CYFIRMA Research

CYFIRMA
  • 0.0 (0)
  • Tech News
  • Updated Weekly

Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.

  1. 4h ago

    CYFIRMA Research: Tracking Ransomware- May 2026

    CYFIRMA Healthcare Industry Report | Q2 2026 | Overall industry risk: 6.9 / 10 - ELEVATED 90 days of telemetry. 5 threat categories. Here is what the numbers say about the healthcare sector this quarter. Ransomware across the period: 216 victims across 42 countries, up 8.5% from 199 last quarter, with 50 of 81 active gangs recording healthcare targets (62% participation, the highest rate observed across all sectors this period). Hospitals, pharmaceuticals, and specialized medicine were the most targeted sub-sectors. Activity oscillated within a stable band from September through February before March broke the pattern and April spiked to 90 victims. The June figure reflects a partial window and should not be interpreted as a genuine decline. A baseline of 220 to 260 victims over the next 90 days is plausible if the elevated tempo established in March and April persists. Elsewhere in the data: 10 APT campaigns touched healthcare organisations across 34 countries, featuring the most diverse nation-state actor mix across all sectors this period, spanning North Korean, Russian, Chinese, and Iranian groups, with web portals and access management software targeted pointing to credential theft and patient data collection as primary objectives. 207 CVEs were identified over the period, with RCE vulnerabilities stabilizing above initial levels after a mid-period spike and injection attacks tripling mid-period, categories carrying outsized risk in environments where system disruption directly impacts patient care. Dark web chatter collapsed in the final period across breach and leak categories, assessed as reflecting forum disruptions and fragmentation rather than reduced threat activity, with ransomware remaining the most consistent and sustained signal across all three periods. Link to the Research Report: https://www.cyfirma.com/research/tracking-ransomware-may-2026/ https://www.cyfirma.com/

    7 min

  2. Jun 8

    CYFIRMA Research: Operation TaxShadow- Multi-Region Tax Phishing & In-Memory Malware Campaign

    Threat Research: Operation Tax Shadow Explore CYFIRMA's latest report regarding a tax-themed phishing campaign impersonating government tax authorities across multiple countries. • Multi-stage malware delivery via ZIP archive  • DLL Search Order Hijacking for stealthy execution  • API Hooking and Access Token Manipulation  • COM Callback-based code execution to evade monitoring  • Modified RC4 encryption protecting payloads  • Reflective PE Loading enabling memory-resident execution  • LLVM-based Control Flow Flattening (CFF) for anti-analysis  • WebSocket-based Command-and-Control communication  • Infrastructure reuse observed across Indian and Japanese tax-themed phishing portals  • Chinese-language artifacts identified during analysis • C2 Communication observed with 43[.]128[.]54[.]184:1234 •Self-protection mechanisms make the malware difficult to terminate during execution Impact: Full remote access, in-memory execution, and advanced defense evasion capabilities. Link to the Research Report: https://www.cyfirma.com/research/operation-taxshadow-multi-region-tax-phishing-in-memory-malware-campaign/ #CYFIRMAresearch #ThreatIntelligence #MalwareAnalysis #CyberSecurity #ThreatResearch #Phishing #SOC #ThreatHunting #CYFIRMA #ExternalThreatLandscapeManagement #ETLM https://www.cyfirma.com/

    7 min

  3. Jun 5

    CYFIRMA Research: Kenya Cyber Threat Landscape

    Kenya’s cyber threat landscape is intensifying. The latest CYFIRMA report reveals a surge in ransomware activity, credential leaks, dark web data trading, website defacements, and attacks targeting government, finance, telecom, and critical infrastructure sectors throughout 2025–2026. From ransomware groups like Qilin and RansomHub to large-scale underground credential sales and AI-driven phishing campaigns, threat actors are increasingly focusing on Kenya’s rapidly expanding digital ecosystem. With 120+ website defacements and growing risks to citizen data and public services, strengthening cyber resilience and proactive threat intelligence has become more critical than ever. Link to the Research Report: https://www.cyfirma.com/research/kenya-cyber-threat-landscape-report-2025-2026/ #CyberSecurity #ThreatIntelligence #Kenya #Ransomware #DarkWeb #ThreatLandscape #Hacktivism #CyberThreats #CYFIRMA #ETLM #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    8 min

  4. Jun 3

    CYFIRMA Research: CVE-2026-34197- Jolokia Exposure Enables RCE in Apache ActiveMQ

