CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
Episodes
211 episodes
CYFIRMA Research- Hannibal Stealer: A Rebranded Threat Born from Sharp and TX Lineage
Read CYFIRMA’s report on the Hannibal Stealer, a rebranded variant of SHARP and TX Stealers, which has re-emerged with expanded data exfiltration capabilities and an updated command-and-control infrastructure. Hannibal Stealer is built in C# on...
•
8:38
CYFIRMA Research- Technical Malware Analysis Report: Python-based RAT Malware
A New Breed of Python-Based RATs is Abusing Discord for C2 The CYFIRMA research team has investigated an emerging class of Python malware that is turning popular platforms into weaponized control panels. One recent variant showcase...
•
6:12
CYFIRMA Research- Scamonomics: The Dark Side of Stock & Crypto Investments in India
Cybercriminals are impersonating trusted business executives and financial experts to trap unsuspecting investors. These scammers are creating fake investment firms with fraudulent registration details, professional-looking websites and manipul...
•
7:14
CYFIRMA Research: Cyber Espionage Among Allies- Strategic Posturing in an Era of Trade Tensions
The CYFIRMA research team provides a comprehensive analysis of how diplomacy, defense, and digital strategy are colliding:As trade friction intensifies especially under the 2025 U.S. tariff regime, cyberspace is becoming the frontier of...
•
8:44
CYFIRMA Research- Tik-Tok: China’s Digital Weapon System?
U.S. President Donald Trump, once a critic but now a supporter of TikTok, is granting the app’s China-based parent company, ByteDance, a second 75-day extension to finalize a deal that would transfer ownership of TikTok to an American entity. W...
•
9:42
CYFIRMA Research- Tracking Ransomware: March 2025
Stay ahead of evolving ransomware threats with CYFIRMA’s Monthly Ransomware Report – March 2025. The month of March saw shifting dynamics, with Safepay experiencing a huge surge of 223%, while RansomHub and Akira declined. Babuk2 ha...
•
5:51
CYFIRMA Research- The Neptune RAT
CYFIRMA researchers have identified a dangerous new version of Neptune RAT being actively shared online. This malware spreads through GitHub, Telegram, and YouTube, often advertised as the "Most Advanced RAT." The attack starts when victims run...
•
9:34
CYFIRMA Research- Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques
CYFIRMA’s research team has conducted an in-depth investigation into Konni RAT, a sophisticated remote access trojan (RAT) that uses advanced evasion techniques to bypass detection. It exploits Windows features, such as file extens...
•
4:58
CYFIRMA Research- ANALYSIS OF A DISCORD-BASED REMOTE ACCESS TROJAN (RAT)
Hackers are leveraging Python-based Discord RATs to exploit Discord’s API as a Command and Control (C2) platform. This sophisticated malware allows attackers to gain complete control over compromised systems, making it a serious cybersecurity r...
•
6:49
CYFIRMA Research: Turning Aid into Attack- Exploitation of Pakistan's Youth Laptop Scheme to Target India
The CYFIRMA research team has identified a fake Indian Post Office website leveraging the Clickfix technique to target Indian users. The report details how a Pakistani threat actor is targeting both Windows and Android users by dropping APK fil...
•
7:08
CYFIRMA Research- CVE-2025-24813: Apache Tomcat RCE Vulnerability Analysis
Critical Alert: Immediate action is required for all organizations using Apache Tomcat!CVE-2025-24813 is a critical Remote Code Execution (RCE) vulnerability that allows attackers to bypass security controls via a path equivalence flaw,...
•
4:47
CYFIRMA Research- Tracking ransomware: February 2025
Stay ahead of evolving ransomware threats with CYFIRMA’s Monthly Ransomware Report – February 2025. Ransomware activity surged by 87.45% in February month, with Cl0p witnessing an alarming 453% rise. Manufacturing, FMCG, and Transportation sect...
