CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
Episodes
271 episodes
CYFIRMA Research- NexusRoute: Attempting to Disrupt an Indian Government Ministry
New Research Alert: NexusRoute Campaign Uncovered We’ve uncovered a large-scale Android malware and phishing operation impersonating Indian government services like mParivahan and e-Challan. Threat actors are abusing GitHub t...
•
6:51
CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
Mobile Threat Alert: Crypto Mnemonic Phrase StealerSeedSnatcher is a newly uncovered Android malware family targeting the crypto ecosystem, built to steal users’ mnemonic recovery phrases using a sophisticated DisplayOverlay attack<...
•
4:16
CYFIRMA Research- RTO Challan Fraud A Technical Report on APK-Based Financial and Identity Theft
CYFIRMA researchers have identified a sophisticated Android malware operation spreading via fake RTO Challan/e-Challan notifications shared over WhatsApp. The malicious APK uses two-stage installation, NP-based code obfuscation, an...
•
7:17
CYFIRMA Research- Tracking Ransomware – November 2025
CYFIRMA | November 2025 Ransomware SnapshotRansomware activity shifted fast in November—Akira and INC Ransom surged; AI-driven tools accelerated attacks, and critical sectors like Manufacturing, IT, and Professional Services took the he...
•
5:17
CYFIRMA Research- APT36 Python Based ELF Malware Targeting Indian Government Entities
APT36 Targets Indian Government Entities with a New Python-Based ELF Malware.CYFIRMA has uncovered a new cyber-espionage campaign by APT36 (Transparent Tribe), a Pakistan-based threat actor long known for targeting Indian government ent...
•
4:46
CYFIRMA Research: North Korean Cyber Crime as a Statecraft Tool
After Russia’s veto of the UN Panel of Experts and increased military cooperation over the war in Ukraine, North Korea is ramping up sanctions evasion—deepening its military ties with Moscow and stealing billions in cryptocurrency to finance it...
•
7:08
CYFIRMA Research: Rising Cybercrime During Black Friday & Cyber Monday- A 2025 Threat Intelligence Report
Black Friday & Cyber Monday Cyber Threats Are Already HereAs festive shopping surges, so does cybercrime. CYFIRMA’s latest analysis reveals a spike in fake websites, phishing campaigns, malicious ZIP downloads, UPI-based payment sca...
•
8:05
CYFIRMA Research: Tycoon 2FA- A Technical Analysis of its Adversary-in-the-Middle Phishing Operation
Tycoon 2FA - The Phishing-as-a-Service Platform Our latest technical deep-dive reveals how Tycoon 2FA, a sophisticated Phishing-as-a-Service (PhaaS) platform, is successfully evading detection and bypassing multi-factor authentication (...
•
3:21
CYFIRMA Research- Pig Butchering Scams: Cybercrime Threat Intelligence
Pig-butchering scams have evolved into one of the most damaging global cybercrime models, combining long-term emotional grooming, AI-driven impersonation, fake investment platforms, and sophisticated crypto-laundering networks. Our...
•
7:51
CYFIRMA Research- Regional Stability on Shaky Ground: Cyber Threat Escalation in the Middle East
The Middle East observes a fragile ceasefire, but Iran’s escalating cyberattacks could potentially threaten to unravel the region’s shaky peace.Link to the Research Report:
•
7:15
CYFIRMA Research- Telemetry Relay: When Diagnostics Turn Against You
CYFIRMA Research's latest report: “Telemetry Relay”, describes logic-abuse attacks that trick telemetry/crash processors into fetching attacker-controlled resources. Instead of compromising clients, attackers get vendor or enterprise systems to...
•
6:07
CYFIRMA Research- Tracking Ransomware: October 2025
Stay ahead with CYFIRMA’s Monthly Ransomware Report – October 2025.CYFIRMA’s October 2025 Ransomware Report reveals a strong resurgence in global ransomware activity, with 738 victims recorded marking one of the highest monthly volumes ...
