Cyfirma

13/04/2026

At , we don’t believe in waiting for attacks to happen. We believe in stopping them before they even begin.

Today marks a bold step forward as we deepen our commitment to the ANZ region, bringing the full force of our AI-powered DeCYFIR platform and its 9-pillar intelligence architecture to organizations that refuse to operate in the dark. Because here’s the reality: The most dangerous threats are no longer inside your perimeter. They are forming outside, across the open web, the dark web, and complex third-party ecosystems, long before a single alert is triggered.

𝐀𝐧𝐝 𝐫𝐞𝐚𝐜𝐭𝐢𝐧𝐠 𝐢𝐬 𝐧𝐨 𝐥𝐨𝐧𝐠𝐞𝐫 𝐞𝐧𝐨𝐮𝐠𝐡.

With , we are giving organizations the power to see what others can’t. To anticipate what others miss. And to act before damage is done.

This moment is also defined by leadership.

We are proud to welcome Rajeev Mathur as VP of Sales for ANZ, a leader who understands not just the market, but the urgency of the mission. His experience, combined with our strong regional team, will accelerate our vision of building a truly intelligence-led cyber ecosystem across ANZ.

𝐑𝐞𝐚𝐝 𝐭𝐡𝐞 𝐅𝐔𝐋𝐋 𝐀𝐧𝐧𝐨𝐮𝐧𝐜𝐞𝐦𝐞𝐧𝐭 𝐇𝐞𝐫𝐞

👉 https://www.cyfirma.com/news/cyfirma-deepens-anz-commitment-with-decyfirs-9-pillar-intelligence-architecture-and-new-regional-leadership-appointment/

13/04/2026

🛡️ 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗜𝗻 𝗙𝗼𝗰𝘂𝘀 🛡️

CYFIRMA Research and Advisory Team has found BASANAI Ransomware while monitoring various underground forums as part of our Threat Discovery Process.

Type: Ransomware
Target Technologies: Windows Systems, Network Shares, Mapped Drives, Enterprise File Storage Systems, Backup Repositories, Remote Access Services (RDP)

𝑩𝑨𝑺𝑨𝑵𝑨𝑰 𝑹𝒂𝒏𝒔𝒐𝒎𝒘𝒂𝒓𝒆
BASANAI ransomware has been identified as a MedusaLocker-family file-encrypting malware variant that prevents access to victim data by encrypting files and appending a distinct extension associated with the BASANAI strain. Upon ex*****on, the malware systematically encrypts files across the infected system and drops a ransom note, typically named “README.txt”, informing victims of the compromise. Analysis indicates that the ransomware leverages strong cryptographic algorithms (commonly AES combined with RSA, consistent with MedusaLocker variants) to ensure that files cannot be decrypted without attacker-controlled keys. The operators claim that not only local files but also network shares and potentially backups may be impacted, increasing operational disruption. In addition to encryption, the threat actors assert that sensitive data may have been exfiltrated, introducing a double extortion element where victims face both data loss and potential public exposure. Victims are instructed to contact the attackers via the provided communication channels to negotiate payment, typically in cryptocurrency. At present, no confirmed public decryption tool is available for this variant, and recovery without attacker cooperation remains unlikely.

Read Here: https://www.cyfirma.com/news/weekly-intelligence-report-10-april-2026/

Ransomware In Focus CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various...

13/04/2026

🛡️ 𝐀𝐜𝐭𝐢𝐯𝐞 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐨𝐟 𝐭𝐡𝐞 𝐖𝐞𝐞𝐤 🛡️

This week, the “𝑹𝒐𝒅𝒆𝒙𝑹𝑴𝑴” malware is in focus.

Type: Backdoor| Objectives: Persistence | Target Technology: Windows OS | Target Geography: Global

Overview of Operation RodexRMM Malware
The analysed sample, identified as RodexRMM, demonstrates a structured and stealth- oriented set of behaviours indicative of a controlled malicious operation. Its activity suggests a clear intention to establish persistence within the infected environment while operating in a manner that closely mimics legitimate system processes. By utilizing standard system paths and interacting with core components, the malware attempts to remain inconspicuous and avoid raising immediate suspicion. Additionally, it gathers key system information, likely to assess the environment and prepare for subsequent actions.

