Insights from recent episode analysis
Audience Interest
Podcast Focus
Publishing Consistency
Platform Reach
Insights are generated by CastFox AI using publicly available data, episode content, and proprietary models.
Total monthly reach
Estimated from 3 chart positions in 3 markets.
By chart position
- 🇦🇺AU · Tech News#35100K to 300K
- 🇵🇭PH · Tech News#2310K to 30K
- 🇲🇾MY · Tech News#107500 to 3K
- Per-Episode Audience
Est. listeners per new episode within ~30 days
33K to 100K🎙 Daily cadence·297 episodes·Last published 4d ago - Monthly Reach
Unique listeners across all episodes (30 days)
111K to 333K🇦🇺90%🇵🇭9%🇲🇾1% - Active Followers
Loyal subscribers who consistently listen
44K to 133K
Market Insights
Platform Distribution
Reach across major podcast platforms, updated hourly
Total Followers
—
Total Plays
—
Total Reviews
—
* Data sourced directly from platform APIs and aggregated hourly across all major podcast directories.
On the show
Recent episodes
CYFIRMA Research: Operation TaxShadow- Multi-Region Tax Phishing & In-Memory Malware Campaign
Jun 8, 2026
7m 03s
CYFIRMA Research: Kenya Cyber Threat Landscape
Jun 5, 2026
7m 52s
CYFIRMA Research: CVE-2026-34197- Jolokia Exposure Enables RCE in Apache ActiveMQ
Jun 3, 2026
6m 09s
CYFIRMA Research: China Threat Landscape
Jun 2, 2026
9m 19s
CYFIRMA Research: Weaponization of Indian Student Data- An Ecosystem for Phishing, Social Engineering, and Financial Fraud
May 22, 2026
3m 38s
Social Links & Contact
Official channels & resources
Official Website
Login
RSS Feed
Login
| Date | Episode | Description | Length | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 6/8/26 | CYFIRMA Research: Operation TaxShadow- Multi-Region Tax Phishing & In-Memory Malware Campaign | Threat Research: Operation Tax Shadow Explore CYFIRMA's latest report regarding a tax-themed phishing campaign impersonating government tax authorities across multiple countries. • Multi-stage malware delivery via ZIP archive • DLL Search Order Hijacking for stealthy execution • API Hooking and Access Token Manipulation • COM Callback-based code execution to evade monitoring • Modified RC4 encryption protecting payloads • Reflective PE Loading enabling memory-r... | 7m 03s | ||||||
| 6/5/26 | CYFIRMA Research: Kenya Cyber Threat Landscape | Kenya’s cyber threat landscape is intensifying. The latest CYFIRMA report reveals a surge in ransomware activity, credential leaks, dark web data trading, website defacements, and attacks targeting government, finance, telecom, and critical infrastructure sectors throughout 2025–2026. From ransomware groups like Qilin and RansomHub to large-scale underground credential sales and AI-driven phishing campaigns, threat actors are increasingly focusing on Kenya’s rapidly expanding digital ecosyst... | 7m 52s | ||||||
| 6/3/26 | CYFIRMA Research: CVE-2026-34197- Jolokia Exposure Enables RCE in Apache ActiveMQ | The CYFIRMA Research team has identified key security insights related to CVE-2026-34197, a high-severity remote code execution vulnerability affecting Apache ActiveMQ Classic deployments. The vulnerability arises from exposure of the Jolokia JMX-HTTP bridge, which allows authenticated attackers to invoke privileged broker management operations and abuse the addNetworkConnector() functionality to load attacker-controlled remote Spring XML configurations. Our research highlights the exploita... | 6m 09s | ||||||
| 6/2/26 | CYFIRMA Research: China Threat Landscape | China’s cyber threat landscape is evolving faster than ever — and the implications go far beyond its borders. Our latest threat intelligence report 2025 – 2026 highlights a convergence of ransomware, state-sponsored espionage, and systemic infrastructure risk that organizations cannot afford to ignore. From hyper-targeted phishing to faster vulnerability exploitation, AI is increasing both the speed and precision of cyberattacks. Link to the Research Report: https://www.cyfirma.com/res... | 9m 19s | ||||||
