CYFIRMA Research

CYFIRMA
  • 0.0 (0)
  • TECH NEWS
  • UPDATED WEEKLY

Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.

  1. 2D AGO

    CYFIRMA Research: CVE-2026-1492 WordPress User Registration & Membership Authentication Bypass Flaw

    The CYFIRMA Research team has identified critical security insights related to CVE-2026-1492, a high-severity authentication bypass and privilege escalation vulnerability affecting the WordPress User Registration & Membership plugin. The vulnerability allows unauthenticated attackers to gain administrative access by exploiting improper server-side validation and weak authorization controls within the registration and membership workflow. Our research highlights the exploitation mechanism, exposure landscape, affected versions, and mitigation strategies to help organizations defend against potential compromise. Link to the Research Report: https://www.cyfirma.com/research/cve-2026-1492-wordpress-user-registration-membership-authentication-bypass-flaw/ #CYFIRMAResearch #CyberSecurity #ThreatIntelligence #VulnerabilityResearch #ETLM #CVE20261492 #CYFIRMA #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    6 min

  2. 4D AGO

    CYFIRMA Research: Tracking Ransomware- March 2026

    March reflected a further escalation in ransomware activity, with incident volumes rising and multiple threat actors expanding operations simultaneously. Qilin emerged as the most dominant group with a sharp increase in activity, while several others, including Akira, Incransom, Nightspire, Dragonforce, and LockBit5, showed significant growth, indicating a highly competitive and rapidly scaling ecosystem. At the same time, a few groups declined, reinforcing the fluid and continuously shifting nature of ransomware operations. The threat model continues to evolve toward access-driven intrusions, with attackers leveraging credential compromise, exploitation of internet-facing vulnerabilities, and brokered access. Increased use of legitimate administrative tools, stealth-focused techniques, and rapid deployment through cloud and virtual infrastructure highlights a strong shift toward efficiency and evasion. Geographically, the United States remained the most impacted region by a wide margin, followed by the United Kingdom, Canada, and major European economies, with continued expansion across Asia-Pacific and emerging markets. Industry targeting remained concentrated on sectors with high operational reliance and sensitive data exposure, particularly professional services, manufacturing, healthcare, and information technology. Link to the Research Report: https://www.cyfirma.com/research/tracking-ransomware-march-2026/  #CyberSecurity #Ransomware #ThreatIntel #ETLM #CYFIRMA  #ThreatLandscape #CyberRisk #DataExtortion #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    4 min

  3. 5D AGO

    CYFIRMA Research: CrySome RAT

    CrySome RAT – Advanced Threat Insight CrySome RAT is a sophisticated .NET-based remote access trojan engineered for long-term persistence and stealth on Windows systems. It extends beyond typical malware by maintaining execution even after system resets, leveraging recovery partition abuse and offline registry manipulation to ensure continued presence. Beyond persistence, it delivers a full post-exploitation toolkit. It supports remote command execution, file exfiltration, process manipulation, and network pivoting via SOCKS and reverse proxy. With capabilities like AVKiller to disable security tools, HVNC for hidden remote control, keylogging, credential theft from Chromium-based browsers, and real-time screen, audio, and webcam surveillance, it provides attackers with deep visibility and control over compromised environments. Adding to the concern, it’s being openly marketed via crysome[.]net, lowering the barrier for wider adoption. Link to the Research Report: https://www.cyfirma.com/research/crysome-rat-an-advanced-persistent-net-remote-access-trojan/ #MalwareAnalysis #CyberSecurity#ThreatIntel #RAT #CYFIRMA #CYFIRMAResearch #WindowsRAT #HVNC #InfoSec  #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    4 min

  4. 6D AGO

    CYFIRMA Research: Invoice-Themed Phishing Campaign Targeting Financial Workflows Amid Fiscal Year-End Activity

    New Threat Intelligence Report: Invoice-Themed Phishing Campaign A sophisticated phishing campaign is actively targeting finance and procurement teams using invoice, payment, and operational lures—timed strategically around financial year-end activities. With increased transaction volumes and audit processes, employees are more likely to engage with seemingly routine emails—making this campaign particularly effective. This campaign reflects a broader shift toward stealthy, user-driven phishing techniques designed to bypass traditional defenses.  Link to The Research Report: https://www.cyfirma.com/research/invoice-themed-phishing-campaign-targeting-financial-workflows-amid-fiscal-year-end-activity/ #CyberSecurity #Phishing #ThreatIntelligence #InfoSec #CyberAwareness #BEC #CyberDefense #CYFIRMA#CYFIRMAresearch  #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    4 min

