CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
Episodes
279 episodes
CYFIRMA Research- Mamba Phishing-as-a-Service Kit: How Modern adversary-in-the-middle (AiTM) Attacks Operate
Mamba 2FA illustrates the evolution of phishing into highly automated adversary-in-the-middle attacks that can bypass traditional MFA by closely emulating legitimate cloud authentication experiences. As part of a broader phishing-as-a-service e...
•
5:51
CYFIRMA Research- SOLYXIMMORTAL: PYTHON MALWARE ANALYSIS
Emerging Threat Model: SOLYXIMMORTAL MalwareRecent analysis highlights how modern commodity malware continues to evolve by abusing legitimate system functionality rather than relying on exploits or vulnerabilities. The malware demonstrat...
•
7:06
CYFIRMA Research- Tracking Ransomware – December 2025
Stay ahead with CYFIRMA’s December 2025 Ransomware Report.December marked the most active month of 2025 with 801 global ransomware victims, signaling a strong year-end escalation. Qilin surged to 175 victims, reinforcing its dominance, ...
•
2:49
CYFIRMA Research- Resurgence of Scattered Lapsus$ Hunters
The threat landscape just got more complex. The Scattered LAPSUS$ Hunters-alliance has re-emerged, merging the tactics of notorious groups.This isn’t just a name change; it’s a shift toward professionalized, identity-centric extortion.<...
•
7:50
CYFIRMA Research- APT36: Multi-Stage LNK Malware Campaign Targeting Indian Government Entities
APT36 Targets Indian Entities Using Weaponized Windows Shortcut FilesCYFIRMA has identified a coordinated cyber-espionage campaign attributed to APT36 (Transparent Tribe), a Pakistan-aligned threat actor persistently targeting In...
•
4:31
CYFIRMA Research- PLAUSIBLE DENIABILITY IN CYBERSPACE: THE STRATEGIC USE OF HACKTIVIST PROXIES
Hacktivist activity is often dismissed as low-sophistication noise, website defacements, DDoS attacks, or online activism.Our latest research argues that this view is increasingly outdated.The report introduces Hacktivist Proxy ...
•
7:35
CYFIRMA Research- APT36 LNK-Based Malware Campaign Leveraging MSI Payload Delivery
Threat Alert: APT 36CYFIRMA has identified a targeted malware campaign abusing fake NCERT WhatsApp advisory PDFs to compromise Windows systems.Link to the Research Report:
•
5:02
CYFIRMA Research- Quishing Campaigns: Advanced QR-Code Phishing Evaluation and Insights
A sophisticated QR-code phishing (“quishing”) campaign is targeting employees with payroll-themed lures, bypassing email security and harvesting credentials via obfuscated, per-victim infrastructure. This trend underscores the growing risk of m...
•
2:33
CYFIRMA Research- NexusRoute: Attempting to Disrupt an Indian Government Ministry
New Research Alert: NexusRoute Campaign Uncovered We’ve uncovered a large-scale Android malware and phishing operation impersonating Indian government services like mParivahan and e-Challan. Threat actors are abusing GitHub t...
•
6:51
CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
Mobile Threat Alert: Crypto Mnemonic Phrase StealerSeedSnatcher is a newly uncovered Android malware family targeting the crypto ecosystem, built to steal users’ mnemonic recovery phrases using a sophisticated DisplayOverlay attack<...
•
4:16
CYFIRMA Research- RTO Challan Fraud A Technical Report on APK-Based Financial and Identity Theft
CYFIRMA researchers have identified a sophisticated Android malware operation spreading via fake RTO Challan/e-Challan notifications shared over WhatsApp. The malicious APK uses two-stage installation, NP-based code obfuscation, an...
•
7:17
CYFIRMA Research- Tracking Ransomware – November 2025
CYFIRMA | November 2025 Ransomware SnapshotRansomware activity shifted fast in November—Akira and INC Ransom surged; AI-driven tools accelerated attacks, and critical sectors like Manufacturing, IT, and Professional Services took the he...
•
5:17
CYFIRMA Research- APT36 Python Based ELF Malware Targeting Indian Government Entities
APT36 Targets Indian Government Entities with a New Python-Based ELF Malware.CYFIRMA has uncovered a new cyber-espionage campaign by APT36 (Transparent Tribe), a Pakistan-based threat actor long known for targeting Indian government ent...
