CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
Episodes
307 episodes
CYFIRMA Research: Tracking Ransomware- April 2026
CYFIRMA – April 2026 Ransomware Threat Intelligence BriefingRansomware activity reached 801 global incidents in April 2026, marking the highest April total in recent years and reinforcing the continued expansion of ransomware-as-a-servi...
CYFIRMA Research: Operation SilentCanvas – JPEG-Based Multi-Stage PowerShell Intrusion
Operation SilentCanvas – JPEG-Based Multi-Stage PowerShell IntrusionCYFIRMA Research conducted an in-depth technical investigation into a sophisticated multi-stage intrusion campaign leveraging a weaponized PowerShell payload disguised a...
CYFIRMA Research: Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns
New Research: Trusted Infrastructure Phishing — The Attack That Lives Inside Your Security StackMost phishing starts outside your perimeter. This one starts inside it. Trusted Infrastructure Phishing (TIP) is a threat class in whi...
CYFIRMA Research: Malaysia Threat Landscape Report
Malaysia isn’t just seeing cyber threats - it’s seeing a structured cyber economy take shape.Ransomware groups, data brokers, and access sellers are all operating across the same ecosystem.Manufacturing, government, and service ...
CYFIRMA Research: Taiwan Cyber Threat Landscape 2026
Taiwan Cyber Threat Landscape 2026Taiwan remains at the forefront of global cyber conflict—driven by its semiconductor dominance, strategic geopolitical position, and deep international partnerships.🔹 Relentless Pressure: ~2.63M dai...
CYFIRMA Research: Singapore Threat Landscape
Singapore’s position as a global financial, technological, and connectivity hub continues to attract sophisticated cyber threats from both state-sponsored actors and financially motivated cybercriminal groups.Key Threat Actors Identi...
CYFIRMA Research: Philippines Evolving Cyber Threat Landscape 2025-2026
Stay ahead with CYFIRMA’s Philippines Evolving Cyber Threat Landscape 2025–2026 Report.The Philippines is facing a sharp escalation in AI-driven and automated cyber threats. Q3 2025 recorded over 52 million exposed credentials, while ra...
CYFIRMA Research: KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft
KYCShadow: Mobile Threat Alert – Android Banking Malware CampaignCYFIRMA Research has identified a sophisticated Android malware campaign distributed via WhatsApp, impersonating Bank KYC and e-Challan services to compromise finan...
CYFIRMA Research: Operation PhantomCLR- Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse
Operation PhantomCLROur latest research uncovers a highly sophisticated post-exploitation framework that represents a significant shift in modern attacker tradecraft. The campaign leverages .NET AppDomainManager hijacking to abus...
CYFIRMA Research: Silent Crypto Wallet Takeover- Unlimited USDT Approval Exploitation via Trust Wallet QR Code Phishing
CYFIRMA Research has identified an active crypto drainer campaign targeting Trust Wallet users through QR code phishing distributed via Telegram channels. The attack leverages deep link abuse and deceptive transaction flows to gain persistent a...
CYFIRMA Research: CVE-2026-1492 WordPress User Registration & Membership Authentication Bypass Flaw
The CYFIRMA Research team has identified critical security insights related to CVE-2026-1492, a high-severity authentication bypass and privilege escalation vulnerability affecting the WordPress User Registration & Membership plugin.
CYFIRMA Research: Tracking Ransomware- March 2026
March reflected a further escalation in ransomware activity, with incident volumes rising and multiple threat actors expanding operations simultaneously. Qilin emerged as the most dominant group with a sharp increase in activity, while several ...
CYFIRMA Research: CrySome RAT
CrySome RAT – Advanced Threat InsightCrySome RAT is a sophisticated .NET-based remote access trojan engineered for long-term persistence and stealth on Windows systems. It extends beyond typical malware by maintaining execution even aft...
CYFIRMA Research: Invoice-Themed Phishing Campaign Targeting Financial Workflows Amid Fiscal Year-End Activity
New Threat Intelligence Report: Invoice-Themed Phishing CampaignA sophisticated phishing campaign is actively targeting finance and procurement teams using invoice, payment, and operational lures—timed strategically around financial yea...
CYFIRMA Research: Tracking Ransomware- February 2026
Stay informed with CYFIRMA’s February 2026 Ransomware Threat Report.February continued to reflect a high-activity ransomware environment, with noticeable shifts in group dynamics and operational patterns. While Qilin sustained consisten...
CYFIRMA Research: CVE-2026-24423 – SmarterTools SmarterMail Remote Code Execution Vulnerability
The CYFIRMA Research team has identified critical security insights related to CVE-2026-24423, a high-severity unauthenticated remote code execution vulnerability impacting SmarterTools SmarterMail.The vulnerability allows attackers to ...
CYFIRMA Research: Operation False Siren- A Trojanized Android Spyware Campaign
CYFIRMA Research uncovered a targeted Android spyware campaign, Operation False Siren, exploiting wartime urgency by weaponizing the trusted Israeli civil defense alert application.In this operation, threat actors distributed a trojaniz...
CYFIRMA Research- TaxiSpy RAT: Analysis of TaxiSpy RAT – Russian Banking-Focused Android Malware with Full Remote Control
New Report Released: Advanced Android Banking RAT Targeting Russian Financial InstitutionsCYFIRMA Research has uncovered a highly sophisticated Android Banking Trojan with integrated Remote Access Trojan (RAT) capabilities targeting Rus...
CYFIRMA Research- Dead Infrastructure Hijacking
New Research: Dead Infrastructure Hijacking — The Attack That Doesn't Need a VulnerabilityMost breaches start with an exploit. This one starts with a domain registration.We've published a full threat intelligence report on Dead ...
CYFIRMA Research- APT36: Multi-Vector Execution Malware Campaign Targeting Indian Government Entities
APT36 Multi-Vector Execution Malware Campaign Targeting Indian Government EntitiesResearchers at CYFIRMA have identified and analyzed a sophisticated malware campaign attributed to APT36 targeting Indian government entities. The ...
CYFIRMA Research- Telegram as the New Operational Layer of Cyber Threat Activity
The Telegram ecosystem.Ransomware groups, Initial Access Brokers, malware operators, and leak channels are converging on a single platform for coordination, recruitment, validation, and amplification.This isn’t a migration fr...
CYFIRMA Research- CharlieKirk Grabber: A Python Based infostealer
Emerging Threat Model: Python-Based Credential Stealer (CharlieKirk Grabber):Recent analysis of a Python-based information stealer highlights the continued growth of modular, builder-driven malware targeting Windows environments. The sample...
CYFIRMA Research- Tracking Ransomware – January 2026
Stay ahead with CYFIRMA’s January 2026 Ransomware Threat Report.January 2026 opened with sustained high ransomware activity and sharp operational volatility across major groups. Qilin remained one of the most active actors despite a pos...
CYFIRMA Research- LTX Stealer: Analysis of a Node.js–Based Credential Stealer
Malware Spotlight: LTX Stealer CYFIRMA researchers uncovered a sophisticated Windows info-stealer hidden in a legit Inno Setup installer.Key takeaways: 🔹 Node.js stealer with Bytenode bytecode obfuscation ...
CYFIRMA Research- Re-Emerging Telegram Phishing Campaign Targeting User Authorization Prompts
CYFIRMA has identified an active Telegram phishing campaign that abuses Telegram’s legitimate login and in-app authorization workflows to fully compromise user accounts without malware or exploits. By leveraging QR codes and manual login flows ...