CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
Episodes
289 episodes
CYFIRMA Research- Dead Infrastructure Hijacking
New Research: Dead Infrastructure Hijacking — The Attack That Doesn't Need a VulnerabilityMost breaches start with an exploit. This one starts with a domain registration.We've published a full threat intelligence report on Dead ...
•
7:44
CYFIRMA Research- APT36: Multi-Vector Execution Malware Campaign Targeting Indian Government Entities
APT36 Multi-Vector Execution Malware Campaign Targeting Indian Government EntitiesResearchers at CYFIRMA have identified and analyzed a sophisticated malware campaign attributed to APT36 targeting Indian government entities. The ...
•
5:39
CYFIRMA Research- Telegram as the New Operational Layer of Cyber Threat Activity
The Telegram ecosystem.Ransomware groups, Initial Access Brokers, malware operators, and leak channels are converging on a single platform for coordination, recruitment, validation, and amplification.This isn’t a migration fr...
•
9:40
CYFIRMA Research- CharlieKirk Grabber: A Python Based infostealer
Emerging Threat Model: Python-Based Credential Stealer (CharlieKirk Grabber):Recent analysis of a Python-based information stealer highlights the continued growth of modular, builder-driven malware targeting Windows environments. The sample...
•
8:59
CYFIRMA Research- Tracking Ransomware – January 2026
Stay ahead with CYFIRMA’s January 2026 Ransomware Threat Report.January 2026 opened with sustained high ransomware activity and sharp operational volatility across major groups. Qilin remained one of the most active actors despite a pos...
•
3:20
CYFIRMA Research- LTX Stealer: Analysis of a Node.js–Based Credential Stealer
Malware Spotlight: LTX Stealer CYFIRMA researchers uncovered a sophisticated Windows info-stealer hidden in a legit Inno Setup installer.Key takeaways: 🔹 Node.js stealer with Bytenode bytecode obfuscation ...
•
8:57
CYFIRMA Research- Re-Emerging Telegram Phishing Campaign Targeting User Authorization Prompts
CYFIRMA has identified an active Telegram phishing campaign that abuses Telegram’s legitimate login and in-app authorization workflows to fully compromise user accounts without malware or exploits. By leveraging QR codes and manual login flows ...
•
3:14
CYFIRMA Research: CVE-2026-23760 – SmarterTools SmarterMail Authentication Bypass Vulnerability
Critical Alert: CVE-2026-23760 – SmarterMail Pre-Auth Bypass Leading to Full System CompromiseOrganizations running SmarterTools SmarterMail email servers—widely deployed across SMBs, MSPs, educational institutions, and healthcare envir...
•
7:56
CYFIRMA Research- PlayCloak: A Play Store–Distributed Travel Utility Covertly Operating as a Financial Fraud and Cybercrime Platform
Threat Research Alert | Android Loan ScamOur analysis uncovered an Android application, Hicas, distributed via the Google Play Store and marketed as a Smart Travel Packing Companion, which covertly operates as a region-targeted fraudule...
•
4:31
CYFIRMA Research- Weaponized WinRAR Exploitation and Stealth Deployment of Fileless .NET RAT
WinRAR CVE-2025-8088 is a path validation vulnerability that allows a crafted RAR archive to write files outside the intended extraction directory during unpacking.In the observed attack chain, this behavior is abused to silently drop a...
•
8:03
CYFIRMA Research- Mamba Phishing-as-a-Service Kit: How Modern adversary-in-the-middle (AiTM) Attacks Operate
Mamba 2FA illustrates the evolution of phishing into highly automated adversary-in-the-middle attacks that can bypass traditional MFA by closely emulating legitimate cloud authentication experiences. As part of a broader phishing-as-a-service e...
•
5:51
CYFIRMA Research- SOLYXIMMORTAL: PYTHON MALWARE ANALYSIS
Emerging Threat Model: SOLYXIMMORTAL MalwareRecent analysis highlights how modern commodity malware continues to evolve by abusing legitimate system functionality rather than relying on exploits or vulnerabilities. The malware demonstrat...