Furthermore, RodexRMM exhibits multiple defense evasion characteristics, including the use of obfuscation and strategic interaction with system configurations and registry settings. These actions may contribute to weakening security visibility or bypassing detection mechanisms. The observed behaviour also indicates an awareness of analysis environments, suggesting that the malware may actively attempt to evade sandboxing or monitoring tools, thereby prolonging its presence on the compromised system.

The communication patterns associated with RodexRMM reveal outbound connections to external services, potentially to obtain system-related information such as public IP data. This, combined with its capability to execute processes and manage system activities, suggests the presence of a command-and-control mechanism. Overall, the malware reflects a level of sophistication consistent with threats designed for persistence, reconnaissance, and remote control, posing a notable risk in both targeted and opportunistic attack scenarios.

Read Here: https://www.cyfirma.com/news/weekly-intelligence-report-10-april-2026/

Ransomware In Focus CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various...

13/04/2026

𝐓𝐡𝐫𝐞𝐚𝐭 𝐀𝐜𝐭𝐨𝐫 𝐢𝐧 𝐅𝐨𝐜𝐮𝐬 - 𝐂𝐡𝐢𝐧𝐞𝐬𝐞 𝐓𝐡𝐫𝐞𝐚𝐭 𝐀𝐜𝐭𝐨𝐫 𝐒𝐢𝐥𝐯𝐞𝐫 𝐅𝐨𝐱 𝐄𝐱𝐩𝐚𝐧𝐝𝐢𝐧𝐠 𝐟𝐨𝐨𝐭𝐩𝐫𝐢𝐧𝐭𝐬 𝐢𝐧 𝐀𝐏𝐀𝐂

About the Threat Actor
Silver Fox aka Void Arachne – suspected Chinese threat actor, is assessed to have been active since at least 2019–2020, demonstrating continuous evolution in its tooling and targeting capabilities while maintaining an aggressive posture toward organizations. The group has expanded its operational footprint and digital presence across multiple countries in the APAC region.

Read Here: https://www.cyfirma.com/news/weekly-intelligence-report-10-april-2026/

Ransomware In Focus CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various...

08/04/2026

🔮 CYFIRMA 𝗖𝗿𝘆𝘀𝘁𝗮𝗹 𝗕𝗮𝗹𝗹 𝗦𝗲𝗿𝗶𝗲𝘀: 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗧𝗶𝗺𝗶𝗻𝗴 𝗧𝗿𝘂𝗺𝗽𝘀 𝗦𝗼𝗽𝗵𝗶𝘀𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻🔮

In this installment, discover why Predictive Threat Intelligence lets you predict timing and stop threats before sophistication even matters.

𝗞𝗲𝘆 𝗜𝗻𝘀𝗶𝗴𝗵𝘁𝘀:

• Only 3-5% of breaches involve vulnerability exploitation - yet 23-33% start with exploited vulnerabilities.

• 30% of vulnerabilities are exploited within 24 hours of disclosure.

• Edge device exploitation? Up from 3-22%, with median remediation lagging at 30+ days.

𝗣𝗮𝗴𝗲 𝟮: 𝗣𝗿𝗶𝗼𝗿𝗶𝘁𝗶𝘇𝗶𝗻𝗴 𝗦𝗽𝗲𝗲𝗱 & 𝗢𝗽𝗽𝗼𝗿𝘁𝘂𝗻𝗶𝘀𝗺

Attackers move fast to seize opportunities - your intelligence must move faster. Automation and AI will supercharge speed in 2026 and beyond. Focus on high-risk assets, accelerate remediation, and outpace the code.

𝗧𝗵𝗲 𝗡𝘂𝗺𝗯𝗲𝗿𝘀 𝗗𝗼𝗻’𝘁 𝗟𝗶𝗲:

• 40-55% of breaches will begin with known vulnerabilities.

• High-value CVEs: 10 days from disclosure to mass exploitation.

• “Zero-day quality” attacks? Increasingly unnecessary.

Attackers exploit weaknesses before you react. Stay ahead with Predictive External Threat Landscape Management.

Watch this space for the next Crystal Ball installment - unraveling the catalysts shaping tomorrow’s threats.

