Release Notes

What's new in PhantomYerra — full version history, new capabilities, performance improvements, and fixes.

Auto-Update: PhantomYerra checks for updates on every launch and every 4 hours. When a new version is available, an update banner appears in the top bar — click Download to fetch in the background, then Restart & Install when ready.
v44.32.84 2026-04-08
Latest
CDN-Only Tool Delivery · Installer Process Cleanup · Startup Crash Fix
  • NEW CDN-Only Tool Delivery. All 70+ security assessment tools are now served exclusively from phantomyerra.com/downloads. The installer no longer bundles binaries — this reduces the installer size significantly and ensures every fresh install and reinstall always pulls the latest tool versions. Tools are downloaded in parallel during first launch with real-time progress displayed per tool.
  • FIX NSIS Installer — Retry Dialog Eliminated. The Windows installer no longer shows a "Retry / Ignore / Cancel" dialog when a running process is detected during upgrade. The installer now cleanly terminates any active PhantomYerra processes before replacing files, then completes silently. Silent enterprise deployment via Group Policy and SCCM is unaffected.
  • FIX Startup Crash Fix. A race condition in the boot sequence caused an intermittent crash on systems where the scan engine initialised faster than expected, resulting in a duplicate IPC registration. This has been resolved — the boot sequence now correctly deduplicates handler registration and handles early-ready signals from the scan engine without crashing.
v44.32.83 2026-04-07
CVE Exploit Validation Engine · Campaign Mode · Real-Time Exploit Terminal · Paused Run Recovery · Performance Overhaul · Export
  • NEW CVE Exploit Validation Engine. Validates whether CVEs affecting your tech stack are actually exploitable against your specific environment. Develops working exploits using AI when no public exploit exists, and delivers the exploit script as a download alongside the finding report. Every confirmed finding includes reproducible PoC steps, business impact assessment, and specific remediation guidance. Privacy-filtered throughout — no target data or environment details ever leave your machine during AI processing.
  • NEW Campaign Mode. Run validation across your entire CVE exposure surface in a single autonomous operation. Multi-CVE validation executes in sequence with live progress tracking, pause/resume controls, and a full campaign report showing exactly which CVEs are confirmed exploitable in your environment. Scope can be narrowed to specific technologies, severity levels, or individual CVEs from your tracked exposure.
  • NEW Campaign Wizard. 4-step guided setup: Authorization confirmation → CVE Scope selection → Settings configuration → Launch.
  • NEW Real-Time Exploit Terminal. Full terminal output streams live during exploit execution. Color-coded output distinguishes phases, findings, errors, and success states. Terminal session is saved and exportable with the finding report.
  • NEW Finding Report with Exploit Download. Confirmed exploits automatically generate a professional pentest finding report — severity, evidence, business impact, PoC steps, and remediation. The working exploit script is available as a one-click download directly from the finding detail view.
  • NEW Paused Run Recovery. Interrupted validation runs can be resumed from where they stopped — no re-validation of already-completed CVEs. Global shortcut Ctrl+Shift+P pauses any active validation run immediately.
  • NEW Export: PDF, DOCX, SARIF. Validation findings and campaign reports are exportable in three formats directly from the wizard results view — ready for client delivery, internal documentation, or CI pipeline integration.
  • PERF Startup 9s → 1.5s. Main thread blocking eliminated from the boot sequence. The application window opens immediately while the scan engine initialises in parallel — no perceptible delay between launch and UI readiness. Boot time reduced from 9 seconds to under 1.5 seconds on typical hardware.
  • PERF Async Scan Engine. The scan engine now runs all tool invocations asynchronously with no blocking calls in the event loop. Concurrent operations including vulnerability sync, status checks, and org profile matching are fully non-blocking.
