CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
Episodes
256 episodes
CYFIRMA Research: DPRK Sanctions Violations in Cyber Operations Post-UN Panel Demise
North Korea’s cyber operations are evolving into one of the most significant global sanctions-evasion threats. CYFIRMA's new report, DPRK Sanctions Violations in Cyber Operations Post UN Panel Demise, highlights escalating multi-billion-dollar ...
•
5:49
CYFIRMA Research- Tracking Ransomware: September 2025
CYFIRMA’s Sept 2025 Ransomware Report highlights major evolutions across the ransomware landscape. Akira advanced by bypassing MFA on SonicWall VPNs through OTP seed theft, signalling a move beyond patchable flaws. MalTerminal broke new ground ...
•
4:11
CYFIRMA Research: Yurei Ransomware- The Digital Ghost
CYFIRMA has identified Yurei Ransomware, a Go-based strain engineered for speed, stealth, and irreversible impact. It encrypts files with ChaCha20 + ECIES, appends a .Yurei extension, and drops ransom notes _README_Yurei.txt with To...
•
6:14
CYFIRMA Research- DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities
Malware Alert: New DeerStealer CampaignA new variant of sophisticated information-stealing malware, DeerStealer, has been identified targeting personal and financial data across infected systems. Using signed binaries, rootkit-li...
•
3:30
CYFIRMA Research- Defence Industry Threat Report
Defence Industry Cyber Threats: Espionage Meets Monetization CYFIRMA observed sustained cyber campaigns targeting the global defence sector. Key Highlights from the report:China: Long-term persistence i...
•
6:04
CYFIRMA Research: Unmasking a Python Stealer- XillenStealer
🚨 Threat Intelligence Alert – XillenStealer 🚨 CYFIRMA research identifies XillenStealer, a Python-based open-source information stealer circulating on GitHub, built to exfiltrate: 🔹 Browser credentials & cookies&nb...
•
6:18
CYFIRMA Research- Digital Frontlines: India Under Multi-Nation Hacktivist Attacks
India faced a wave of coordinated cyberattacks in July-August 2025 from multiple countries targeting government and public systems. Notably, a sophisticated malware campaign impersonated the Income Tax Department, tricking users into downloadin...
•
6:57
CYFIRMA Research- Tracking Ransomware – August 2025
Stay ahead with CYFIRMA’s Monthly Ransomware Report – Aug 2025.CYFIRMA’s August 2025 Ransomware Report recorded 522 global victims, a slight dip but still far above 2023–24 levels. Qilin led with 84 attacks, while Akira surged by 35% tar...
•
4:42
CYFIRMA Research- Grey Zone Warfare in China's Stalled South China Sea Ambition
China's South China Sea ambitions stalled: ASEAN Fights Back Amid U.S. Distractions – check out the latest CYFIRMA report on Beijing's ambitions hitting a wall in the South China Sea, and the fallout in cyberspace. Link to the Re...
•
8:23
CYFIRMA Research- Fake Telegram Premium Site Distributes New Lumma Stealer Variant
CYFIRMA researchers have uncovered a malware campaign exploiting a spoofed Telegram Premium site—telegrampremium[.]app—to distribute a new variant of Lumma Stealer.Key Findings:• Drive-by download delivers mal...
•
5:21
CYFIRMA Research- CVE-2025-8671 – HTTP/2 MadeYouReset Vulnerability DDoS Attacks
Critical Alert: CVE-2025-8671 – HTTP/2 “MadeYouReset” DoS VulnerabilityOrganizations operating HTTP/2-enabled infrastructure—such as Apache Tomcat, Netty, F5 BIG-IP, Jetty, and other affected stacks—must act swiftly. This newly un...
•
4:08
CYFIRMA Research- Tracking Ransomware – July 2025
Stay ahead with CYFIRMA’s Monthly Ransomware Report – July 2025.CYFIRMA’s July 2025 Ransomware Report recorded 504 global victims, a 7.5% rise from June, reflecting sustained threat levels. Qilin remained the most active, while Incranso...