    The CYFIRMA Research team has identified key security insights related to CVE-2026-34197, a high-severity remote code execution vulnerability affecting Apache ActiveMQ Classic deployments. The vulnerability arises from exposure of the Jolokia JMX-HTTP bridge, which allows authenticated attackers to invoke privileged broker management operations and abuse the addNetworkConnector() functionality to load attacker-controlled remote Spring XML configurations. Our research highlights the exploitation methodology, exposure landscape, affected versions, and mitigation strategies to help organizations reduce the risk associated with exposed Apache ActiveMQ management interfaces. Link to the Research Report: https://www.cyfirma.com/research/cve-2026-34197-jolokia-exposure-enables-rce-in-apache-activemq/ #CYFIRMAResearch #CyberSecurity #ThreatIntelligence #VulnerabilityResearch #ETLM #CVE202634197 #CYFIRMA #ETLM #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    6 min

  5. Jun 2

    CYFIRMA Research: China Threat Landscape

    China’s cyber threat landscape is evolving faster than ever — and the implications go far beyond its borders. Our latest threat intelligence report 2025 – 2026 highlights a convergence of ransomware, state-sponsored espionage, and systemic infrastructure risk that organizations cannot afford to ignore. From hyper-targeted phishing to faster vulnerability exploitation, AI is increasing both the speed and precision of cyberattacks.  Link to the Research Report: https://www.cyfirma.com/research/china-cybersecurity-threat-intelligence-report/ #CyberSecurity #ThreatIntelligence #Ransomware #APT #CyberRisk #ZeroTrus #CyberResilience #Geopolitics https://www.cyfirma.com/

    9 min

  6. May 22

    CYFIRMA Research: Weaponization of Indian Student Data- An Ecosystem for Phishing, Social Engineering, and Financial Fraud

    The increasing digitalization of India’s education sector has created a growing attack surface for cybercriminals targeting student-related data. Our latest threat intelligence assessment explores how exposed or misused student information is being leveraged for phishing, social engineering, impersonation, credential theft, and financial fraud.  The report highlights multiple observed cases involving fake university portals, insider misuse of student records, fraudulent fee collection schemes, data exposure incidents, and student-linked mule account activity. It also examines how threat actors exploit trusted academic themes such as admissions, scholarships, internships, and fee payments to make scams appear legitimate and improve targeting accuracy. In addition to analysing the attack chain and operational methods used by threat actors, the report assesses the potential risks to students, educational institutions, and the broader financial ecosystem, along with key recommendations aimed at reducing exposure to these evolving threats. Link to the Research Report: https://www.cyfirma.com/research/weaponization-of-indian-student-data-an-ecosystem-for-phishing-social-engineering-and-financial-fraud/ #CYFIRMA #CYFIRMAresearch #ETLM #ExternalThreatLandscapeManagement #StudentData #Phishing https://www.cyfirma.com/

    4 min

  7. May 20

    CYFIRMA Research: South Korea Threat Landscape Report

    South Korea isn't just facing high-frequency cyberattacks, it’s navigating a highly professionalized exploitation pipeline. Regional APTs, RaaS affiliates, and initial access brokers aren't operating in silos; they are stakeholders in a maturing digital shadow economy. South Korea’s hyper-connected infrastructure and high-value industrial sectors aren't just targets-they are high-yield assets in a global trade of stolen data. In a landscape where infrastructure is world-class but the data is the primary currency, sophistication is secondary to speed. South Korea isn't just being probed. It is being systematically indexed for profit. Link to the Research Report: https://www.cyfirma.com/research/south-korea-threat-landscape-report/ #CyberSecurity #ThreatIntelligence #NorthKorea #Ransomware #APT  #CriticalInfrastructure #CYFIRMA #CYFIRMAresearch #ETLM  #ExternalThreatLandscapeManagement https://www.cyfirma.com/

    9 min

  8. May 19

    CYFIRMA Research: Tracking Ransomware- April 2026

    CYFIRMA – April 2026 Ransomware Threat Intelligence Briefing Ransomware activity reached 801 global incidents in April 2026, marking the highest April total in recent years and reinforcing the continued expansion of ransomware-as-a-service operations. In this episode, the CYFIRMA Research Team breaks down: • The most active ransomware groups driving April activity • Key sectors and countries under the highest threat • Emerging exploit-driven and stealth-focused attack trends • The evolution toward data-centric multi-extortion models • Why ransomware is becoming a scalable cybercrime ecosystem Link to the Research Report: https://www.cyfirma.com/research/tracking-ransomware-apr-2026/ #Ransomware #CyberSecurity #ThreatIntelligence #CYFIRMA #CyberThreats #RaaS #ThreatLandscape #CyberDefense #InfoSec #DigitalRisk #ExternalThreatLandscapeManagement #ETLM Tracking Ransomware- April https://www.cyfirma.com/

    6 min
See All (314)

About

Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.

Information

  • Creator
    CYFIRMA
  • Years Active
    2023 - 2026
  • Episodes
    314
  • Rating
    Clean
  • Copyright
    © 2026 CYFIRMA Research
  • Show Website
    CYFIRMA Research