  • PERF Database Indexing + React Memoization. Database indexes added on all frequently queried columns. React component memoization applied across the CVE dashboard and findings list — 200+ items now render without UI freeze. Activity feed uses virtualized rendering for large datasets.
v44.32.82 2026-04-07
CVE Intelligence · Org Profile Module Gating · Company Admin Portal · Activity Audit Log · AI Key Encryption · Security Hardening
  • NEW CVE Intelligence Dashboard — License-Gated. Aggregates the live CISA Known Exploited Vulnerabilities feed, tracks exploit availability per technology in your org's confirmed stack, delivers an org-wide risk score, and renders a per-technology CVE heatmap. The control mitigation engine maps active CVEs to remediation controls. A lock icon renders on the module card for unlicensed seats.
  • NEW Org Profile / Learn My Org — License-Gated. The 6-step guided profiling wizard builds a comprehensive picture of your organization's technology environment, automatically detects your tech stack from existing scan history, and computes a live risk score preview as each step is completed. The completed profile powers targeted CVE intelligence and makes every subsequent scan context-aware from the first request.
  • NEW Company Admin Self-Service Portal. Enterprise companies can manage their own deployments independently. Company admins provision seats, assign which modules each user can access, restrict users to specific attack surfaces, and review a full activity audit log showing who scanned, what target, which surface, when, and how many findings were confirmed — no support tickets required for routine seat management.
  • NEW End-to-End AI Key Encryption. AI credentials are protected with installation-specific encryption. The encryption key is derived from unique machine identifiers at install time — the key ciphertext on one machine cannot be decrypted on any other. Keys are never transmitted in plaintext at any point in their delivery, storage, or usage lifecycle.
  • NEW Per-Seat Module Assignment. Company admins can restrict individual users to specific attack surfaces. A user configured for web-only access will see lock icons on all other surface cards and cannot launch scans outside their assigned surfaces — enforced server-side.
  • FIX IPC Handlers — Full Wiring. The audit log, platform detection, and recovery IPC channels are now fully wired and functional. Previous builds had these channels registered but unhandled, causing silent failures in audit logging and platform detection from the renderer.
  • FIX Security Hardening. BrowserWindow now launches with sandbox and context isolation enforced. The license cache file is AES-256-GCM encrypted at rest — plaintext license data no longer persists on disk between sessions.
v44.32.81 2026-04-07
Autonomous Attack Engine — 6 AI Agents · Per-Seat Licensing with Module Gates · Kill Switch · Offline Grace Period
  • NEW Autonomous Attack Engine — 6 Specialized AI Agents. The Automated AI mode now deploys a coordinated team of six specialized agents: Recon (discovers the full attack surface), Exploitation (probes and confirms vulnerabilities), Lateral Movement (chains findings into escalation paths), Active Directory (domain attack analysis), Cloud Audit (infrastructure and configuration assessment), and Report Writer (generates professional pentest narrative and remediation). Agents coordinate in real time, passing findings between stages to build a complete attack chain.
  • NEW Per-Seat Licensing with Module Gates. License validation now gates each attack surface module independently. Unlicensed modules display a lock icon and cannot be launched. Module status updates every 5 minutes in the background — no restart required when new modules are activated on your license.
  • NEW Kill Switch. License administrators can remotely deactivate a seat. The seat is locked on next license poll (within 5 minutes) without requiring physical access to the machine. The user is shown a clear notification with a support contact path.
  • NEW Offline Grace Period — 72 Hours. If the license server is unreachable, the cached license is used for up to 72 hours. After 72 hours without a successful validation, the app enters a restricted mode showing a connectivity warning. Users are never hard-locked by temporary network issues.
  • NEW Scans Hub. A unified scan management view listing all past and active scans — filterable by surface, date, severity, and status. Directly reopen findings, regenerate reports, or resume paused scans from one location.
v44.32.74 2026-04-07
License Intelligence · Scanning Access Control · Live License Polling · Bundled Tools · Smart Uninstall
  • NEW License Details Redesigned. The License page now shows your exact licensed seat details — company name, first name, last name, and seat email. Per-module execution limits displayed with used/max scan counters and colour-coded progress bars.
  • NEW Scanning Access Badge. Every session clearly shows Local Scanning Access or Global Scanning Access based on your license scope. Local mode restricts active network, DAST, cloud, and IP-based scanning to internal/private targets only. Code analysis and repository scanning are always unrestricted.