Read here 👉 https://www.cyfirma.com/research/crystal-ball-series-11/

07/04/2026

🚀 𝐂𝐘𝐅𝐈𝐑𝐌𝐀 𝐒𝐭𝐫𝐞𝐧𝐠𝐭𝐡𝐞𝐧𝐬 𝐈𝐧𝐝𝐢𝐚 𝐏𝐫𝐞𝐬𝐞𝐧𝐜𝐞: 𝐖𝐞𝐥𝐜𝐨𝐦𝐞𝐬 𝐑𝐞𝐣𝐞𝐞𝐯 𝐌𝐚𝐭𝐡𝐮𝐫 𝐚𝐬 𝐕𝐏 𝐒𝐚𝐥𝐞𝐬 & 𝐁𝐮𝐬𝐢𝐧𝐞𝐬𝐬 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭

We are pleased to announce the appointment of Rajeev Mathur as Vice President of Sales & Business Development, further reinforcing CYFIRMA’s strategic investment and leadership expansion in India. This move underlines our long‑term commitment to scaling our business and strengthening our footprint across Indian enterprises and government organizations.

Rajeev brings over three decades of experience in cybersecurity and enterprise technology, with a strong track record of building and leading high‑growth sales and business‑development teams. He has successfully expanded market presence and partner ecosystems across India and the broader APAC region, driving adoption of advanced cybersecurity solutions among large enterprises, system integrators, MSSPs, and consulting firms. His leadership in aligning cybersecurity offerings with business‑risk priorities makes him a key driver of CYFIRMA’s preemptive cyber strategy in India.

This move positions us to accelerate business growth across India by delivering preemptive cybersecurity solutions that identify and mitigate risks before they materialize - empowering enterprises with actionable intelligence for resilience and competitive advantage.

Read the full announcement here ➡️https://www.cyfirma.com/news/cyfirma-strengthens-commitment-to-india-with-strategic-investment-and-leadership-expansion/

Ready to preempt threats and grow boldly? Let’s connect - DM us to explore partnership opportunities!

07/04/2026

The Forrester External Threat Intelligence Service Providers Landscape, Q1 2026 report is out, and CYFIRMA is among the global providers acknowledged!

But here's why this should matter to you as a defender: Most security teams are still fighting yesterday's threats. Alerts pile up. Context is missing. The attacker is already three steps ahead. Forrester's framework for external threat intelligence centres on exactly the capabilities that close this gap, predicting attacker intent, contextualising risk to the business, and enabling intelligence-led decisions rather than reactive ones.

That's the problem CYFIRMA's pre-emptive defense platform was built to solve. Being recognised in this Forrester report isn't the destination, it's validation that the approach is right. And the mission continues: help organisations see threats the way attackers see them, before they strike.

🔗 Read the full announcement here:

Singapore – 2026 – CYFIRMA, a global leader in preemptive external threat landscape management, today announced its inclusion in Forrester’s...

26/03/2026

🔒 𝐃𝐞𝐂𝐘𝐅𝐈𝐑 𝟐𝟎𝟐𝟓: 𝟏.𝟖𝐌+ 𝐀𝐭𝐭𝐚𝐜𝐤 𝐒𝐮𝐫𝐟𝐚𝐜𝐞𝐬 𝐌𝐚𝐧𝐚𝐠𝐞𝐝!

In 2025, DeCYFIR managed 1.8M+ attack surfaces, providing proven preemptive cybersecurity and advanced predictive threat intelligence. This empowered organizations to anticipate vulnerabilities and prevent attacks before exploitation.

𝑪𝒀𝑭𝑰𝑹𝑴𝑨 𝒔𝒄𝒂𝒍𝒆𝒔 𝒅𝒆𝒇𝒆𝒏𝒔𝒆 𝒂𝒄𝒓𝒐𝒔𝒔 𝒗𝒂𝒔𝒕 𝒔𝒖𝒓𝒇𝒂𝒄𝒆𝒔 -𝒑𝒓𝒐𝒂𝒄𝒕𝒊𝒗𝒆 𝒄𝒐𝒗𝒆𝒓𝒂𝒈𝒆, 𝒛𝒆𝒓𝒐 𝒃𝒍𝒊𝒏𝒅 𝒔𝒑𝒐𝒕𝒔.

