CYFIRMA Research

CYFIRMA
  • 0.0 (0)
  • TECH NEWS
  • UPDATED WEEKLY

Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.

  1. 3D AGO

    CYFIRMA Research- Mamba Phishing-as-a-Service Kit: How Modern adversary-in-the-middle (AiTM) Attacks Operate

    Mamba 2FA illustrates the evolution of phishing into highly automated adversary-in-the-middle attacks that can bypass traditional MFA by closely emulating legitimate cloud authentication experiences. As part of a broader phishing-as-a-service ecosystem, these tools enable scalable, low-effort campaigns with high impact across cloud environments. Addressing this threat requires MFA-resistant authentication, layered identity controls, and continuous monitoring of emerging phishing techniques. Link to the Research Report: Mamba Phishing-as-a-Service Kit: How Modern adversary-in-the-middle (AiTM) Attacks Operate - CYFIRMA #CyberSecurity #ThreatIntelligence #Phishing #AiTM #CloudSecurity  #MFABypass #DigitalRisk #CYFIRMA #CYFIRMAresearch  #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    6 min

  2. JAN 28

    CYFIRMA Research- SOLYXIMMORTAL: PYTHON MALWARE ANALYSIS

    Emerging Threat Model: SOLYXIMMORTAL Malware Recent analysis highlights how modern commodity malware continues to evolve by abusing legitimate system functionality rather than relying on exploits or vulnerabilities. The malware demonstrates how attackers can achieve persistent access, credential theft, and user surveillance entirely within the user space, leveraging trusted operating system features and third-party services. Key observations: User-level persistence via AppData and registry Run keysCredential extraction from browser stores using native OS APIsContext-aware surveillance through active window monitoring and screenshotsData exfiltration over legitimate platforms (e.g., Discord webhooks)No exploit chains or privilege escalation required Why this matters: These techniques evade many traditional security controls by blending into normal system behavior and trusted network traffic. When malware relies on standard scripting runtimes, user permissions, and widely used cloud services, detection becomes a behavioral problem, not a signature one. Effective defense requires visibility into user-space execution, browser credential access, and abuse of legitimate third-party services, alongside strong behavioral analytics. Link to the Research Report: SOLYXIMMORTAL : PYTHON MALWARE ANALYSIS - CYFIRMA #ThreatIntelligence #MalwareAnalysis #CyberSecurity #BlueTeam  #DetectionEngineering #OSINT #InfoSec #CYFIRMA #CYFIRMAresearch #ETLM #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    7 min

  3. JAN 16

    CYFIRMA Research- Tracking Ransomware – December 2025

    Stay ahead with CYFIRMA’s December 2025 Ransomware Report. December marked the most active month of 2025 with 801 global ransomware victims, signaling a strong year-end escalation. Qilin surged to 175 victims, reinforcing its dominance, while Safepay and Sinobi posted sharp month-over-month growth, highlighting shifting group momentum. Ransomware operations increasingly adopted cartel-style, access-driven models, abusing trusted security tools, hypervisors, and enterprise file-sharing platforms to accelerate encryption and data-theft-only extortion.  The United States remained the primary target, followed by Western Europe, with expanding activity across Asia-Pacific and the Middle East. Professional services, manufacturing, IT, healthcare, and real estate were the most impacted sectors. Emerging groups like Nova continued to scale through data-centric extortion, signaling sustained threat expansion into 2026. Link to the Research Report: TRACKING RANSOMWARE : DEC 2025 - CYFIRMA #CyberSecurity #Ransomware #ThreatIntel #ETLM #CYFIRMA #Qilin #Safepay   #Sinobi #Nova #DataExtortion #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    3 min

  4. JAN 9

    CYFIRMA Research- Resurgence of Scattered Lapsus$ Hunters

    The threat landscape just got more complex. The Scattered LAPSUS$ Hunters-alliance has re-emerged, merging the tactics of notorious groups. This isn’t just a name change; it’s a shift toward professionalized, identity-centric extortion. What you need to know: High-Value Targets: Focused on enterprises with $500M+ revenue, specifically in Cloud, Telecom, and Finance.Identity is the Perimeter: They specialize in "logging in" rather than "hacking in," using advanced vishing (voice phishing) and insider recruitment to bypass MFA.ShinySp1d3r RaaS: The group is launching its own "extortion-as-a-service" platform, moving away from third-party ransomware.Sector Limits: They currently avoid healthcare and specific geopolitical regions (Russia/China), keeping their focus on high-yield corporate data.The takeaway? If your security relies solely on "traditional" MFA without monitoring for suspicious identity behaviour, you could be at risk. Link to the Research Report: https://www.cyfirma.com/research/resurgence-of-scattered-lapsus-hunters/ #CyberSecurity #ThreatIntel #ScatteredSpider #Lapsus #CISO #DataProtection #CYFIRMA #CYFIRMAresearch #ExtrnalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    8 min

