CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
Episodes
204 episodes
CYFIRMA Research- Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques
CYFIRMA’s research team has conducted an in-depth investigation into Konni RAT, a sophisticated remote access trojan (RAT) that uses advanced evasion techniques to bypass detection. It exploits Windows features, such as file extens...
•
4:58
CYFIRMA Research- ANALYSIS OF A DISCORD-BASED REMOTE ACCESS TROJAN (RAT)
Hackers are leveraging Python-based Discord RATs to exploit Discord’s API as a Command and Control (C2) platform. This sophisticated malware allows attackers to gain complete control over compromised systems, making it a serious cybersecurity r...
•
6:49
CYFIRMA Research: Turning Aid into Attack- Exploitation of Pakistan's Youth Laptop Scheme to Target India
The CYFIRMA research team has identified a fake Indian Post Office website leveraging the Clickfix technique to target Indian users. The report details how a Pakistani threat actor is targeting both Windows and Android users by dropping APK fil...
•
7:08
CYFIRMA Research- CVE-2025-24813: Apache Tomcat RCE Vulnerability Analysis
Critical Alert: Immediate action is required for all organizations using Apache Tomcat!CVE-2025-24813 is a critical Remote Code Execution (RCE) vulnerability that allows attackers to bypass security controls via a path equivalence flaw,...
•
4:47
CYFIRMA Research- Tracking ransomware: February 2025
Stay ahead of evolving ransomware threats with CYFIRMA’s Monthly Ransomware Report – February 2025. Ransomware activity surged by 87.45% in February month, with Cl0p witnessing an alarming 453% rise. Manufacturing, FMCG, and Transportation sect...
•
6:30
CYFIRMA Research- Geopolitical Conflicts and The Unpredictable Nature of Hacktivist Operations
Hacktivists often become active participants in cyber conflicts whenever geopolitical tensions arise. This has been evident during events like the Israel-Palestine conflict and the Russia-Ukraine war. Recently, tensions flared between Malaysia ...
•
6:49
CYFIRMA Research- LithiumWare Ransomware
The CYFIRMA research has identified a new ransomware variant named LithiumWare, showcasing advanced capabilities designed to disrupt, encrypt, and steal. Key Features of LithiumWare:Data Theft: Exhibits activities indic...
•
6:04
CYFIRMA Research- DEEPFAKE, OR THE ‘SPUTNIK MOMENT’ IN THE AI RACE
China's DeepSeek recently shocked the AI world, challenging US dominance and raising serious security concerns. Did US export controls backfire, fuelling China's AI rise and a new era of cyber threats? Link to the Research Report: ...
•
6:59
CYFIRMA Research: Fake CAPTCHA Malware Campaign- How Cybercriminals Use Deceptive Verifications to Distribute Malware
Cybercriminals have developed a new sophisticated method to distribute malware via fake CAPTCHA pages, tricking users into executing malicious scripts. Our investigation reveals that the Lumma Stealer is leveraging this tactic to harvest sensit...
•
5:57
CYFIRMA Research- SPYLEND: The Android App Available on Google Play Store: Enabling Financial Cyber Crime & Extortion
This report explores a fake financial management app on the Google Play Store named Finance Simplified, which has been downloaded over 100,000 times. The app reportedly downloads an additional fraudulent loan application targeting Indian users....
•
6:08
CYFIRMA Research: JavaScript to Command-and-Control (C2) Server Malware
The cyber threat landscape is evolving, with hackers deploying multi-stage malware using obfuscation, steganography, and covert communication channels to evade detection.Attacks start with an Obfuscated JavaScript, fetching encoded comm...
•
6:24
CYFIRMA Research- Tracking Ransomware- January 2025
Stay informed about the latest developments in cybersecurity with CYFIRMA's Tracking Ransomware – January 2025 Report. January witnessed 510 ransomware victims globally, with Akira emerging as the most active group while n...
