Claim OwnershipCYFIRMA Research
Subscribed: 4Played: 51
Subscribe
© 2025 CYFIRMA Research
Description
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
239 Episodes
Reverse
CYFIRMA has uncovered an ongoing cyber-espionage campaign orchestrated by APT36, a Pakistan-linked threat actor, targeting Indian Government entities. Key Highlights: Initial Access: Spear-phishing emails delivering weaponized .desktop files disguised as PDFs.Target Platforms: Windows & Linux BOSS OS.Malware Behavior: Downloads & executes ELF payloads, establishes persistence via cron/systemd, and communicates with C2 servers (modgovindia[.]space, securestore[.]cv).Impact: Data exfilt...
CYFIRMA research exposes Lazarus Stealer — a stealthy Android banking malware targeting Russian financial institutions. Key Attack Vectors: Overlay Attack: Displays fake banking login screens to steal card details & account credentials.Silent SMS Notification Blocking: Obtains default SMS handler rights to suppress OTP alerts from the victim’s view.Real-Time OTP Harvesting: Captures verification codes instantly to bypass multi-factor authentication.Covert C2 Communication: Sends sto...
Posing as Indian banking apps, this Android malware deploys a hidden main payload that silently installs, maintains stealthy persistence, and facilitates credential theft. It harvests SMS, steals debit card details, and hijacks call forwarding all while leveraging Firebase Cloud Messaging (FCM) as its Command & Control (C2) channel. Link to the Research Report: https://www.cyfirma.com/research/android-malware-posing-as-indian-bank-apps/ #AndroidThreat #FCMCommandControl #MalwareAnalysis #...
CYFIRMA research explores the Raven Stealer, a stealthy info-stealing malware written in Delphi & C++, designed to harvest passwords, cookies, payment info and autofill data from Chromium-based browsers like Chrome & Edge. Link to the Research Report: https://www.cyfirma.com/research/raven-stealer-unmasked-telegram-based-data-exfiltration/ #CyberSecurity #InfoStealer #RavenStealer #ThreatIntel #Malware #CYFIRMA #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM https://ww...
CYFIRMA research provides an analysis of a newly identified Remote Access Trojan, EdskManager RAT, which exhibits stealthy infection mechanisms and covert control using HVNC. Key Capabilities: · Multi-stage infection using signed binaries and encrypted config · HVNC-based hidden window interaction · Browser extension profiling (Chrome, Edge, Brave) · Dynamic C2 switching with zlib-compressed communication · ...
Critical Alert: CVE-2025-5777 – Pre-Auth Memory Leak in Citrix NetScaler (CitrixBleed 2)! Organizations relying on Citrix NetScaler ADC and Gateway for secure remote access must act immediately. This newly uncovered vulnerability allows unauthenticated attackers to leak sensitive memory—including session tokens—by sending malformed authentication requests. Exploited in the wild and backed by public PoC code, this flaw enables session hijacking, MFA bypass, and potential lateral movement ins...
CYFIRMA exposes Octalyn Forensic Toolkit, a malicious GitHub-hosted tool masquerading as a legitimate forensic utility. In reality, it functions as a credential stealer with Telegram-based C2, targeting browser data, crypto wallets, Discord, and VPN configs. Built with Delphi and C++, Octalyn enables even low-skilled actors to exfiltrate sensitive data using Telegram bots. It uses PowerShell scripts for stealthy second-stage payloads, making it modular and easily customizable. Stay a...
Stay ahead with CYFIRMA’s Monthly Ransomware Report – June 2025. June saw 463 ransomware victims globally, a 15% decline from May. Qilin led the threat landscape, exploiting Fortinet flaws and adding legal pressure tactics. New players like Fog and Anubis adopted stealthy, modular toolkits and file-wipers for maximum damage. Emerging groups Teamxxx, Warlock, and kawa4096 are gaining traction, each demonstrating unique behaviors from Chaos-based payloads to single-system att...
New Threat Model: Zero-Click Compromise via File Rendering Automation RenderShock introduces a powerful new attack framework that leverages trusted file previewing, indexing, and sync mechanisms to trigger payloads — without exploits, macros, or even opening the file. Key Highlights: Zero-click execution using passive system features. Payloads delivered via LNKs, polyglots, CHMs, EXIF beacons, and remote Office templates. Targets Windows/macOS preview handlers, in...
CYFIRMA Research's latest report explores a fake "Free VPN for PC" app hosted on GitHub, delivering a packed DLL payload using obfuscated Base64 hidden in junk strings. It uses P/Invoke to load a hidden DLL, executes GetGameData, and injects into legit processes like MSBuild.exe. Packed, evasive, and anti-debug. Link to the Research Report: https://www.cyfirma.com/research/github-abused-to-spread-malware-disguised-as-free-vpn/ #MalwareAnalysis #CyberSecurity #DLLInjection #Fak...