Master your attack surface: https://www.cyfirma.com/contact-us/

26/03/2026

𝗪𝗲’𝗿𝗲 𝗵𝗼𝗻𝗼𝗿𝗲𝗱 𝘁𝗼 𝘀𝗵𝗮𝗿𝗲 𝘁𝗵𝗮𝘁 𝗖𝗬𝗙𝗜𝗥𝗠𝗔 𝗵𝗮𝘀 𝗯𝗲𝗲𝗻 𝗿𝗲𝗰𝗼𝗴𝗻𝗶𝘇𝗲𝗱 𝗮𝘀 𝗮 𝗟𝗲𝗮𝗱𝗲𝗿 𝗮𝗻𝗱 𝗙𝗮𝘀𝘁 𝗠𝗼𝘃𝗲𝗿 𝗶𝗻 𝘁𝗵𝗲 𝗹𝗮𝘁𝗲𝘀𝘁 𝗚𝗶𝗴𝗮𝗢𝗺 𝗥𝗮𝗱𝗮𝗿 𝗳𝗼𝗿 𝗔𝘁𝘁𝗮𝗰𝗸 𝗦𝘂𝗿𝗳𝗮𝗰𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 (𝗔𝗦𝗠).

This recognition is deeply meaningful to us, not just as a milestone, but as validation of the mission we’ve been committed to from day one: enabling organizations to move beyond reactive security toward preemptive, intelligence-led defense.

At CYFIRMA, we believe cybersecurity should not start at the point of attack. By combining external attack surface visibility with deep threat intelligence, we empower organizations to anticipate threats, understand adversary intent, and take action before risks materialize.

It’s encouraging to see this approach recognized, especially the importance of understanding context around a risk or threat, not just what is vulnerable, to drive more decisive and proactive security outcomes.

We’re incredibly grateful to our customers and partners for their continued trust, and to our team for their relentless focus on innovation and ex*****on. This achievement belongs to all of you.

While we’re proud of how far we’ve come, we know this is just one step in a much larger journey. The threat landscape continues to evolve, and so will we.

If you’re interested in learning how hashtag and hashtag can help you adopt a more preemptive approach to cybersecurity, we’d love to connect.

https://www.cyfirma.com/news/cyfirma-recognized-as-a-leader-and-fast-mover-in-gigaom-radar-for-attack-surface-management/

Singapore — March 24, 2026 — CYFIRMA, a global leader in preemptive external threat landscape management, today announced that it...

19/03/2026

🌐 𝗗𝗲𝗖𝗬𝗙𝗜𝗥 𝟮𝟬𝟮𝟱 𝗥𝗲𝗰𝗮𝗽: 𝗣𝗿𝗲𝗲𝗺𝗽𝘁𝗶𝘃𝗲 𝗣𝗼𝘄𝗲𝗿 𝗶𝗻 𝗔𝗰𝘁𝗶𝗼𝗻

𝟖𝟐𝐊+ 𝐭𝐡𝐢𝐫𝐝 𝐩𝐚𝐫𝐭𝐢𝐞𝐬 𝐦𝐚𝐧𝐚𝐠𝐞𝐝 𝐚𝐧𝐝 𝐩𝐫𝐨𝐭𝐞𝐜𝐭𝐞𝐝 - that’s ’s 2025 reality! Our advanced predictive threat intelligence delivers preemptive cybersecurity, letting organizations spot and stop attacks via supply chains before they breach.

Join the shift with CYFIRMA: Turn vulnerabilities into victories.

𝗘𝘅𝗽𝗹𝗼𝗿𝗲 𝗗𝗲𝗖𝗬𝗙𝗜𝗥 𝗻𝗼𝘄: https://www.cyfirma.com/start-now/

17/03/2026

🚀 𝗗𝗲𝗖𝗬𝗙𝗜𝗥 𝟮𝟬𝟮𝟱 𝗜𝗺𝗽𝗮𝗰𝘁 𝗥𝗲𝗰𝗮𝗽: 𝗟𝗲𝗮𝗱𝗶𝗻𝗴 𝘁𝗵𝗲 𝗦𝗵𝗶𝗳𝘁 𝘁𝗼 𝗣𝗿𝗲𝗲𝗺𝗽𝘁𝗶𝘃𝗲 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆

In 2025, DeCYFIR managed and protected 82K+ third parties, delivering proven preemptive cybersecurity and advanced predictive threat intelligence. We enabled organizations to anticipate supply chain risks and prevent attacks before impact.

CYFIRMA extends proactive defense across your entire ecosystem—safeguarding partners, vendors, and beyond.

𝑺𝒕𝒓𝒆𝒏𝒈𝒕𝒉𝒆𝒏 𝒚𝒐𝒖𝒓 𝒕𝒉𝒊𝒓𝒅-𝒑𝒂𝒓𝒕𝒚 𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚.

𝑻𝑨𝑳𝑲 𝑻𝑶 𝑼𝑺! ➡️ https://www.cyfirma.com/start-now/