Cyble

Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified an active SEO poisoning campaign exploiting abandoned cloud DNS zone delegations to serve Thai-language gambling content under the domain authority of reputed enterprise organizations. The campaign has compromised 163 organizations across 30+ countries, spanning federal government agencies, national healthcare systems, fin…

The FIFA World Cup 2026 kicks off on June 11, and the world's biggest sporting event is drawing more than just fans — it is already attracting a wave of cybercriminals targeting ticket buyers, job seekers, streaming viewers, and corporate brands alike. The FBI has issued a formal Public Service Announcement warning that threat actors are creating fraudulent versions of FIFA-affiliated websites to…

When a senior executive at a Dubai-based energy conglomerate receives a WhatsApp message that appears to come directly from their CEO — complete with the right profile photo, a familiar tone, and an urgent wire transfer request. This type of CEO fraud, CEO impersonation scam, or executive impersonation attack is becoming one of the most effective forms of financial cybercrime targeting Gulf organ…

For most of the digital era, fraud had friction. It required effort, time, and enough technical inconsistency that security systems — or even a careful human — could spot the seams. That assumption no longer holds. Brand impersonation has evolved into a scalable, automated industry powered by generative AI. What used to be isolated phishing attempts has become a distributed ecosystem of cloned id…

Executive Summary Cyble Research and Intelligence Labs (CRIL) has identified a novel Android banking trojan, dubbed OverlayPhantom, actively distributed in the wild via malicious URLs. The malware employs a two-stage infection chain, using a dropper application that impersonates trusted platforms, including the official Austrian government identity application, ID Austria, and the widely used con…

Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified an active FreePBX exploitation campaign, with high confidence tied to INJ3CTOR3, an actor with a documented history of targeting VoIP infrastructure for financial gain since 2019. The campaign deploys a multi-stage Bash dropper that introduces JOMANGY, a PHP webshell family with no prior public documentation, alongside Zen…

In a digital landscape that moves at the speed of AI, we feel recognition is more than just a market positioning—it is a validation of vision. We are proud to announce that Cyble has been named a Challenger in the first-ever Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies . For us, being positioned in the Challengers Quadrant in this inaugural report is a testament to our rapid…

The Gulf Cooperation Council (GCC) region has spent the last several years building one of the world’s most ambitious digital economies. Across Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the UAE, governments and enterprises have accelerated investments in cloud infrastructure, AI-driven services, smart cities, and digital banking technology at a pace rarely seen elsewhere. Banks are rolling …

In 2026, opportunistic assaults and isolated breaches will no longer characterize Australia's cyber risk environment. Industrialized data theft, in which stolen data is packaged, repackaged, and marketed on underground marketplaces, is influencing it. Threat actors are already combining Australian data into composite "breach packages," increasing both its commercial worth and its downstream dange…

This morning, Cyble was recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies as a Challenger . I want to use this post for two things. First, to thank the people who got us here. Second, to share what we believe this recognition actually signals — because the more interesting story isn’t about Cyble at all. It’s about where this category is going. A milestone …

This morning, Cyble was recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies as a Challenger . I want to use this post for two things. First, to thank the people who got us here. Second, to share what we believe this recognition actually signals — because the more interesting story isn’t about Cyble at all. It’s about where this category is going. A milestone …

Executive Summary Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign leveraging social engineering and trusted infrastructure to establish persistent, covert access to victim systems. The attack is delivered via phishing emails containing a malicious LNK file disguised within a RAR archive, using a Russian humanitarian aid request form to exploit contextu…

The modern enterprise is no longer breached in the traditional sense. Firewalls remain intact; endpoints appear compliant, and credentials are often never “stolen” in the usual way. Yet attackers still get in—and stay in. The difference lies in how trust is being weaponized. Threat actors are executing what looks like a supply chain attack without ever touching the actual supply chain infrastruct…

Recognized for Completeness of Vision and Ability to Execute We are excited to share that Cyble has been recognized as a Challenger in the 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence. Check back for a complimentary copy of the full report soon! In our view, this recognition reflects what we hear from the security […] The post Cyble Named a Challenger in the 2026 Gartner® Magic Qua…

The latest weekly vulnerability Insights report to clients by Cyble provides a detailed view of vulnerabilities tracked between April 15, 2026, and April 21, 2026. The findings highlight a slight dip in overall disclosures compared to the previous week, but the persistence of active exploitation and evidence of real-world attacks continues to target enterprise, cloud, and open-source ecosystems. …

Modern cyberattacks no longer follow predictable patterns or slow timelines. They unfold at machine speed, often moving from initial access to data exfiltration in minutes. In this environment, security teams face a paradox: they are surrounded by vast amounts of data yet struggle to extract clarity from it quickly enough to prevent damage. This is where Cyble Blaze AI introduces a different oper…

The conversation around ANZ ransomware threats has shifted noticeably over the past year. What once looked like sporadic, high-profile incidents has evolved into a sustained and structured campaign against organizations across Australia and New Zealand. Signals emerging from underground forums and marketplaces reveal a sobering reality: ransomware is no longer just a technical problem; it is an e…

The idea that cyber conflict operates quietly in the background no longer holds. What used to be a shadow contest of espionage and occasional disruption has evolved into something far more direct and consequential. Today, the cyber war on US infrastructure is not a supporting element of geopolitical tension—it is one of its primary arenas. Recent global conflicts have shown that digital operation…

Executive Summary Cyble Research and Intelligence Labs (CRIL) identified a campaign of over 16,800 malicious domains active since early 2026. It uses a potent technique — embedding government labels as subdomains to fake trust without DNS authority. We have dubbed this 'Operation TrustTrap'. Spoofed portals resolve to infrastructure concentrated across Tencent Cloud and Alibaba Cloud APAC nodes ,…

Cyble Research & Intelligence Labs (CRIL) weekly vulnerability report tracked 1,675 vulnerabilities, last week, reflecting continued high disclosure volume across enterprise software, cloud services, and emerging AI ecosystems. Of these, more than 205 vulnerabilities have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of exploitation and shortening att…