•
4:21
CYFIRMA Research- Infos3c Grabber Stealer
CYFIRMA’s latest report explores Infos3c Grabber Stealer, a Python-based grabber malware that steals passwords, wallets, gaming accounts & Discord/Telegram data, captures screenshots, and exfiltrates via Discord. Use endpoint se...
•
4:48
CYFIRMA Research- REVENANT: Executionless, Self-Assembling Threat Hidden in System Entropy
New Threat Model: Executionless Persistence Across Endpoints & AI Layers REVENANT introduces a forward-looking multi-stage attack framework that chains stealthy, executionless techniques to persist not just on systems, but in the operationa...
•
6:29
CYFIRMA Research- Salat Stealer
CYFIRMA has uncovered Salat Stealer (WEB_RAT) — a Go-based infostealer targeting Windows. It exfiltrates browser credentials, cryptocurrency wallets, and Telegram session data while evading detection through advanced persistence. Attributed to ...
•
8:31
CYFIRMA Research- Typhoon in the Fifth Domain: China's Evolving Cyber Strategy
China's Cyber Shift: From espionage to sabotage, Targeting Global Infrastructure – check out, the newest CYFIRMA blog on Beijing's ambitions in the Fifth Domain.Link to the Research Report: https://www.cyfirma.com/blo...
•
6:24
CYFIRMA Research- TinkyWinkey Keylogger
CYFIRMA identified TinkyWinkey, a stealthy Windows keylogger, capable of capturing keystrokes, system info, and active windows. It leverages DLL injection and persistent services to evade detection and maintain long-term presence.Link t...
•
8:22
CYFIRMA Research- APT36 Campaign Targets Indian Defense BOSS Linux system
CYFIRMA has uncovered an ongoing cyber-espionage campaign orchestrated by APT36, a Pakistan-linked threat actor, targeting Indian Government entities.Key Highlights:Initial Access: Spear-phi...
•
3:41
CYFIRMA Research- Lazarus Stealer
CYFIRMA research exposes Lazarus Stealer — a stealthy Android banking malware targeting Russian financial institutions. Key Attack Vectors:Overlay Attack: Displays fake banking login screens to steal...
•
4:17
CYFIRMA Research- Android Malware Posing as Indian Bank Apps
Posing as Indian banking apps, this Android malware deploys a hidden main payload that silently installs, maintains stealthy persistence, and facilitates credential theft. It harvests SMS, steals debit card details, and hijacks call forwarding ...
•
8:44
CYFIRMA Research- Raven Stealer
CYFIRMA research explores the Raven Stealer, a stealthy info-stealing malware written in Delphi & C++, designed to harvest passwords, cookies, payment info and autofill data from Chromium-based browsers like Chrome & Edge. L...
•
4:00
CYFIRMA Research: EdskManager RAT- Multi-Stage Malware with HVNC and Evasion Capabilities
CYFIRMA research provides an analysis of a newly identified Remote Access Trojan, EdskManager RAT, which exhibits stealthy infection mechanisms and covert control using HVNC.Key Capabilities:· Multi-stage infecti...
•
5:15
CYFIRMA Research: CVE-2025-5777– Pre-Auth Memory Leak in Citrix NetScaler (CitrixBleed 2)
Critical Alert: CVE-2025-5777 – Pre-Auth Memory Leak in Citrix NetScaler (CitrixBleed 2)!Organizations relying on Citrix NetScaler ADC and Gateway for secure remote access must act immediately. This newly uncovered vulnerability allows ...
•
5:00
CYFIRMA Research- Octalyn Stealer Unmasked
CYFIRMA exposes Octalyn Forensic Toolkit, a malicious GitHub-hosted tool masquerading as a legitimate forensic utility. In reality, it functions as a credential stealer with Telegram-based C2, targeting browser data, crypto wallets, Discord, an...
•
4:58
CYFIRMA Research- Tracking Ransomware- June 2025
Stay ahead with CYFIRMA’s Monthly Ransomware Report – June 2025. June saw 463 ransomware victims globally, a 15% decline from May. Qilin led the threat landscape, exploiting Fortinet flaws and adding legal pressure tactics. New players like Fog...
•
4:54