CYFIRMA

CYFIRMA Research

News EN ↓ 322 episodes

Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.

Author

CYFIRMA

Category

News

Podcast website

www.cyfirma.com

Latest episode

Jul 7, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

CYFIRMA Research: AI-Powered Bot Attacks Against E-Commerce in India 07.07.2026

Artificial intelligence is reshaping the cyber threat landscape, and e-commerce platforms are increasingly becoming prime targets for AI-powered bot attacks. Unlike traditional bots, these advanced automated tools can mimic legitimate user behaviour, adapt to security controls, and execute large-scale attacks with greater speed and precision. From credential stuffing and account takeover to invent...

CYFIRMA Research: Converging Threat Vectors: Escalating Cyber Risk and Strategic Exposure in Saudi Arabia’s Digital Ecosystem (2025–2026) 06.07.2026

Saudi Arabia’s digital ecosystem is facing a convergence of escalating cyber risks. Our latest threat landscape assessment highlights: 🔹 Intensified state-aligned espionage targeting Saudi Arabia   🔹 Ransomware operational maturity with multi-vector intrusion models  🔹 AI-enabled phishing increasing credential harvesting success rates  🔹 Rising dark web exposure of Saudi-linked datasets and ac...

CYFIRMA Research: Hong Kong Cyber Threat Landscape 02.07.2026

Hong Kong Cyber Threat Landscape 2025–26 CYFIRMA's latest intelligence assessment reveals a sharp rise in ransomware, state-aligned espionage, cloud abuse, and data-theft operations targeting Hong Kong. Ransomware groups like RansomHouse, Cl0p, Sinobi, and advanced APTs such as Salt Typhoon, Lotus Panda, PlushDaemon, APT41, and Tropic Trooper continue to drive high-impact activity across fina...

CYFIRMA Research: An Income Tax Assessment Notice Phishing Campaign Delivering Malware 25.06.2026

Fake Income Tax Notice Delivers RAT Malware CYFIRMA has identified a sophisticated malware distribution campaign leveraging a fraudulent Indian Income Tax Department assessment notice to infect users with a Remote Access Trojan (RAT)-like payload. The campaign uses a convincing tax-themed lure hosted on a malicious domain to impersonate legitimate government communications, tricking victims into d...

CYFIRMA Research: Microsoft Teams-Themed Remote Access Phishing Campaign 23.06.2026

An active phishing campaign is leveraging Microsoft Teams-themed lures to distribute legitimate remote access software configured for unauthorized access.   The campaign highlights a growing trend in cybercrime operations: leveraging trusted platforms, legitimate software, and reputable hosting providers to bypass conventional security controls. As threat actors continue shifting toward legitimate...

CYFIRMA Research: Exploitation of Model Context Protocol in Agentic AI Deployments 22.06.2026

CYFIRMA's latest research documents how adversaries are exploiting the Model Context Protocol, the integration standard now embedded in Claude, Copilot, Cursor, VS Code, and hundreds of enterprise AI platforms, to turn AI agents into autonomous attack infrastructure. If your organization has deployed MCP-connected agents in production, the decisions this report describes are available now. #T...

CYFIRMA Research: New NPM Supply Chain Campaign Identified- A Multi-Stage Cryptocurrency Malware with More Than 2.7 million Downloads 19.06.2026

Alert : Major NPM Supply Chain Attack Exposed: 2.7M+ Downloads Impacted CYFIRMA Researchers identified 11 malicious npm packages targeting blockchain and Web3 developers, highlighting the growing risks within the open-source software supply chain. The attack demonstrates how a single typo or unverified dependency can introduce malicious code into development workflows. As Web3 adoption grows, soft...

CYFIRMA Research: Cyber Threats Surrounding the FIFA World Cup 2026 18.06.2026

48 teams 3 host nations. Billions of viewers And a cyber-attack surface unlike anything seen before. As global anticipation for the FIFA World Cup 2026 grows, so does cybercriminal interest. Our assessment identified FIFA-themed phishing domains, fraudulent ticketing infrastructure, and malicious streaming platforms already leveraging tournament branding. Looking ahead, organizations should prepar...