•
4:46
CYFIRMA Research: North Korean Cyber Crime as a Statecraft Tool
After Russia’s veto of the UN Panel of Experts and increased military cooperation over the war in Ukraine, North Korea is ramping up sanctions evasion—deepening its military ties with Moscow and stealing billions in cryptocurrency to finance it...
•
7:08
CYFIRMA Research: Rising Cybercrime During Black Friday & Cyber Monday- A 2025 Threat Intelligence Report
Black Friday & Cyber Monday Cyber Threats Are Already HereAs festive shopping surges, so does cybercrime. CYFIRMA’s latest analysis reveals a spike in fake websites, phishing campaigns, malicious ZIP downloads, UPI-based payment sca...
•
8:05
CYFIRMA Research: Tycoon 2FA- A Technical Analysis of its Adversary-in-the-Middle Phishing Operation
Tycoon 2FA - The Phishing-as-a-Service Platform Our latest technical deep-dive reveals how Tycoon 2FA, a sophisticated Phishing-as-a-Service (PhaaS) platform, is successfully evading detection and bypassing multi-factor authentication (...
•
3:21
CYFIRMA Research- Pig Butchering Scams: Cybercrime Threat Intelligence
Pig-butchering scams have evolved into one of the most damaging global cybercrime models, combining long-term emotional grooming, AI-driven impersonation, fake investment platforms, and sophisticated crypto-laundering networks. Our...
•
7:51
CYFIRMA Research- Regional Stability on Shaky Ground: Cyber Threat Escalation in the Middle East
The Middle East observes a fragile ceasefire, but Iran’s escalating cyberattacks could potentially threaten to unravel the region’s shaky peace.Link to the Research Report:
•
7:15
CYFIRMA Research- Telemetry Relay: When Diagnostics Turn Against You
CYFIRMA Research's latest report: “Telemetry Relay”, describes logic-abuse attacks that trick telemetry/crash processors into fetching attacker-controlled resources. Instead of compromising clients, attackers get vendor or enterprise systems to...
•
6:07
CYFIRMA Research- Tracking Ransomware: October 2025
Stay ahead with CYFIRMA’s Monthly Ransomware Report – October 2025.CYFIRMA’s October 2025 Ransomware Report reveals a strong resurgence in global ransomware activity, with 738 victims recorded marking one of the highest monthly volumes ...
•
3:19
CYFIRMA Research: Android/BankBot- YNRK Mobile Banking Trojan
New Malware Analysis ReportOur latest research uncovers Android/BankBot-YNRK, a mobile banking trojan disguised as a legitimate app such as Google News.Key findings:• Abuses Accessibility Services for remote control
•
3:50
CYFIRMA Research- GhostGrab Android Malware
Mobile Threat Alert: GhostGrab Malware! Cybercriminals are getting more sophisticated, and GhostGrab is a clear example. This Android malware doesn’t just steal banking credentials—it can also:Run hidden cryptocu...
•
5:17
Cyfirma Research- CVE-2025-6541: TP-Link Omada Gateway Remote Command Injection Vulnerability Analysis
Critical Alert: CVE-2025-6541 – TP-Link Omada Gateway Remote Command InjectionOrganizations using TP-Link Omada Gateway devices must act immediately. This critical vulnerability allows attackers to execute arbitrary OS-level commands vi...
•
4:51
CYFIRMA Research: DPRK Sanctions Violations in Cyber Operations Post-UN Panel Demise
North Korea’s cyber operations are evolving into one of the most significant global sanctions-evasion threats. CYFIRMA's new report, DPRK Sanctions Violations in Cyber Operations Post UN Panel Demise, highlights escalating multi-billion-dollar ...
•
5:49
CYFIRMA Research- Tracking Ransomware: September 2025
CYFIRMA’s Sept 2025 Ransomware Report highlights major evolutions across the ransomware landscape. Akira advanced by bypassing MFA on SonicWall VPNs through OTP seed theft, signalling a move beyond patchable flaws. MalTerminal broke new ground ...
•
4:11