| 5/22/26 | CYFIRMA Research: Weaponization of Indian Student Data- An Ecosystem for Phishing, Social Engineering, and Financial Fraud | The increasing digitalization of India’s education sector has created a growing attack surface for cybercriminals targeting student-related data. Our latest threat intelligence assessment explores how exposed or misused student information is being leveraged for phishing, social engineering, impersonation, credential theft, and financial fraud. The report highlights multiple observed cases involving fake university portals, insider misuse of student records, fraudulent fee collection s... | 3m 38s | ||||||
| 5/20/26 | CYFIRMA Research: South Korea Threat Landscape Report | South Korea isn't just facing high-frequency cyberattacks, it’s navigating a highly professionalized exploitation pipeline. Regional APTs, RaaS affiliates, and initial access brokers aren't operating in silos; they are stakeholders in a maturing digital shadow economy. South Korea’s hyper-connected infrastructure and high-value industrial sectors aren't just targets-they are high-yield assets in a global trade of stolen data. In a landscape where infrastructure is world-class but the data is... | 9m 03s | ||||||
| 5/19/26 | CYFIRMA Research: Tracking Ransomware- April 2026 | CYFIRMA – April 2026 Ransomware Threat Intelligence Briefing Ransomware activity reached 801 global incidents in April 2026, marking the highest April total in recent years and reinforcing the continued expansion of ransomware-as-a-service operations. In this episode, the CYFIRMA Research Team breaks down: • The most active ransomware groups driving April activity • Key sectors and countries under the highest threat • Emerging exploit-driven and stealth-focused attack trends • The evolution... | 5m 35s | ||||||
| 5/15/26 | CYFIRMA Research: Operation SilentCanvas – JPEG-Based Multi-Stage PowerShell Intrusion | Operation SilentCanvas – JPEG-Based Multi-Stage PowerShell Intrusion CYFIRMA Research conducted an in-depth technical investigation into a sophisticated multi-stage intrusion campaign leveraging a weaponized PowerShell payload disguised as a legitimate “.jpeg” image file to deploy a trojanized ConnectWise ScreenConnect framework for covert persistent access. Key highlights from the research: • Weaponized JPEG-based PowerShell loader • AMSI bypass & multi-lay... | 8m 42s | ||||||
| 5/8/26 | CYFIRMA Research: Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns | New Research: Trusted Infrastructure Phishing — The Attack That Lives Inside Your Security Stack Most phishing starts outside your perimeter. This one starts inside it. Trusted Infrastructure Phishing (TIP) is a threat class in which every phase of the attack chain — delivery, hosting, execution, authentication, and persistence — operates through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. No spoofed domains. No malicious IPs. No suspicious cer... | 8m 29s | ||||||
| 5/5/26 | CYFIRMA Research: Malaysia Threat Landscape Report | Malaysia isn’t just seeing cyber threats - it’s seeing a structured cyber economy take shape. Ransomware groups, data brokers, and access sellers are all operating across the same ecosystem. Manufacturing, government, and service sectors aren’t just targets - they’re data-rich environments with real extortion value. It’s a connected threat landscape: Data breaches feeding underground markets. Ransomware groups exploiting access for quick monetization. Access brokers enabling repeat ... | 8m 07s | ||||||
Want analysis for the episodes below?Free for Pro Submit a request, we'll have your selected episodes analyzed within an hour. Free, at no cost to you, for Pro users. | |||||||||
| 5/4/26 | CYFIRMA Research: Taiwan Cyber Threat Landscape 2026 | Taiwan Cyber Threat Landscape 2026 Taiwan remains at the forefront of global cyber conflict—driven by its semiconductor dominance, strategic geopolitical position, and deep international partnerships. 🔹 Relentless Pressure: ~2.63M daily cyber intrusion attempts in 2025 (+100% since 2023) 🔹 Primary Threat Actors: PRC-linked APT groups conducting espionage, IP theft, and infrastructure pre-positioning 🔹 Rising Risks: Supply chain attacks, credential theft, ransomware, and disinform... | 8m 45s | ||||||