CYFIRMA uncovers a sophisticated phishing campaign by APT36 (Transparent Tribe) leveraging Linux-specific malware on BOSS Linux systems (widely used by Indian government agencies). Attackers use malicious .desktop files to deploy stealthy ELF binaries while distracting users with fake PowerPoint files. Stay vigilant and safeguard critical infrastructure! Link to the Research Report: https://www.cyfirma.com/research/phishing-attack-deploying-malware-on-indian-defense-boss-linux/ #C...
12-Day War update: Israel and Iran agree to a fragile ceasefire after America's bombing run on Tehran's nuclear facilities. Link to the Research Report: https://www.cyfirma.com/research/12-day-war-update/ #OperationRisingLion #MidnightHammer #IsraelIran #Geopolitics #CYFIRMAResearch #ThreatIntelligence #cybersecurity #ETLM #currentaffairs #MiddleEastWar #MilitaryAffairs #CYFIRMA #ExternalThreatLandscapeManagement https://www.cyfirma.com/
Odyssey Stealer, a rebranded version of Poseidon Stealer, targets macOS users through the Clickfix technique—tricking victims into copy-pasting malicious scripts into their terminal. With capabilities to steal hardware details, keychains, browser cookies, crypto wallets, and plugins, the stolen data is sent to the stealer's hosted infrastructure. During our analysis, we observed it creating a directory in the /tmp folder named "lovemrtrump." Interestingly, earlier versions avoid...
Cyber Threat Alert: APT36 Targets Indian Defense with a Sophisticated Phishing Campaign! CYFIRMA has uncovered a targeted cyber-espionage operation by APT36 (Transparent Tribe), a Pakistan-based threat actor. This group is exploiting phishing emails embedded with malicious PDFs mimicking official NIC documents to infiltrate Indian defense systems. What’s Happening: · Victims receive a fake “protected” PDF (PO-003443125.pdf). · Clicking the button redirects to a fraud...
Stay ahead of evolving ransomware threats with CYFIRMA’s May 2025 Ransomware Report. May witnessed a 15.95% spike in ransomware attacks compared to April, with 545 incidents logged globally. New actors like SafePay and SilentRansomGroup rapidly gained ground, while established groups like Qilin deployed advanced loaders like NETXLOADER and SmokeLoader. Attackers leveraged tools such as Kickidler for stealthy credential theft and embedded ransomware in JPEG files to evade detection. Vulnerabi...
CYFIRMA’s latest research report analyses a stealthy Windows-based malware known as CyberEye, which is posing a significant threat across systems by offering attackers full remote control through a Telegram Bot API. Once executed, it silently harvests browser-stored passwords, cookies, credit card details, Wi-Fi credentials, and session tokens from apps like Telegram, Discord, and Steam. It monitors clipboard activity in real time, hijacking cryptocurrency wallet addresses to redirect funds. ...
Ukraine’s daring drone strike reshapes warfare! CYFIRMA’s research team examines how cheap tech took on Russia’s nuclear air force and what it means for global militaries. Link to the Reseach Report: https://www.cyfirma.com/blogs/ukraines-attack-on-russias-strategic-air-force-live-feed-from-a-revolution-in-military-affairs/ #Geopolitics #ThreatIntelligence #cybersecurity #ETLM #currentaffairs #AirForce #UkraineWar #MilitaryAffairs #OperationSpidersWeb #CYFIRMA #CYFIRMAr...
A highly modular Windows Remote Access Trojan (RAT), DuplexSpy, written in C#, has surfaced with advanced surveillance and system control capabilities. Features include keylogging, remote shell access, screen & webcam spying, audio eavesdropping, and live C2 chat. It uses fileless execution, UAC bypass, registry persistence, and DLL injection to evade detection. Logs keystrokes in real time, records system audio, and hijacks webcams for covert monitoring. Comes with a GUI...
As tensions between India and Pakistan escalated in early 2025, the conflict spilled into cyberspace. In the wake of the April 22nd Kashmir attack and India’s Operation Sindoor, dozens of hacktivist groups launched a wave of digital assaults — from DDoS attacks and defacements to claimed data breaches — targeting critical infrastructure and government entities on both sides. While the technical impact of many attacks was limited, the volume and coordination signalled a new era of hybrid conf...
Critical Alert: CVE-2025-34027 – Authentication Bypass + RCE in Versa Concerto! Organizations using Versa Concerto for network orchestration must take immediate action. This newly disclosed vulnerability allows unauthenticated attackers to bypass login mechanisms and gain remote code execution through exposed REST APIs. The flaw affects key authentication flows, exposing internal configurations and allowing full takeover of the orchestrator. Given its low complexity and potentia...
Comments
Download from Google Play
Download from App Store
United States