  5. APR 7

    CYFIRMA Research: Tracking Ransomware- February 2026

    Stay informed with CYFIRMA’s February 2026 Ransomware Threat Report. February continued to reflect a high-activity ransomware environment, with noticeable shifts in group dynamics and operational patterns. While Qilin sustained consistent activity levels, other actors showed mixed trends, with some groups scaling rapidly and others reducing operations, highlighting the constantly evolving nature of the ecosystem. The ransomware model continues to move toward access-led intrusions and extortion strategies driven by psychological and operational pressure rather than purely technical compromise. Techniques such as credential-based access, abuse of legitimate tools, and stealth-focused persistence are becoming more prominent, alongside increasing use of cloud and virtual infrastructure to support campaigns. Geographically, the United States remained the most affected region, followed by Canada, the United Kingdom, and key European markets, with continued spread across Asia-Pacific and emerging economies. Industry targeting remained focused on sectors with high operational dependency and valuable data, particularly professional services, manufacturing, and information technology. Link to The Research Report: https://www.cyfirma.com/research/tracking-ransomware-feb-2026/ #CyberSecurity #Ransomware #ThreatIntel #ETLM #CYFIRMA #ThreatLandscape #CyberRisk #DataExtortion #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    4 min

  6. APR 2

    CYFIRMA Research: CVE-2026-24423 – SmarterTools SmarterMail Remote Code Execution Vulnerability

    The CYFIRMA Research team has identified critical security insights related to CVE-2026-24423, a high-severity unauthenticated remote code execution vulnerability impacting SmarterTools SmarterMail. The vulnerability allows attackers to execute arbitrary commands through the ConnectToHub API, potentially leading to full system compromise. Our research highlights the exploitation mechanism, threat landscape, affected versions, and mitigation strategies to help organizations defend against emerging threats. Link to the Research Report: CVE-2026-24423 - SmarterTools SmarterMail Remote Code Execution Vulnerability - CYFIRMA #CYFIRMAresearch #CyberSecurity #ThreatIntelligence #VulnerabilityResearch #ETLM #CVE202624423  #ExternalThreatLandscapeManagement #ETLM #CYFIRMA https://www.cyfirma.com/

    8 min

  7. MAR 31

    CYFIRMA Research: Operation False Siren- A Trojanized Android Spyware Campaign

    CYFIRMA Research uncovered a targeted Android spyware campaign, Operation False Siren, exploiting wartime urgency by weaponizing the trusted Israeli civil defense alert application. In this operation, threat actors distributed a trojanized version of the missile warning app via SMS phishing (smishing) campaigns, convincing victims to install what appeared to be a critical alert system update. Once installed, the application deployed a two-stage malware framework designed to silently establish long-term surveillance on compromised devices. This campaign highlights how trusted public-safety applications and open-source codebases can be abused to conduct large-scale surveillance operations, particularly during periods of geopolitical conflict when users are more likely to install urgent security updates without scrutiny. Link to the Research Report: OPERATION FALSE SIREN ANDROID SPYWARE CAMPAIGN - CYFIRMA #CYFIRMA #ThreatIntelligence #AndroidMalware #MobileSecurity  #ThreatResearch #MalwareAnalysis #CyberSecurity #CTI #AndroidSpyware  #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    6 min

  8. MAR 30

    CYFIRMA Research- TaxiSpy RAT: Analysis of TaxiSpy RAT – Russian Banking-Focused Android Malware with Full Remote Control

    New Report Released: Advanced Android Banking RAT Targeting Russian Financial Institutions CYFIRMA Research has uncovered a highly sophisticated Android Banking Trojan with integrated Remote Access Trojan (RAT) capabilities targeting Russian users and financial institutions, such as banking apps, cryptocurrency applications, government services apps, and marketplace platforms. What the report covers:  • Native library–based obfuscation (sysruntime[.]so)  • Custom rolling XOR encryption hiding C2 infrastructure  • Firebase-backed command & control  • Real-time VNC-like remote device control  • SMS takeover & OTP interception  • Lock screen PIN capture & keylogging  • Targeted monitoring of 33+ Russian banking apps  • Multi-layered persistence mechanisms The malware demonstrates advanced operational security, runtime decryption of infrastructure, affiliate-style worker keys, and comprehensive financial fraud capabilities. This campaign reflects the growing sophistication of Android banking RAT ecosystems — combining stealth, persistence, and full remote access into a scalable threat model. Link to the Research Report: TAXISPY RAT : Analysis of TaxiSpy RAT - Russian Banking - Focused Android Malware with Full Remote Control - CYFIRMA  #ThreatIntelligence #AndroidMalware #BankingTrojan #CyberSecurity  #MobileThreats #RAT #MalwareAnalysis #CYFIRMA #CYFIRMAResearch  #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    5 min
See All (297)

About

Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.

Information

  • Creator
    CYFIRMA
  • Years Active
    2023 - 2026
  • Episodes
    297
  • Rating
    Clean
  • Copyright
    © 2026 CYFIRMA Research
  • Show Website
    CYFIRMA Research