Claim OwnershipCYFIRMA Research
Subscribed: 5Played: 60
Subscribe
© 2026 CYFIRMA Research
Description
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
277 Episodes
Reverse
Stay ahead with CYFIRMA’s December 2025 Ransomware Report. December marked the most active month of 2025 with 801 global ransomware victims, signaling a strong year-end escalation. Qilin surged to 175 victims, reinforcing its dominance, while Safepay and Sinobi posted sharp month-over-month growth, highlighting shifting group momentum. Ransomware operations increasingly adopted cartel-style, access-driven models, abusing trusted security tools, hypervisors, and enterprise file-sharing platfo...
The threat landscape just got more complex. The Scattered LAPSUS$ Hunters-alliance has re-emerged, merging the tactics of notorious groups. This isn’t just a name change; it’s a shift toward professionalized, identity-centric extortion. What you need to know: High-Value Targets: Focused on enterprises with $500M+ revenue, specifically in Cloud, Telecom, and Finance.Identity is the Perimeter: They specialize in "logging in" rather than "hacking in," using advanced vishing (voice phishing) a...
APT36 Targets Indian Entities Using Weaponized Windows Shortcut Files CYFIRMA has identified a coordinated cyber-espionage campaign attributed to APT36 (Transparent Tribe), a Pakistan-aligned threat actor persistently targeting Indian government entities and strategic sectors. This campaign highlights APT36’s evolving tradecraft, leveraging malicious Windows shortcut (.LNK) files and multi-stage payload delivery to stealthily compromise victim systems while masquerading as legitimate docume...
Hacktivist activity is often dismissed as low-sophistication noise, website defacements, DDoS attacks, or online activism. Our latest research argues that this view is increasingly outdated. The report introduces Hacktivist Proxy Operations as a repeatable model of deniable cyber pressure, where ideologically aligned non-state groups apply disruption, narrative amplification, and psychological pressure in ways that align with state geopolitical interests without formal sponsorship or direct...
Threat Alert: APT 36 CYFIRMA has identified a targeted malware campaign abusing fake NCERT WhatsApp advisory PDFs to compromise Windows systems. Link to the Research Report: APT36 LNK-BASED MALWARE CAMPAIGN LEVERAGING MSI PAYLOAD DELIVERY - CYFIRMA #APT36 #Cyberthreatintelligence #Malware analysis #Threathunting #Cybersecurity #ETLM #CYFIRMA https://www.cyfirma.com/
A sophisticated QR-code phishing (“quishing”) campaign is targeting employees with payroll-themed lures, bypassing email security and harvesting credentials via obfuscated, per-victim infrastructure. This trend underscores the growing risk of mobile-based phishing and the need for stronger user awareness and behavior-driven defenses. Link to the Research Report: Quishing Campaigns : Advanced QR-Code Phishing Evaluation and Insights - CYFIRMA #Quishing #Phishing #CyberThreats #...
New Research Alert: NexusRoute Campaign Uncovered We’ve uncovered a large-scale Android malware and phishing operation impersonating Indian government services like mParivahan and e-Challan. Threat actors are abusing GitHub to host malicious APKs and fake payment portals, tricking users into sharing OTPs, UPI PINs, and financial details. The malware uses advanced techniques—dynamic loaders, native code, SMS hijacking, screen capture, and persistent background services—to monitor ...
Mobile Threat Alert: Crypto Mnemonic Phrase Stealer SeedSnatcher is a newly uncovered Android malware family targeting the crypto ecosystem, built to steal users’ mnemonic recovery phrases using a sophisticated DisplayOverlay attack Capabilities: Intercepts and exfiltrates seed phrases and private keys from major cryptocurrency walletsPresents deceptive wallet-import screens to lure users into entering their recovery phrasesCommunicates with its command-and-control servers via encrypted Web...
CYFIRMA researchers have identified a sophisticated Android malware operation spreading via fake RTO Challan/e-Challan notifications shared over WhatsApp. The malicious APK uses two-stage installation, NP-based code obfuscation, and a custom VPN layer to evade detection and maintain persistent control over infected devices. C2 Infrastructure Exposed. Our analysis uncovered two domains used as the campaign’s Command-and-Control (C2) backend: Jsonserv[.]xyz jsonserv[.]biz Both domains ...
CYFIRMA | November 2025 Ransomware Snapshot Ransomware activity shifted fast in November—Akira and INC Ransom surged; AI-driven tools accelerated attacks, and critical sectors like Manufacturing, IT, and Professional Services took the heaviest hits. North America remained the top target as threat actors expanded into virtualization platforms and even official software marketplaces. The ransomware ecosystem is evolving rapidly—speed, automation, and precision are defining the new threat land...
