scale data efficiently. Users can run tools as Docker images, tag and search results, and enforce access controls with group-based permissions. Thorium empowers analysts across sectors to streamline and scale their threat assessment operations.

“Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a scalable and distributed platform for automated file analysis and result aggregation.” reads the press release published by the U.S. Cybersecurity and Infrastructure Security Agency. “Designed to scale with hardware using Kubernetes and ScyllaDB, Thorium can ingest over 10 million files per hour per permission group while maintaining rapid query performance.”

Thorium offers full control through a RESTful API and can be accessed via web browser or command-line utility for quick and flexible use. Thorium is built for high scalability, leveraging Kubernetes for orchestration and ScyllaDB for high-performance data handling. Right out of the box, it can ingest over 10 million files per hour per permission group and schedule more than 1,700 jobs per second. This design ensures that even under heavy workloads, Thorium maintains rapid job scheduling and fast result querying, making it suitable for large-scale malware analysis and forensic operations. As needs grow, teams can scale Thorium horizontally with additional hardware to meet increasing demands without performance degradation.

Thorium use cases include:

  • Tool Testing: Benchmark and troubleshoot tools at scale.
  • Malware Analysis: Automate static/dynamic analysis and trigger follow-up actions.
  • Host Forensics: Process artifacts like memory or disk images for faster insights.

In April 2024, the Cybersecurity and Infrastructure Security Agency released a malware analysis system, called Malware Next-Gen, which allows any organization to submit malware samples and other suspicious artifacts for analysis.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Cybersecurity and Infrastructure Security Agency)