•
7:06
CYFIRMA Research- Tracking Ransomware – December 2025
Stay ahead with CYFIRMA’s December 2025 Ransomware Report.December marked the most active month of 2025 with 801 global ransomware victims, signaling a strong year-end escalation. Qilin surged to 175 victims, reinforcing its dominance, ...
•
2:49
CYFIRMA Research- Resurgence of Scattered Lapsus$ Hunters
The threat landscape just got more complex. The Scattered LAPSUS$ Hunters-alliance has re-emerged, merging the tactics of notorious groups.This isn’t just a name change; it’s a shift toward professionalized, identity-centric extortion.<...
•
7:50
CYFIRMA Research- APT36: Multi-Stage LNK Malware Campaign Targeting Indian Government Entities
APT36 Targets Indian Entities Using Weaponized Windows Shortcut FilesCYFIRMA has identified a coordinated cyber-espionage campaign attributed to APT36 (Transparent Tribe), a Pakistan-aligned threat actor persistently targeting In...
•
4:31
CYFIRMA Research- PLAUSIBLE DENIABILITY IN CYBERSPACE: THE STRATEGIC USE OF HACKTIVIST PROXIES
Hacktivist activity is often dismissed as low-sophistication noise, website defacements, DDoS attacks, or online activism.Our latest research argues that this view is increasingly outdated.The report introduces Hacktivist Proxy ...
•
7:35
CYFIRMA Research- APT36 LNK-Based Malware Campaign Leveraging MSI Payload Delivery
Threat Alert: APT 36CYFIRMA has identified a targeted malware campaign abusing fake NCERT WhatsApp advisory PDFs to compromise Windows systems.Link to the Research Report:
•
5:02
CYFIRMA Research- Quishing Campaigns: Advanced QR-Code Phishing Evaluation and Insights
A sophisticated QR-code phishing (“quishing”) campaign is targeting employees with payroll-themed lures, bypassing email security and harvesting credentials via obfuscated, per-victim infrastructure. This trend underscores the growing risk of m...
•
2:33
CYFIRMA Research- NexusRoute: Attempting to Disrupt an Indian Government Ministry
New Research Alert: NexusRoute Campaign Uncovered We’ve uncovered a large-scale Android malware and phishing operation impersonating Indian government services like mParivahan and e-Challan. Threat actors are abusing GitHub t...
•
6:51
CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
Mobile Threat Alert: Crypto Mnemonic Phrase StealerSeedSnatcher is a newly uncovered Android malware family targeting the crypto ecosystem, built to steal users’ mnemonic recovery phrases using a sophisticated DisplayOverlay attack<...
•
4:16
CYFIRMA Research- RTO Challan Fraud A Technical Report on APK-Based Financial and Identity Theft
CYFIRMA researchers have identified a sophisticated Android malware operation spreading via fake RTO Challan/e-Challan notifications shared over WhatsApp. The malicious APK uses two-stage installation, NP-based code obfuscation, an...
•
7:17
CYFIRMA Research- Tracking Ransomware – November 2025
CYFIRMA | November 2025 Ransomware SnapshotRansomware activity shifted fast in November—Akira and INC Ransom surged; AI-driven tools accelerated attacks, and critical sectors like Manufacturing, IT, and Professional Services took the he...
•
5:17
CYFIRMA Research- APT36 Python Based ELF Malware Targeting Indian Government Entities
APT36 Targets Indian Government Entities with a New Python-Based ELF Malware.CYFIRMA has uncovered a new cyber-espionage campaign by APT36 (Transparent Tribe), a Pakistan-based threat actor long known for targeting Indian government ent...
•
4:46
CYFIRMA Research: North Korean Cyber Crime as a Statecraft Tool
After Russia’s veto of the UN Panel of Experts and increased military cooperation over the war in Ukraine, North Korea is ramping up sanctions evasion—deepening its military ties with Moscow and stealing billions in cryptocurrency to finance it...
•
7:08
CYFIRMA Research: Rising Cybercrime During Black Friday & Cyber Monday- A 2025 Threat Intelligence Report
Black Friday & Cyber Monday Cyber Threats Are Already HereAs festive shopping surges, so does cybercrime. CYFIRMA’s latest analysis reveals a spike in fake websites, phishing campaigns, malicious ZIP downloads, UPI-based payment sca...
•
8:05