•
3:19
CYFIRMA Research: Android/BankBot- YNRK Mobile Banking Trojan
New Malware Analysis ReportOur latest research uncovers Android/BankBot-YNRK, a mobile banking trojan disguised as a legitimate app such as Google News.Key findings:• Abuses Accessibility Services for remote control
•
3:50
CYFIRMA Research- GhostGrab Android Malware
Mobile Threat Alert: GhostGrab Malware! Cybercriminals are getting more sophisticated, and GhostGrab is a clear example. This Android malware doesn’t just steal banking credentials—it can also:Run hidden cryptocu...
•
5:17
Cyfirma Research- CVE-2025-6541: TP-Link Omada Gateway Remote Command Injection Vulnerability Analysis
Critical Alert: CVE-2025-6541 – TP-Link Omada Gateway Remote Command InjectionOrganizations using TP-Link Omada Gateway devices must act immediately. This critical vulnerability allows attackers to execute arbitrary OS-level commands vi...
•
4:51
CYFIRMA Research: DPRK Sanctions Violations in Cyber Operations Post-UN Panel Demise
North Korea’s cyber operations are evolving into one of the most significant global sanctions-evasion threats. CYFIRMA's new report, DPRK Sanctions Violations in Cyber Operations Post UN Panel Demise, highlights escalating multi-billion-dollar ...
•
5:49
CYFIRMA Research- Tracking Ransomware: September 2025
CYFIRMA’s Sept 2025 Ransomware Report highlights major evolutions across the ransomware landscape. Akira advanced by bypassing MFA on SonicWall VPNs through OTP seed theft, signalling a move beyond patchable flaws. MalTerminal broke new ground ...
•
4:11
CYFIRMA Research: Yurei Ransomware- The Digital Ghost
CYFIRMA has identified Yurei Ransomware, a Go-based strain engineered for speed, stealth, and irreversible impact. It encrypts files with ChaCha20 + ECIES, appends a .Yurei extension, and drops ransom notes _README_Yurei.txt with To...
•
6:14
CYFIRMA Research- DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities
Malware Alert: New DeerStealer CampaignA new variant of sophisticated information-stealing malware, DeerStealer, has been identified targeting personal and financial data across infected systems. Using signed binaries, rootkit-li...
•
3:30
CYFIRMA Research- Defence Industry Threat Report
Defence Industry Cyber Threats: Espionage Meets Monetization CYFIRMA observed sustained cyber campaigns targeting the global defence sector. Key Highlights from the report:China: Long-term persistence i...
•
6:04
CYFIRMA Research: Unmasking a Python Stealer- XillenStealer
🚨 Threat Intelligence Alert – XillenStealer 🚨 CYFIRMA research identifies XillenStealer, a Python-based open-source information stealer circulating on GitHub, built to exfiltrate: 🔹 Browser credentials & cookies&nb...
•
6:18
CYFIRMA Research- Digital Frontlines: India Under Multi-Nation Hacktivist Attacks
India faced a wave of coordinated cyberattacks in July-August 2025 from multiple countries targeting government and public systems. Notably, a sophisticated malware campaign impersonated the Income Tax Department, tricking users into downloadin...
•
6:57
CYFIRMA Research- Tracking Ransomware – August 2025
Stay ahead with CYFIRMA’s Monthly Ransomware Report – Aug 2025.CYFIRMA’s August 2025 Ransomware Report recorded 522 global victims, a slight dip but still far above 2023–24 levels. Qilin led with 84 attacks, while Akira surged by 35% tar...
•
4:42
CYFIRMA Research- Grey Zone Warfare in China's Stalled South China Sea Ambition
China's South China Sea ambitions stalled: ASEAN Fights Back Amid U.S. Distractions – check out the latest CYFIRMA report on Beijing's ambitions hitting a wall in the South China Sea, and the fallout in cyberspace. Link to the Re...
•
8:23
CYFIRMA Research- Fake Telegram Premium Site Distributes New Lumma Stealer Variant
CYFIRMA researchers have uncovered a malware campaign exploiting a spoofed Telegram Premium site—telegrampremium[.]app—to distribute a new variant of Lumma Stealer.Key Findings:• Drive-by download delivers mal...
•
5:21