  • NEW Live License Polling — 5-Minute Background Check. Module activations, deactivations, scope changes, and AI key additions/removals take effect within 5 minutes without a restart.
  • NEW Security Tools Bundled in Installer. Key security tools now ship inside the installer — no downloads required at first launch.
  • FIX Sidecar Crash Loop — Async Fix. Blocking subprocess calls inside async generators froze the Python event loop, causing the watchdog to repeatedly kill and restart the sidecar. All blocking calls now run on a thread — the event loop stays responsive throughout tool installation.
  • NEW Smart Uninstall — Three Options. Uninstaller now offers: (1) Keep tools and data; (2) Remove tools only, keep scan data; (3) Full removal. Choice is remembered for rollback scenarios.
v44.32.69 2026-04-06
Scope Enforcement · Per-Seat Activity Dashboard · DevOps Surface · 127 Security Tools · Wizard Improvements
  • NEW LOCAL / PUBLIC Scope Enforcement. Per-seat network scope control enforced platform-wide. LOCAL seats can only target internal IPs and private hostnames. PUBLIC seats have no restriction. Enforced at both wizard launch and the scan engine layer — no bypass possible.
  • NEW Per-Seat Activity Dashboard. Drills down to individual scan rows showing target URL/IP, module used, date/time, and findings per severity. Filter by seat. Load-more pagination keeps the view fast on large datasets.
  • NEW DevOps / CI-CD Pentesting Surface. New dedicated attack surface covering secrets scanning in git history, container image vulnerability analysis, IaC misconfiguration detection, and supply chain dependency analysis. Full compliance mapping: SLSA, CIS Docker/Kubernetes, NIST SSDF, OWASP CI-CD Top 10.
  • NEW 127 Security Tools — Full Inventory. Complete tool inventory documented across 21 attack surfaces. Every tool listed with its surface, role, and invocation method.
  • NEW Wizard Improvements across all surfaces. Network wizard adds AD Domain and DC fields. Cloud wizard adds Azure Tenant ID and Kubernetes context. IoT wizard adds BLE MAC, Zigbee/Z-Wave channel fields. API wizard adds GraphQL endpoint, gRPC target, and WebSocket endpoint. DevOps wizard adds branch name and CI server URL.
  • FIX Admin portal routing bug causing an empty page resolved. Sidebar navigation improvements.
v44.32.68 2026-04-06
Freeze Fix · Silent Installer · AI Key at Boot · 19 Surface Report Sections · MSI Installer
  • FIX "Not Responding" freeze eliminated. The main window startup sequence is now fully asynchronous — the scan engine starts on a parallel thread with no blocking calls on the main thread. PhantomYerra opens instantly and stays responsive during initialization.
  • FIX Silent installer. The installer no longer shows a "Choose Installation Options" dialog. Installs silently to the default location — compatible with enterprise deployment via Group Policy and SCCM.
  • FIX AI key active before first scan. The AI key is now delivered and validated within 45 seconds of first launch via a background process. Previously the key was unavailable until after the first manual settings visit.
  • NEW 19 Surface-Specific Report Sections. Each surface generates its own dedicated report section with surface-specific finding categories, compliance framework mapping, AI narrative, and remediation table. Surfaces covered: Web, API/GraphQL, Mobile, Network/Infra, Cloud, Container, DevOps/CI-CD, SAST, DAST, SBOM/SCA, Enterprise AD, IoT, Automotive/ICS, AI/LLM, Red Team, Reverse Engineering, Robotics, Blockchain, Physical.
  • NEW Enterprise MSI Installer. An MSI package is now published alongside the standard EXE installer — supports Group Policy software deployment, SCCM/Intune push installation, and silent per-machine installation across enterprise fleets.
v44.32.67 2026-04-06
19 Surface-Specific Report Builders — DAST · Red Team · Enterprise AD · Robotics · Network · Reverse Engineering
  • NEW 19 surface-specific report builders. Each scan surface now has a dedicated report builder module that generates a structured section in the Technical Report tailored to that surface's findings, techniques, and compliance controls.