CYFIRMA Research: Tracking Ransomware- May 2026 16.06.2026

CYFIRMA Healthcare Industry Report | Q2 2026 | Overall industry risk: 6.9 / 10 - ELEVATED 90 days of telemetry. 5 threat categories. Here is what the numbers say about the healthcare sector this quarter. Ransomware across the period: 216 victims across 42 countries, up 8.5% from 199 last quarter, with 50 of 81 active gangs recording healthcare targets (62% participation, the highest rate observed...

CYFIRMA Research: Operation TaxShadow- Multi-Region Tax Phishing & In-Memory Malware Campaign 08.06.2026

Threat Research: Operation Tax Shadow Explore CYFIRMA's latest report regarding a tax-themed phishing campaign impersonating government tax authorities across multiple countries. • Multi-stage malware delivery via ZIP archive  • DLL Search Order Hijacking for stealthy execution  • API Hooking and Access Token Manipulation  • COM Callback-based code execution to evade monitoring  • Modified RC...

CYFIRMA Research: Kenya Cyber Threat Landscape 05.06.2026

Kenya’s cyber threat landscape is intensifying. The latest CYFIRMA report reveals a surge in ransomware activity, credential leaks, dark web data trading, website defacements, and attacks targeting government, finance, telecom, and critical infrastructure sectors throughout 2025–2026. From ransomware groups like Qilin and RansomHub to large-scale underground credential sales and AI-driven phishing...

CYFIRMA Research: CVE-2026-34197- Jolokia Exposure Enables RCE in Apache ActiveMQ 03.06.2026

The CYFIRMA Research team has identified key security insights related to CVE-2026-34197, a high-severity remote code execution vulnerability affecting Apache ActiveMQ Classic deployments. The vulnerability arises from exposure of the Jolokia JMX-HTTP bridge, which allows authenticated attackers to invoke privileged broker management operations and abuse the addNetworkConnector() functionality to...

CYFIRMA Research: China Threat Landscape 02.06.2026

China’s cyber threat landscape is evolving faster than ever — and the implications go far beyond its borders. Our latest threat intelligence report 2025 – 2026 highlights a convergence of ransomware, state-sponsored espionage, and systemic infrastructure risk that organizations cannot afford to ignore. From hyper-targeted phishing to faster vulnerability exploitation, AI is increasing both the spe...

CYFIRMA Research: Weaponization of Indian Student Data- An Ecosystem for Phishing, Social Engineering, and Financial Fraud 22.05.2026

The increasing digitalization of India’s education sector has created a growing attack surface for cybercriminals targeting student-related data. Our latest threat intelligence assessment explores how exposed or misused student information is being leveraged for phishing, social engineering, impersonation, credential theft, and financial fraud.  The report highlights multiple observed cases involv...

CYFIRMA Research: South Korea Threat Landscape Report 20.05.2026

South Korea isn't just facing high-frequency cyberattacks, it’s navigating a highly professionalized exploitation pipeline. Regional APTs, RaaS affiliates, and initial access brokers aren't operating in silos; they are stakeholders in a maturing digital shadow economy. South Korea’s hyper-connected infrastructure and high-value industrial sectors aren't just targets-they are high-yi...

CYFIRMA Research: Tracking Ransomware- April 2026 19.05.2026

CYFIRMA – April 2026 Ransomware Threat Intelligence Briefing Ransomware activity reached 801 global incidents in April 2026, marking the highest April total in recent years and reinforcing the continued expansion of ransomware-as-a-service operations. In this episode, the CYFIRMA Research Team breaks down: • The most active ransomware groups driving April activity • Key sectors and countries under...