APT36 Targets Indian Government Entities with a New Python-Based ELF Malware. CYFIRMA has uncovered a new cyber-espionage campaign by APT36 (Transparent Tribe), a Pakistan-based threat actor long known for targeting Indian government entities and strategic sectors. This campaign showcases a major leap in the group’s technical sophistication — delivering custom Python-based ELF malware through weaponized .desktop shortcut files distributed via spear-phishing. 📌 Key Highlights: The campaign ...
After Russia’s veto of the UN Panel of Experts and increased military cooperation over the war in Ukraine, North Korea is ramping up sanctions evasion—deepening its military ties with Moscow and stealing billions in cryptocurrency to finance its WMD programs. Link to the Research Report: NORTH KOREAN CYBER CRIME AS A STATECRAFT TOOL - CYFIRMA #NorthKorea #Russia #sanctions #cryptoheist #Geopolitics #CYFIRMAResearch#ThreatIntelligence #cybersecurity #ETLM&nbs...
Black Friday & Cyber Monday Cyber Threats Are Already Here As festive shopping surges, so does cybercrime. CYFIRMA’s latest analysis reveals a spike in fake websites, phishing campaigns, malicious ZIP downloads, UPI-based payment scams, and dark-web-powered phishing kits—all engineered to exploit the 2025 holiday rush. Our researchers uncovered multiple spoofed retail domains, automated malware downloads, and dynamic UPI-ID switching techniques used by scammers to evade detection. With ...
Tycoon 2FA - The Phishing-as-a-Service Platform Our latest technical deep-dive reveals how Tycoon 2FA, a sophisticated Phishing-as-a-Service (PhaaS) platform, is successfully evading detection and bypassing multi-factor authentication (MFA) to compromise enterprise cloud environments. This isn't just another phishing kit. It's an Adversary-in-the-Middle (AitM) framework that captures session tokens in real-time, making traditional MFA like SMS, TOTP apps, and push notifications ineffective...
Pig-butchering scams have evolved into one of the most damaging global cybercrime models, combining long-term emotional grooming, AI-driven impersonation, fake investment platforms, and sophisticated crypto-laundering networks. Our latest CYFIRMA Threat Intelligence Report breaks down: How global scam compounds operate like industrial-scale BPOs The role of AI-generated personas, fake trading apps, and cross-chain laundering Tens of billions are lost annually across victims of a...
The Middle East observes a fragile ceasefire, but Iran’s escalating cyberattacks could potentially threaten to unravel the region’s shaky peace. Link to the Research Report: Regional Stability on Shaky Ground : Cyber Threat Escalation in the Middle East - CYFIRMA #Geopolitics #CYFIRMAaResearch #ThreatIntelligence #cybersecurity #ETLM #currentaffairs #MuddyWater #IRGC #Iran #CYFIRMA #ExternalThreatLandscapeManagement https://www.cyfirma.com/
CYFIRMA Research's latest report: “Telemetry Relay”, describes logic-abuse attacks that trick telemetry/crash processors into fetching attacker-controlled resources. Instead of compromising clients, attackers get vendor or enterprise systems to reveal internal metadata (IPs, hostnames, cluster/tenant IDs) — and sometimes enable deeper server-side attacks. The technique is low-noise and broadly relevant across SaaS and modern apps. Link to the Research Report: TELEMETRY RELAY : WHEN DI...
Stay ahead with CYFIRMA’s Monthly Ransomware Report – October 2025. CYFIRMA’s October 2025 Ransomware Report reveals a strong resurgence in global ransomware activity, with 738 victims recorded marking one of the highest monthly volumes this year. The spike was led by Qilin, which more than doubled its attacks, and Sinobi, which surged sixfold, while new actors such as Black Shrantac, Coinbase Cartel, and GENESIS intensified the threat landscape. Adversaries increasingly exploited kernel v...
New Malware Analysis Report Our latest research uncovers Android/BankBot-YNRK, a mobile banking trojan disguised as a legitimate app such as Google News. Key findings: • Abuses Accessibility Services for remote control • Uses C2 servers at ping.ynrkone[.]top for device commands • Targets financial and cryptocurrency applications • Employs code obfuscation via nmm-protect • Capable of exfiltrating sensitive data and performing unauthorized transactions Link to the Research Report: https://w...
Mobile Threat Alert: GhostGrab Malware! Cybercriminals are getting more sophisticated, and GhostGrab is a clear example. This Android malware doesn’t just steal banking credentials—it can also: Run hidden cryptocurrency mining that drains your battery and CPUHarvest debit card and online banking login informationIntercept SMS messages, including one-time passwords (OTPs)Collect detailed device and SIM dataHide itself and resist removalUse phishing pages within apps to trick victims int...
Comments
Download from Google Play
Download from App Store
United States