  • NEW DAST report section — active scan results, spider coverage map, OWASP Top 10 coverage matrix, and AI-written exploitation narrative for each confirmed finding.
  • NEW Red Team report section — full kill chain narrative, lateral movement path, data exfiltration evidence, MITRE ATT&CK technique mapping, and detection gap analysis.
  • NEW Enterprise AD report section — Active Directory attack path diagrams, Kerberoasting hash table (masked), AS-REP roasting results, DCSync evidence, and AD hardening roadmap.
  • NEW Network report section — asset inventory table, open port matrix, service CVE list, AD attack paths, cloud audit findings, CIS benchmark score table, and remediation roadmap.
  • Each surface section includes compliance framework table, AI-written narrative summary, severity distribution, and copy-paste remediation guidance.
v44.32.65 2026-04-06
Parallel Tool Installation · Findings Streaming · Event Log · Fast CVE Lookup
  • NEW Parallel tool installation. Security tools now install concurrently during first-run setup. Installation time on a fast connection reduced from ~8 minutes to under 2 minutes.
  • NEW Findings streaming. Confirmed findings stream to the Scan Dashboard in real time as each tool produces output, rather than appearing in a batch at scan completion.
  • NEW Event log. A structured event log records every scan phase, tool invocation, finding creation, and error event with timestamps. Accessible via Settings → Logs → Event Log.
  • PERF CVE lookup — 5ms vs 800ms. CVE-to-exploit lookup time reduced from ~800ms to under 5ms on the full 50k+ entry dataset via binary-searchable index.
v44.32.54 2026-04-06
CVE Intelligence Feed · Exploit Button · Authenticated Testing
  • NEW CVE Intelligence page — live CVE feed cross-referenced against your org's tech stack. Filter by 24h / 48h / 7d / 30d / 1yr. Tabs for CVEs, active Exploits, and CISA KEV. Summary dashboard shows critical count, KEV count, exploit-available count, and org-relevant matches.
  • NEW Exploit button — appears inline on any CVE that has an exploit or PoC available. Opens a wizard to configure target and authentication, then streams live exploitation. Confirms findings with severity, matched URL, description, remediation, and copy-ready reproduction command.
  • NEW CVE data pre-loaded before UI. Python startup phases seed and sync the full CVE database before the main window opens — threat data is available instantly on first paint.
  • FIX Authenticated testing fully wired end-to-end. Auth Vault credentials now correctly pass to every scan tool. Supported: Bearer token, API Key, Session Cookie, HTTP Basic, TOTP, SAML session cookie.
v44.32.49 2026-04-06
AI Key Delivery Fix · Silent Update Checks · Splash Minimize
  • FIX AI key delivery fixed — reads from locally stored key immediately after activation, eliminating a 20-second timeout race on first launch.
  • FIX Network errors during background update checks are now silent — no error dialogs during startup on restricted networks.
  • NEW Splash screen now has a minimize button so you can use other applications while the platform boots.
  • FIX Update check uses a 20-second timeout — the update banner never freezes the UI on slow connections.
v44.32.46 2026-04-06
Per-Module Scan Quotas
  • NEW All scan modules now enforce license-based scan quotas. A quota badge on every launch button shows scans remaining — turns amber when under 60%, red when under 40%. When quota is exceeded, a dialog blocks the scan and shows a usage progress bar with options to contact support.
v44.32.44 2026-04-06
Attack Graph · External Links · License Page
  • FIX External links to vulnerability databases, exploit repositories, and advisory sources now correctly open in the system browser.
  • NEW Attack Graph now shows a full demo attack chain on new installs before any scans are run — Discovery → Exploitation → Lateral Movement → Escalation.
  • NEW License & About page — shows license status badge, company info, AI configuration, active modules grid, and named seats table.

Related

First Launch Scan Modes Automated AI Mode CVE Exploit Validation Generating Reports License Management
© RAVI YERRA. ALL RIGHTS RESERVED. — PHANTOMYERRA HELP CENTER