•
6:30
CYFIRMA Research- Geopolitical Conflicts and The Unpredictable Nature of Hacktivist Operations
Hacktivists often become active participants in cyber conflicts whenever geopolitical tensions arise. This has been evident during events like the Israel-Palestine conflict and the Russia-Ukraine war. Recently, tensions flared between Malaysia ...
•
6:49
CYFIRMA Research- LithiumWare Ransomware
The CYFIRMA research has identified a new ransomware variant named LithiumWare, showcasing advanced capabilities designed to disrupt, encrypt, and steal. Key Features of LithiumWare:Data Theft: Exhibits activities indic...
•
6:04
CYFIRMA Research- DEEPFAKE, OR THE ‘SPUTNIK MOMENT’ IN THE AI RACE
China's DeepSeek recently shocked the AI world, challenging US dominance and raising serious security concerns. Did US export controls backfire, fuelling China's AI rise and a new era of cyber threats? Link to the Research Report: ...
•
6:59
CYFIRMA Research: Fake CAPTCHA Malware Campaign- How Cybercriminals Use Deceptive Verifications to Distribute Malware
Cybercriminals have developed a new sophisticated method to distribute malware via fake CAPTCHA pages, tricking users into executing malicious scripts. Our investigation reveals that the Lumma Stealer is leveraging this tactic to harvest sensit...
•
5:57
CYFIRMA Research- SPYLEND: The Android App Available on Google Play Store: Enabling Financial Cyber Crime & Extortion
This report explores a fake financial management app on the Google Play Store named Finance Simplified, which has been downloaded over 100,000 times. The app reportedly downloads an additional fraudulent loan application targeting Indian users....
•
6:08
CYFIRMA Research: JavaScript to Command-and-Control (C2) Server Malware
The cyber threat landscape is evolving, with hackers deploying multi-stage malware using obfuscation, steganography, and covert communication channels to evade detection.Attacks start with an Obfuscated JavaScript, fetching encoded comm...
•
6:24
CYFIRMA Research- Tracking Ransomware- January 2025
Stay informed about the latest developments in cybersecurity with CYFIRMA's Tracking Ransomware – January 2025 Report. January witnessed 510 ransomware victims globally, with Akira emerging as the most active group while n...
•
4:40
CYFIRMA Research- APT Quarterly Highlights- Q4 2024
Our Q4 2024 APT Quarterly Highlights Report unveils a surge of dynamic and innovative cyber activities from APT groups across Iran, North Korea, Russia, and China. These groups intensified operations with a sharp focus on credential theft throu...
•
7:22
CYFIRMA Research- FinStealer
A malware disguised as a banking app is spreading through phishing and unofficial app stores. Built with Kotlin, this malware steals personal info and card details, leaking everything to criminals via Telegram bots and hidden servers. Stay safe...
•
6:53
CYFIRMA Research: Flesh Stealer- Unmasking the Blue Masked Thief
Flesh Stealer, a newly identified malware first observed in August 2024 and written in C#, targets browsers like Chrome, Firefox, and Edge to harvest saved passwords, cookies, and browsing history. It also extracts data from applications such a...
•
6:04
CYFIRMA Research: Astral Stealer Analysis
Astral Stealer: A Sophisticated Threat! Our latest research uncovers Astral Stealer, a powerful malware designed to exfiltrate sensitive data using browser injections, credential dumping, and sophisticated evasion techniques. As a ...
•
4:30
CYFIRMA Research: Windows Locker Ransomware
New Ransomware Alert: "Windows Locker"A new .NET-based ransomware strain, Windows Locker, is making waves with its advanced tactics, also read the CYFIRMA research team's full report for a comprehensive analysis:Encryption: File...
•
5:04
CYFIRMA Research- CVE-2024-45387: Critical Vulnerability in Apache Traffic Control
A critical SQL injection vulnerability (CVE-2024-45387) has been discovered in Apache Traffic Control's Traffic Ops component, impacting versions 8.0.0 and 8.0.1. Attackers with high-level roles (admin, federation, operations, portal, steering)...
•
5:50