CYFIRMA Research: Operation SilentCanvas – JPEG-Based Multi-Stage PowerShell Intrusion 15.05.2026

Operation SilentCanvas – JPEG-Based Multi-Stage PowerShell Intrusion CYFIRMA Research conducted an in-depth technical investigation into a sophisticated multi-stage intrusion campaign leveraging a weaponized PowerShell payload disguised as a legitimate “.jpeg” image file to deploy a trojanized ConnectWise ScreenConnect framework for covert persistent access.     Key highlights from the research:  ...

CYFIRMA Research: Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns 08.05.2026

New Research: Trusted Infrastructure Phishing — The Attack That Lives Inside Your Security Stack Most phishing starts outside your perimeter. This one starts inside it. Trusted Infrastructure Phishing (TIP) is a threat class in which every phase of the attack chain — delivery, hosting, execution, authentication, and persistence — operates through legitimate, enterprise-trusted cloud infrastructure...

CYFIRMA Research: Malaysia Threat Landscape Report 05.05.2026

Malaysia isn’t just seeing cyber threats - it’s seeing a structured cyber economy take shape. Ransomware groups, data brokers, and access sellers are all operating across the same ecosystem. Manufacturing, government, and service sectors aren’t just targets - they’re data-rich environments with real extortion value. It’s a connected threat landscape: Data breaches feeding underground markets.  Ran...

CYFIRMA Research: Taiwan Cyber Threat Landscape 2026 04.05.2026

Taiwan Cyber Threat Landscape 2026 Taiwan remains at the forefront of global cyber conflict—driven by its semiconductor dominance, strategic geopolitical position, and deep international partnerships. 🔹 Relentless Pressure: ~2.63M daily cyber intrusion attempts in 2025 (+100% since 2023)  🔹 Primary Threat Actors: PRC-linked APT groups conducting espionage, IP theft, and infrastructure pre-positi...

CYFIRMA Research: Singapore Threat Landscape 30.04.2026

Singapore’s position as a global financial, technological, and connectivity hub continues to attract sophisticated cyber threats from both state-sponsored actors and financially motivated cybercriminal groups. Key Threat Actors Identified : UNC3886, Mustang Panda, Volt Typhoon, APT41 – China-linked APT groups conducting long-term espionage targeting telecoms, government networks, and high-tech ind...

CYFIRMA Research: Philippines Evolving Cyber Threat Landscape 2025-2026 28.04.2026

Stay ahead with CYFIRMA’s Philippines Evolving Cyber Threat Landscape 2025–2026 Report. The Philippines is facing a sharp escalation in AI-driven and automated cyber threats. Q3 2025 recorded over 52 million exposed credentials, while ransomware operations increasingly targeted operational systems across healthcare, BFSI, and critical infrastructure. Identity compromise, vendor access abuse, and s...

CYFIRMA Research: KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft 27.04.2026

KYCShadow: Mobile Threat Alert – Android Banking Malware Campaign CYFIRMA Research has identified a sophisticated Android malware campaign distributed via WhatsApp, impersonating Bank KYC and e-Challan services to compromise financial users at scale. The campaign demonstrates structured backend operations and infrastructure reuse (e.g., jsonapi[.]biz), indicating a coordinated and evolving fraud e...

CYFIRMA Research: Operation PhantomCLR- Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse 22.04.2026

Operation PhantomCLR Our latest research uncovers a highly sophisticated post-exploitation framework that represents a significant shift in modern attacker tradecraft. The campaign leverages .NET AppDomainManager hijacking to abuse a legitimate, digitally signed Intel binary (IAStorHelp.exe), transforming it into a stealthy execution container without modifying the original file.  This allows mali...

CYFIRMA Research: Silent Crypto Wallet Takeover- Unlimited USDT Approval Exploitation via Trust Wallet QR Code Phishing 21.04.2026

CYFIRMA Research has identified an active crypto drainer campaign targeting Trust Wallet users through QR code phishing distributed via Telegram channels. The attack leverages deep link abuse and deceptive transaction flows to gain persistent access to victim funds. This campaign highlights a shift toward user-authorized exploitation, where no wallet vulnerability is required. By abusing standard...

Listen to the CYFIRMA Research podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.