CYFIRMA Research

CYFIRMA
  • 0.0 (0)
  • TECH NEWS
  • UPDATED WEEKLY

Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.

  1. 12H AGO

    CYFIRMA Research: South Korea Threat Landscape Report

    South Korea isn't just facing high-frequency cyberattacks, it’s navigating a highly professionalized exploitation pipeline. Regional APTs, RaaS affiliates, and initial access brokers aren't operating in silos; they are stakeholders in a maturing digital shadow economy. South Korea’s hyper-connected infrastructure and high-value industrial sectors aren't just targets-they are high-yield assets in a global trade of stolen data. In a landscape where infrastructure is world-class but the data is the primary currency, sophistication is secondary to speed. South Korea isn't just being probed. It is being systematically indexed for profit. Link to the Research Report: https://www.cyfirma.com/research/south-korea-threat-landscape-report/ #CyberSecurity #ThreatIntelligence #NorthKorea #Ransomware #APT  #CriticalInfrastructure #CYFIRMA #CYFIRMAresearch #ETLM  #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    9 min

  2. 1D AGO

    CYFIRMA Research: Tracking Ransomware- April 2026

    CYFIRMA – April 2026 Ransomware Threat Intelligence Briefing Ransomware activity reached 801 global incidents in April 2026, marking the highest April total in recent years and reinforcing the continued expansion of ransomware-as-a-service operations. In this episode, the CYFIRMA Research Team breaks down: • The most active ransomware groups driving April activity • Key sectors and countries under the highest threat • Emerging exploit-driven and stealth-focused attack trends • The evolution toward data-centric multi-extortion models • Why ransomware is becoming a scalable cybercrime ecosystem Link to the Research Report: https://www.cyfirma.com/research/tracking-ransomware-apr-2026/ #Ransomware #CyberSecurity #ThreatIntelligence #CYFIRMA #CyberThreats #RaaS #ThreatLandscape #CyberDefense #InfoSec #DigitalRisk #ExternalThreatLandscapeManagement #ETLM Tracking Ransomware- April https://www.cyfirma.com/

    6 min

  3. 5D AGO

    CYFIRMA Research: Operation SilentCanvas – JPEG-Based Multi-Stage PowerShell Intrusion

    Operation SilentCanvas – JPEG-Based Multi-Stage PowerShell Intrusion CYFIRMA Research conducted an in-depth technical investigation into a sophisticated multi-stage intrusion campaign leveraging a weaponized PowerShell payload disguised as a legitimate “.jpeg” image file to deploy a trojanized ConnectWise ScreenConnect framework for covert persistent access.     Key highlights from the research:  • Weaponized JPEG-based PowerShell loader  • AMSI bypass & multi-layer obfuscation  • Dynamic .NET compilation via csc.exe  • Fileless UAC bypass abusing ComputerDefaults.exe  • Trojanized ScreenConnect deployment  • LOLBin abuse & stealth-focused persistence  • DPAPI-protected credential handling  • Hidden desktop architecture for covert operations  • Encrypted PBKDF2/HMAC-SHA256 C2 communication  • Extensive surveillance & SYSTEM-level execution capabilities    This campaign reflects the growing trend of threat actors weaponizing legitimate RMM platforms for stealthy enterprise compromise, credential theft, persistence, and potential ransomware staging. Link to the Research Report: https://www.cyfirma.com/research/operation-silentcanvas-jpeg-based-multistage-powershell-intrusion/ #CYFIRMA #CYFIRMAResearch #ThreatIntelligence #MalwareAnalysis #CyberSecurity #ThreatResearch #DigitalForensics #ReverseEngineering #PowerShell #ScreenConnect #ThreatHunting #CyberThreatIntelligence #ETLM #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    9 min

  4. MAY 8

    CYFIRMA Research: Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

    New Research: Trusted Infrastructure Phishing — The Attack That Lives Inside Your Security Stack Most phishing starts outside your perimeter. This one starts inside it. Trusted Infrastructure Phishing (TIP) is a threat class in which every phase of the attack chain — delivery, hosting, execution, authentication, and persistence — operates through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. No spoofed domains. No malicious IPs. No suspicious certificates. The attacker sends from Google's servers, hosts Microsoft's storage, authenticates through your identity provider, and persists inside your licensed SaaS environment. The governance gap is the real story. Every organization affected by TIP had licensed the platforms being abused. They had whitelisted the IPs. They had approved the OAuth flows. The gap is not in tooling; it is the assumption that trusted infrastructure cannot be weaponized from within. TIP invalidates that assumption at every stage. If your organization runs Microsoft 365, uses OAuth-integrated SaaS applications, or has invested in cloud productivity platforms — your trusted infrastructure is the attack surface. Link to the Research Report: https://www.cyfirma.com/research/abuse-of-cloud-native-infrastructure-in-modern-phishing-campaigns/ #CyberThreatIntelligence #CTI #CloudSecurity #TIP #TrustedInfrastructurePhishing #IdentitySecurity #OAuth #MicrosoftSecurity #PhishingDefense #MITRE #ATTACKFramework #BlueTeam #ThreatResearch #ZeroTrust #InfoSec #CYFIRMA #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    8 min

