Introduction

The pace of innovation hasn’t slowed in 2025, and neither have we! With three impactful releases already rolled out, we continue to strengthen the VMRay Platform with comprehensive updates that empower analysts, enhance detection accuracy, and boost overall performance. Now, without further ado, let’s dive into the highlights of the 2025.4.0 release.

Page-by-Page PDF Analysis for Better QR Codes Extraction

Phishing attacks are getting smarter, and attackers are increasingly hiding malicious links inside QR codes embedded in PDFs. The problem? Many of these QR codes were hard to detect — especially when they were built into unusual PDF layouts. That meant dangerous links could slip through unnoticed.

We’re happy to announce a major enhancement to our QR code extraction capabilities. The VMRay Platform now sees each PDF page visually — just like a user would, to accurately detect QR codes and the URLs they contain, even in complex or nonstandard documents.

In PDF documents, QR codes aren’t always represented as simple images. They can be split into multiple tiles or be drawn with vector graphics, making them difficult to capture. With our new improved process, the Platform reconstructs each QR code exactly as it appears on the page, uncovering hidden links that could lead to phishing sites.

Key benefits of this update include:

• Catch more phishing attempts by reliably extracting URLs from QR codes in PDFs.
• Reduce false negatives and improve threat visibility across all file types.
• Stay ahead of attackers leveraging increasingly complex PDF-based attacks.

A Better Way to Explore Our APIs – Now in Swagger

With this release, we’re modernizing how you work with our APIs. Our API documentation is now powered by Swagger, giving you an interactive reference experience directly in the Knowledge Base. You’ll find every endpoint clearly documented with request and response structures (missing in the previous documentation), examples, and built-in testing capabilities.

This change empowers developers, making it faster and simpler to understand and integrate our APIs – whether you’re automating tasks, building integrations, or just exploring what’s possible.

Stay Ahead of Phishing with Real-Time, Event-Driven Detection

Phishing remains one of the fastest-growing and most effective attack vectors in cybersecurity. Threat actors are constantly evolving their tactics, using dynamic, script-driven techniques to hide malicious content until just the right moment. For defenders, this means that timing is everything – even a minor miss of a critical change in the page content, and the attack can slip through unnoticed.

That’s why we’ve re-engineered phishing detection in the VMRay Platform to be event-driven. 

The new event-driven approach transforms how our phishing detection operates; it now reacts in real time to behaviors observed during analysis. This dynamic response enables faster identification of subtle, evolving phishing tactics. As a result, VMRay empowers analysts with deeper, more immediate visibility into ongoing attacks, allowing them to uncover threats as they unfold and stay ahead in a landscape where every second matters.

Enhanced Waiting Experience in Live Interaction

One of the requested improvements we made in this release is to the Live Interaction feature. In the past, analysts launching an interactive session in the VMRay Platform sometimes struggled with uncertainty; they could see their job was “queued,” but they had little context about where it was in line.

With this update, we refined the Queued state to provide clearer visibility and reduce guesswork. Analysts can now see:

• How many jobs are ahead of their submission in the queue
• Whether their job is next in line, ready for execution

By showing this information, we’ve made the waiting experience more transparent and predictable. Analysts can better plan their workflow, knowing exactly how close they are to getting hands-on with their analysis.

Further Enhancements to Our Product Plans

From the Cloud to Your SOC: FinalVerdict On-Premises

On October 1st, we announced some important updates to VMRay product plans. Here’s a quick recap in case you missed it.

FinalVerdict is now offered in select On-Premises product plans, giving enterprises the flexibility to run powerful malware analysis and classification in their own environments, without compromising speed or accuracy.

We’ve seen a growing trend, especially across Europe and the U.S., where organizations are moving workloads back On-Premises to maintain control over sensitive data. By bringing FinalVerdict closer to home, SOC teams can:

• Accelerate malware triage with high-confidence verdicts on suspicious files
• Keep sensitive data in-house, ensuring compliance and control

Final Thoughts

This release marks the last planned VMRay Platform update for 2025. Looking ahead, we will be focused on simplifying integrations with more connectors built directly into the Platform, reducing configuration efforts, and enhancing the user experience with visual and UX improvements.

As the year slowly draws to a close, it’s the perfect time to look back on 2025 and celebrate some of our key achievements in different areas:

Manual Incident Response

• Multiple Live Interaction UX improvements
• Unlimited analyses quota (shipped with this release)

Phishing Automation

• Computer Vision AI
• Microsoft Sentinel Connector
• Detecting clipboard access

Threat Intelligence

• UniqueSignal product
• Searchable threat names

Threat Analysis Enhancements

• Microsoft Defender for Endpoint Connector
• Support for SVG file analysis
• Enhanced visibility into advanced injection techniques
• Extracting URLs from QR codes within Office documents
• Geofence VPN upgrade to support residential egress traffic
• Additional VPN endpoints on EU Cloud
• Expanded LNK analysis support

Other Platform Upgrades

• VMRay Platform architecture upgraded to Ubuntu 24.04 LTS
• Extended CPU compatibility for On-Premises installations

In the second half of January 2026, we’ll return with a new release packed with more exciting features. Until then, stay secure and stay tuned for the next chapter of VMRay’s evolution.