•
4:40
CYFIRMA Research- APT Quarterly Highlights- Q4 2024
Our Q4 2024 APT Quarterly Highlights Report unveils a surge of dynamic and innovative cyber activities from APT groups across Iran, North Korea, Russia, and China. These groups intensified operations with a sharp focus on credential theft throu...
•
7:22
CYFIRMA Research- FinStealer
A malware disguised as a banking app is spreading through phishing and unofficial app stores. Built with Kotlin, this malware steals personal info and card details, leaking everything to criminals via Telegram bots and hidden servers. Stay safe...
•
6:53
CYFIRMA Research: Flesh Stealer- Unmasking the Blue Masked Thief
Flesh Stealer, a newly identified malware first observed in August 2024 and written in C#, targets browsers like Chrome, Firefox, and Edge to harvest saved passwords, cookies, and browsing history. It also extracts data from applications such a...
•
6:04
CYFIRMA Research: Astral Stealer Analysis
Astral Stealer: A Sophisticated Threat! Our latest research uncovers Astral Stealer, a powerful malware designed to exfiltrate sensitive data using browser injections, credential dumping, and sophisticated evasion techniques. As a ...
•
4:30
CYFIRMA Research: Windows Locker Ransomware
New Ransomware Alert: "Windows Locker"A new .NET-based ransomware strain, Windows Locker, is making waves with its advanced tactics, also read the CYFIRMA research team's full report for a comprehensive analysis:Encryption: File...
•
5:04
CYFIRMA Research- CVE-2024-45387: Critical Vulnerability in Apache Traffic Control
A critical SQL injection vulnerability (CVE-2024-45387) has been discovered in Apache Traffic Control's Traffic Ops component, impacting versions 8.0.0 and 8.0.1. Attackers with high-level roles (admin, federation, operations, portal, steering)...
•
5:50
CYFIRMA Research- Android Malware in DONOT APT Operations
The CYFIRMA team has analyzed malware linked to the Indian APT group DONOT, uncovering its use of a deceptive app called “Tanzeem” to gather intelligence under the guise of a chat platform. The app shuts down after permissions are granted, sugg...
•
3:17
CYFIRMA Research- The Fall of Syria and the Future of the Iran Threat
The swift fall of the Syrian regime caught major players off guard, including Russia and Iran, who heavily invested in propping up the state. While the USA considers withdrawal, Turkey is positioned to greatly increase its influence, while Iran...
•
5:04
CYFIRMA Research- TRACKING RANSOMWARE: DECEMBER 2024
Stay informed about the latest developments in cybersecurity with CYFIRMA's Tracking Ransomware-December 2024 Report. The report highlights key trends, including a 12.38% decrease in ransomware attacks compared to November, a...
•
3:39
CYFIRMA Research- Living off the Land: The Mechanics of Remote Template Injection Attack
At CYFIRMA, we continuously analyze the tactics and techniques employed by threat actors. One such technique is Remote Template Injection, which exploits Microsoft Word's template functionality to bypass traditional defenses. Used by Advanced P...
•
5:23
CYFIRMA Research- NonEuclid Remote Access Trojan (RAT)
At CYFIRMA, we continuously analyze the tactics and techniques employed by threat actors. One such technique is Remote Template Injection, which exploits Microsoft Word's template functionality to bypass traditional defenses. Used by Advanced P...
•
5:01
CYFIRMA Research- Inside FireScam: An Information Stealer with Spyware Capabilities
Introducing FireScam: A New Android Malware Threat The CYFIRMA research team have uncovered a new, sophisticated Android malware - FireScam, an advanced information-stealing malware with spyware capabilities. Disguised as a fake ‘T...
•
4:14
CYFIRMA Research- CVE-2024-10914: A Critical Vulnerability in D-Link NAS Devices
A critical vulnerability, CVE-2024-10914, has been discovered in unsupported D-Link devices, including DNS-320, DNS-320LW, DNS-325, and DNS-340L. With over 60,000 devices potentially exposed and nearly 1,100 actively exploited since Nov 12, 202...
•
3:21