  5. MAY 5

    CYFIRMA Research: Malaysia Threat Landscape Report

    Malaysia isn’t just seeing cyber threats - it’s seeing a structured cyber economy take shape. Ransomware groups, data brokers, and access sellers are all operating across the same ecosystem. Manufacturing, government, and service sectors aren’t just targets - they’re data-rich environments with real extortion value. It’s a connected threat landscape: Data breaches feeding underground markets.  Ransomware groups exploiting access for quick monetization. Access brokers enabling repeat intrusions. Different actors. Same pipeline. When access is traded and data is currency, attacks don’t need to be sophisticated - just timely. Malaysia isn’t just being targeted. It’s being systematically monetized. Link to the Research Report: https://www.cyfirma.com/research/malaysia-threat-landscape-report/ #CyberSecurity #ThreatIntelligence #Ransomware #DarkWeb #CyberCrime #OSINT #CYFIRMA #CYFIRMAresearch #ETLM  #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    8 min

  6. MAY 4

    CYFIRMA Research: Taiwan Cyber Threat Landscape 2026

    Taiwan Cyber Threat Landscape 2026 Taiwan remains at the forefront of global cyber conflict—driven by its semiconductor dominance, strategic geopolitical position, and deep international partnerships. 🔹 Relentless Pressure: ~2.63M daily cyber intrusion attempts in 2025 (+100% since 2023)  🔹 Primary Threat Actors: PRC-linked APT groups conducting espionage, IP theft, and infrastructure pre-positioning  🔹 Rising Risks: Supply chain attacks, credential theft, ransomware, and disinformation campaigns  🔹 Critical Targets: Semiconductors, government, finance, healthcare, and critical infrastructure ⚠️ Not Just Espionage  Adversaries are embedding long-term access into energy, telecom, and tech sectors—potentially enabling disruption during future crises. 🌐 Geopolitics Matter  U.S.–China rivalry, regional tensions, and even global conflicts are shaping Taiwan’s cyber risk exposure.  Taiwan’s cyber landscape reflects a new reality: continuous competition in the digital domain, where resilience is just as critical as defense. Link to the Research Report: https://www.cyfirma.com/research/cyber-threat-landscape-report-taiwan/ #CyberSecurity #Taiwan #ThreatIntelligence #APT #Ransomware #Geopolitics #InfoSec #CYFIRMA #ETLM #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    9 min

  7. APR 30

    CYFIRMA Research: Singapore Threat Landscape

    Singapore’s position as a global financial, technological, and connectivity hub continues to attract sophisticated cyber threats from both state-sponsored actors and financially motivated cybercriminal groups. Key Threat Actors Identified: UNC3886, Mustang Panda, Volt Typhoon, APT41 – China-linked APT groups conducting long-term espionage targeting telecoms, government networks, and high-tech industries. Lazarus Group – North Korea–linked actor targeting fintech platforms, banks, and cryptocurrency ecosystems. Sectors at Highest Risk: Telecommunications | Financial Services | Healthcare | IT Services | Semiconductor & Technology Manufacturing Underground Activity Insights: Dark web monitoring shows sustained trading of Singapore-linked datasets, including identity records, financial account details, and healthcare information , fueling fraud, account takeover, and identity theft campaigns. As geopolitical tensions and digital transformation accelerate, proactive threat intelligence and cross-sector collaboration will be critical to safeguarding Singapore’s digital ecosystem. Link to the Research Report: https://www.cyfirma.com/research/singapore-threat-landscape/ #CyberSecurity #ThreatIntelligence #Singapore #APT #Ransomware  #CyberThreats #DarkWeb #CyberDefense #CYFIRMA #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    8 min

  8. APR 28

    CYFIRMA Research: Philippines Evolving Cyber Threat Landscape 2025-2026

    Stay ahead with CYFIRMA’s Philippines Evolving Cyber Threat Landscape 2025–2026 Report. The Philippines is facing a sharp escalation in AI-driven and automated cyber threats. Q3 2025 recorded over 52 million exposed credentials, while ransomware operations increasingly targeted operational systems across healthcare, BFSI, and critical infrastructure. Identity compromise, vendor access abuse, and supply-chain pathways are now primary intrusion vectors. Geopolitical tensions are further amplifying state-linked APT activity focused on persistence and pre-positioning inside sensitive networks. As digital adoption accelerates, Zero Trust, identity threat detection, and unified threat visibility are becoming essential to safeguarding national resilience and public trust. Link to the Research Report: https://www.cyfirma.com/research/philippines-evolving-cyber-threat-landscape-2025-2026/ #CyberSecurity #ThreatIntel #Philippines #Ransomware #APT #ZeroTrust   #DigitalRisk #CYFIRMA #ETLM #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    3 min
See All (308)

About

Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.

Information

  • Creator
    CYFIRMA
  • Years Active
    2023 - 2026
  • Episodes
    308
  • Rating
    Clean
  • Copyright
    © 2026 CYFIRMA Research
  • Show Website
    CYFIRMA Research