| 4/30/26 | CYFIRMA Research: Singapore Threat Landscape | Singapore’s position as a global financial, technological, and connectivity hub continues to attract sophisticated cyber threats from both state-sponsored actors and financially motivated cybercriminal groups. Key Threat Actors Identified: UNC3886, Mustang Panda, Volt Typhoon, APT41 – China-linked APT groups conducting long-term espionage targeting telecoms, government networks, and high-tech industries. Lazarus Group – North Korea–linked actor targeting fintech platforms, banks, and cryptoc... | 7m 42s | ||||||
| 4/28/26 | CYFIRMA Research: Philippines Evolving Cyber Threat Landscape 2025-2026 | Stay ahead with CYFIRMA’s Philippines Evolving Cyber Threat Landscape 2025–2026 Report. The Philippines is facing a sharp escalation in AI-driven and automated cyber threats. Q3 2025 recorded over 52 million exposed credentials, while ransomware operations increasingly targeted operational systems across healthcare, BFSI, and critical infrastructure. Identity compromise, vendor access abuse, and supply-chain pathways are now primary intrusion vectors. Geopolitical tensions are further ampli... | 2m 45s | ||||||
| 4/27/26 | CYFIRMA Research: KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft | KYCShadow: Mobile Threat Alert – Android Banking Malware Campaign CYFIRMA Research has identified a sophisticated Android malware campaign distributed via WhatsApp, impersonating Bank KYC and e-Challan services to compromise financial users at scale. The campaign demonstrates structured backend operations and infrastructure reuse (e.g., jsonapi[.]biz), indicating a coordinated and evolving fraud ecosystem. Notably, phishing interfaces reuse “eChallan” themes, reflecting cross-campaign adapta... | 4m 48s | ||||||
| 4/22/26 | CYFIRMA Research: Operation PhantomCLR- Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse | Operation PhantomCLR Our latest research uncovers a highly sophisticated post-exploitation framework that represents a significant shift in modern attacker tradecraft. The campaign leverages .NET AppDomainManager hijacking to abuse a legitimate, digitally signed Intel binary (IAStorHelp.exe), transforming it into a stealthy execution container without modifying the original file. This allows malicious code to execute within a trusted environment, effectively bypassing traditional EDR a... | 7m 34s | ||||||
| 4/21/26 | CYFIRMA Research: Silent Crypto Wallet Takeover- Unlimited USDT Approval Exploitation via Trust Wallet QR Code Phishing | CYFIRMA Research has identified an active crypto drainer campaign targeting Trust Wallet users through QR code phishing distributed via Telegram channels. The attack leverages deep link abuse and deceptive transaction flows to gain persistent access to victim funds. This campaign highlights a shift toward user-authorized exploitation, where no wallet vulnerability is required. By abusing standard Web3 workflows, attackers gain persistent and unrestricted access to victim wallets, enabling de... | 4m 57s | ||||||
| 4/13/26 | CYFIRMA Research: CVE-2026-1492 WordPress User Registration & Membership Authentication Bypass Flaw | The CYFIRMA Research team has identified critical security insights related to CVE-2026-1492, a high-severity authentication bypass and privilege escalation vulnerability affecting the WordPress User Registration & Membership plugin. The vulnerability allows unauthenticated attackers to gain administrative access by exploiting improper server-side validation and weak authorization controls within the registration and membership workflow. Our research highlights the exploitation mechanis... | 6m 18s | ||||||
| 4/11/26 | CYFIRMA Research: Tracking Ransomware- March 2026 | March reflected a further escalation in ransomware activity, with incident volumes rising and multiple threat actors expanding operations simultaneously. Qilin emerged as the most dominant group with a sharp increase in activity, while several others, including Akira, Incransom, Nightspire, Dragonforce, and LockBit5, showed significant growth, indicating a highly competitive and rapidly scaling ecosystem. At the same time, a few groups declined, reinforcing the fluid and continuously shifting... | 4m 10s | ||||||