  5. JAN 6

    CYFIRMA Research- APT36: Multi-Stage LNK Malware Campaign Targeting Indian Government Entities

    APT36 Targets Indian Entities Using Weaponized Windows Shortcut Files CYFIRMA has identified a coordinated cyber-espionage campaign attributed to APT36 (Transparent Tribe), a Pakistan-aligned threat actor persistently targeting Indian government entities and strategic sectors. This campaign highlights APT36’s evolving tradecraft, leveraging malicious Windows shortcut (.LNK) files and multi-stage payload delivery to stealthily compromise victim systems while masquerading as legitimate documents. This activity underscores APT36’s increasing technical maturity and continued emphasis on espionage-driven operations against Indian interests. Link to the Research Report: https://www.cyfirma.com/research/apt36-multi-stage-lnk-malware-campaign-targeting-indian-government-entities/ #CyberSecurity #ThreatIntel #APT36 #TransparentTribe #MalwareAnalysis  #IndianGovernment #LNKMalware #CyberEspionage #ThreatResearch  #CYFIRMA #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    5 min

  6. 12/31/2025

    CYFIRMA Research- PLAUSIBLE DENIABILITY IN CYBERSPACE: THE STRATEGIC USE OF HACKTIVIST PROXIES

    Hacktivist activity is often dismissed as low-sophistication noise, website defacements, DDoS attacks, or online activism. Our latest research argues that this view is increasingly outdated. The report introduces Hacktivist Proxy Operations as a repeatable model of deniable cyber pressure, where ideologically aligned non-state groups apply disruption, narrative amplification, and psychological pressure in ways that align with state geopolitical interests without formal sponsorship or direct control. Key takeaways: • Hacktivist campaigns increasingly activate after geopolitical triggers such as sanctions or diplomatic escalation • Impact comes from timing, visibility, and narrative amplification — not technical sophistication • Low-intensity disruption can create disproportionate strategic and reputational pressure • Effective defense requires resilience and context awareness, not attribution certainty This research is based on structured analysis of open-source intelligence, underground ecosystems, and hacktivist communication channels, and is intended for public, policy, and security audiences. Link to the Research Report: PLAUSIBLE DENIABILITY IN CYBERSPACE : THE STRATEGIC USE OF HACKTIVIST PROXIES - CYFIRMA #CyberSecurity#ThreatIntelligence #Hacktivism #Geopolitics #CyberConflict  #InformationWarfare #CYFIRMA #CYFIRMAresearch #ExternalThreatLandscapeManagement  #ETLM https://www.cyfirma.com/

    8 min

  7. 12/29/2025

    CYFIRMA Research- APT36 LNK-Based Malware Campaign Leveraging MSI Payload Delivery

    Threat Alert: APT 36 CYFIRMA has identified a targeted malware campaign abusing fake NCERT WhatsApp advisory PDFs to compromise Windows systems. Link to the Research Report: APT36 LNK-BASED MALWARE CAMPAIGN LEVERAGING MSI PAYLOAD DELIVERY - CYFIRMA #APT36 #Cyberthreatintelligence #Malware analysis #Threathunting #Cybersecurity #ETLM #CYFIRMA https://www.cyfirma.com/

    5 min

  8. 12/26/2025

    CYFIRMA Research- Quishing Campaigns: Advanced QR-Code Phishing Evaluation and Insights

    A sophisticated QR-code phishing (“quishing”) campaign is targeting employees with payroll-themed lures, bypassing email security and harvesting credentials via obfuscated, per-victim infrastructure. This trend underscores the growing risk of mobile-based phishing and the need for stronger user awareness and behavior-driven defenses. Link to the Research Report: Quishing Campaigns : Advanced QR-Code Phishing Evaluation and Insights - CYFIRMA #Quishing #Phishing #CyberThreats #ThreatIntelligence #CYFIRMA  #CYFIRMAresearch #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    3 min
See All (279)

About

Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.

Information

  • Creator
    CYFIRMA
  • Years Active
    2023 - 2026
  • Episodes
    279
  • Rating
    Clean
  • Copyright
    © 2026 CYFIRMA Research
  • Show Website
    CYFIRMA Research