| 4/10/26 | CYFIRMA Research: CrySome RAT | CrySome RAT – Advanced Threat Insight CrySome RAT is a sophisticated .NET-based remote access trojan engineered for long-term persistence and stealth on Windows systems. It extends beyond typical malware by maintaining execution even after system resets, leveraging recovery partition abuse and offline registry manipulation to ensure continued presence. Beyond persistence, it delivers a full post-exploitation toolkit. It supports remote command execution, file exfiltration, process manipulat... | 3m 59s | ||||||
| 4/9/26 | CYFIRMA Research: Invoice-Themed Phishing Campaign Targeting Financial Workflows Amid Fiscal Year-End Activity | New Threat Intelligence Report: Invoice-Themed Phishing Campaign A sophisticated phishing campaign is actively targeting finance and procurement teams using invoice, payment, and operational lures—timed strategically around financial year-end activities. With increased transaction volumes and audit processes, employees are more likely to engage with seemingly routine emails—making this campaign particularly effective. This campaign reflects a broader shift toward stealthy, user-driven phishi... | 3m 45s | ||||||
| 4/7/26 | CYFIRMA Research: Tracking Ransomware- February 2026 | Stay informed with CYFIRMA’s February 2026 Ransomware Threat Report. February continued to reflect a high-activity ransomware environment, with noticeable shifts in group dynamics and operational patterns. While Qilin sustained consistent activity levels, other actors showed mixed trends, with some groups scaling rapidly and others reducing operations, highlighting the constantly evolving nature of the ecosystem. The ransomware model continues to move toward access-led intrusions and extorti... | 4m 18s | ||||||
| 4/2/26 | CYFIRMA Research: CVE-2026-24423 – SmarterTools SmarterMail Remote Code Execution Vulnerability | The CYFIRMA Research team has identified critical security insights related to CVE-2026-24423, a high-severity unauthenticated remote code execution vulnerability impacting SmarterTools SmarterMail. The vulnerability allows attackers to execute arbitrary commands through the ConnectToHub API, potentially leading to full system compromise. Our research highlights the exploitation mechanism, threat landscape, affected versions, and mitigation strategies to help organizations defend against eme... | 7m 57s | ||||||
| 3/31/26 | CYFIRMA Research: Operation False Siren- A Trojanized Android Spyware Campaign | CYFIRMA Research uncovered a targeted Android spyware campaign, Operation False Siren, exploiting wartime urgency by weaponizing the trusted Israeli civil defense alert application. In this operation, threat actors distributed a trojanized version of the missile warning app via SMS phishing (smishing) campaigns, convincing victims to install what appeared to be a critical alert system update. Once installed, the application deployed a two-stage malware framework designed to silently establis... | 6m 05s | ||||||
| 3/30/26 | CYFIRMA Research- TaxiSpy RAT: Analysis of TaxiSpy RAT – Russian Banking-Focused Android Malware with Full Remote Control | New Report Released: Advanced Android Banking RAT Targeting Russian Financial Institutions CYFIRMA Research has uncovered a highly sophisticated Android Banking Trojan with integrated Remote Access Trojan (RAT) capabilities targeting Russian users and financial institutions, such as banking apps, cryptocurrency applications, government services apps, and marketplace platforms. What the report covers: • Native library–based obfuscation (sysruntime[.]so) • Custom rolling XOR encry... | 5m 23s | ||||||
| 3/26/26 | CYFIRMA Research- Dead Infrastructure Hijacking | New Research: Dead Infrastructure Hijacking — The Attack That Doesn't Need a Vulnerability Most breaches start with an exploit. This one starts with a domain registration. We've published a full threat intelligence report on Dead Infrastructure Hijacking (DIH) — a threat class that exploits residual trust relationships left behind when digital infrastructure is decommissioned, migrated, or abandoned. No intrusion. No CVE. No malware. The attacker simply owns an address that your systems ar... | 7m 44s | ||||||
Showing 25 of 313
Sponsor Intelligence
Sign in to see which brands sponsor this podcast, their ad offers, and promo codes.
Chart Positions
3 placements across 3 markets.
Chart Positions
3 placements across 3 markets.